diff options
129 files changed, 2137 insertions, 4399 deletions
diff --git a/conf/distro/mlinux.conf b/conf/distro/mlinux.conf index 3c4b348..8fef699 100644 --- a/conf/distro/mlinux.conf +++ b/conf/distro/mlinux.conf @@ -1,7 +1,7 @@ DISTRO = "mlinux" DISTRO_NAME = "mLinux" -DISTRO_BASE_VERSION = "5.3" -DISTRO_VERSION = "${DISTRO_BASE_VERSION}.1dev8" +DISTRO_BASE_VERSION = "6.0" +DISTRO_VERSION = "${DISTRO_BASE_VERSION}.0dev1" DISTRO_CODENAME = "" SDK_VENDOR = "-mlinux" SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}" @@ -19,7 +19,7 @@ LOCALCONF_VERSION = "1" LAYER_CONF_VERSION ?= "6" DISTRO_FEATURES_MLINUX = "argp largefile xattr \ - ipv6 ipsec ppp \ + ipv4 ipv6 ipsec ppp \ bluetooth irda usbgadget usbhost wifi \ cramfs ext2 smbfs nfs \ libc-crypt pam \ @@ -72,4 +72,4 @@ require java.inc PREFERRED_VERSION_nodejs ?= "10.%" PREFERRED_VERSION_nodejs-native ?= "10.%" -PREFERRED_VERSION_gpsd ?= "3.20" +PREFERRED_VERSION_gpsd = "3.20" diff --git a/recipes-connectivity/bluez/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/recipes-connectivity/bluez/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch deleted file mode 100644 index 2fde7bc..0000000 --- a/recipes-connectivity/bluez/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org> -Date: Sat, 12 Oct 2013 17:45:25 +0200 -Subject: [PATCH] Allow using obexd without systemd in the user session - -Not all sessions run systemd --user (actually, the majority -doesn't), so the dbus daemon must be able to spawn obexd -directly, and to do so it needs the full path of the daemon. - -Upstream-Status: Denied - -Not accepted by upstream maintainer for being a distro specific -configuration. See thread: - -http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843 - -Signed-off-by: Javier Viguera <javier.viguera@digi.com> ---- - Makefile.obexd | 4 ++-- - obexd/src/org.bluez.obex.service | 4 ---- - obexd/src/org.bluez.obex.service.in | 4 ++++ - 3 files changed, 6 insertions(+), 6 deletions(-) - delete mode 100644 obexd/src/org.bluez.obex.service - create mode 100644 obexd/src/org.bluez.obex.service.in - -diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc72f2b..d5d858c857b4 100644 ---- a/Makefile.obexd -+++ b/Makefile.obexd -@@ -2,12 +2,12 @@ - if SYSTEMD - systemduserunitdir = @SYSTEMD_USERUNITDIR@ - systemduserunit_DATA = obexd/src/obex.service -+endif - - dbussessionbusdir = @DBUS_SESSIONBUSDIR@ - dbussessionbus_DATA = obexd/src/org.bluez.obex.service --endif - --EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service -+EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service.in - - obex_plugindir = $(libdir)/obex/plugins - -diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service -deleted file mode 100644 -index a53808884554..000000000000 ---- a/obexd/src/org.bluez.obex.service -+++ /dev/null -@@ -1,4 +0,0 @@ --[D-BUS Service] --Name=org.bluez.obex --Exec=/bin/false --SystemdService=dbus-org.bluez.obex.service -diff --git a/obexd/src/org.bluez.obex.service.in b/obexd/src/org.bluez.obex.service.in -new file mode 100644 -index 000000000000..9c815f246b77 ---- /dev/null -+++ b/obexd/src/org.bluez.obex.service.in -@@ -0,0 +1,4 @@ -+[D-BUS Service] -+Name=org.bluez.obex -+Exec=@libexecdir@/obexd -+SystemdService=dbus-org.bluez.obex.service diff --git a/recipes-connectivity/bluez/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/recipes-connectivity/bluez/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch deleted file mode 100644 index 24ddae6..0000000 --- a/recipes-connectivity/bluez/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Fri, 1 Apr 2016 17:07:34 +0300 -Subject: [PATCH] tests: add a target for building tests without running them - -Upstream-Status: Inappropriate [oe specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - Makefile.am | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/Makefile.am b/Makefile.am -index 1a48a71..ba3b92f 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -425,6 +425,9 @@ endif - TESTS = $(unit_tests) - AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 - -+# This allows building tests without running them -+buildtests: $(TESTS) -+ - if DBUS_RUN_SESSION - AM_TESTS_ENVIRONMENT += dbus-run-session -- - endif --- -2.8.0.rc3 - diff --git a/recipes-connectivity/bluez/bluez5/CVE-2017-1000250.patch b/recipes-connectivity/bluez/bluez5/CVE-2017-1000250.patch deleted file mode 100644 index 05359da..0000000 --- a/recipes-connectivity/bluez/bluez5/CVE-2017-1000250.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> -Date: Wed, 13 Sep 2017 10:01:40 +0300 -Subject: sdp: Fix Out-of-bounds heap read in service_search_attr_req function - -Check if there is enough data to continue otherwise return an error. ---- - src/sdpd-request.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sdpd-request.c b/src/sdpd-request.c -index 1eefdce..318d044 100644 ---- a/src/sdpd-request.c -+++ b/src/sdpd-request.c -@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf) - } else { - /* continuation State exists -> get from cache */ - sdp_buf_t *pCache = sdp_get_cached_rsp(cstate); -- if (pCache) { -+ if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) { - uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); - pResponse = pCache->data; - memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); --- -cgit v1.1 - diff --git a/recipes-connectivity/bluez/bluez5/out-of-tree.patch b/recipes-connectivity/bluez/bluez5/out-of-tree.patch deleted file mode 100644 index 3ee79d7..0000000 --- a/recipes-connectivity/bluez/bluez5/out-of-tree.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Fri, 22 Apr 2016 15:40:37 +0100 -Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation - -In parallel out-of-tree builds it's possible that obexd/src/builtin.h is -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. - -Upstream-Status: Submitted -Signed-off-by: Ross Burton <ross.burton@intel.com> ---- - Makefile.obexd | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc..c8286f0 100644 ---- a/Makefile.obexd -+++ b/Makefile.obexd -@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h - obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources) -+ $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@ --- -2.8.0.rc3 - diff --git a/recipes-connectivity/bluez/bluez5/run-ptest b/recipes-connectivity/bluez/bluez5/run-ptest deleted file mode 100644 index 21df00c..0000000 --- a/recipes-connectivity/bluez/bluez5/run-ptest +++ /dev/null @@ -1,31 +0,0 @@ -#! /bin/sh - -cd unit - -failed=0 -all=0 - -for f in test-*; do - "./$f" - case "$?" in - 0) - echo "PASS: $f" - all=$((all + 1)) - ;; - 77) - echo "SKIP: $f" - ;; - *) - echo "FAIL: $f" - failed=$((failed + 1)) - all=$((all + 1)) - ;; - esac -done - -if [ "$failed" -eq 0 ] ; then - echo "All $all tests passed" -else - echo "$failed of $all tests failed" -fi - diff --git a/recipes-connectivity/hostapd/hostapd/default b/recipes-connectivity/hostapd/files/default index 8f3287d..8f3287d 100644 --- a/recipes-connectivity/hostapd/hostapd/default +++ b/recipes-connectivity/hostapd/files/default diff --git a/recipes-connectivity/hostapd/hostapd/defconfig b/recipes-connectivity/hostapd/files/defconfig index 3a447c6..3a447c6 100644 --- a/recipes-connectivity/hostapd/hostapd/defconfig +++ b/recipes-connectivity/hostapd/files/defconfig diff --git a/recipes-connectivity/hostapd/hostapd/init b/recipes-connectivity/hostapd/files/init index 04fd2d0..04fd2d0 100644 --- a/recipes-connectivity/hostapd/hostapd/init +++ b/recipes-connectivity/hostapd/files/init diff --git a/recipes-connectivity/hostapd/hostapd/hostapd.service b/recipes-connectivity/hostapd/hostapd/hostapd.service deleted file mode 100644 index 151c050..0000000 --- a/recipes-connectivity/hostapd/hostapd/hostapd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -After=network.target - -[Service] -Type=forking -PIDFile=/run/hostapd.pid -ExecStart=@SBINDIR@/hostapd @SYSCONFDIR@/hostapd.conf -P /run/hostapd.pid -B - -[Install] -WantedBy=multi-user.target diff --git a/recipes-connectivity/hostapd/hostapd_%.bbappend b/recipes-connectivity/hostapd/hostapd_%.bbappend index 2686fa3..c8f8fab 100644 --- a/recipes-connectivity/hostapd/hostapd_%.bbappend +++ b/recipes-connectivity/hostapd/hostapd_%.bbappend @@ -1,5 +1,6 @@ -SRC_URI += "file://cfg80211.conf" -PR = "m1" +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +PR = "m2" do_install_append() { install -d ${D}{sysconfdir}/modprobe.d @@ -12,6 +13,8 @@ SRC_URI += " file://cfg80211.conf \ file://WiFi-SSID \ file://setchan \ file://default \ + file://init \ + file://defconfig \ " do_install() { diff --git a/recipes-connectivity/hostapd/hostapd_2.8.bb b/recipes-connectivity/hostapd/hostapd_2.8.bb deleted file mode 100644 index 15884d0..0000000 --- a/recipes-connectivity/hostapd/hostapd_2.8.bb +++ /dev/null @@ -1,51 +0,0 @@ -SUMMARY = "User space daemon for extended IEEE 802.11 management" -HOMEPAGE = "http://w1.fi/hostapd/" -SECTION = "kernel/userland" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://hostapd/README;md5=1ec986bec88070e2a59c68c95d763f89" - -DEPENDS = "libnl openssl" - -SRC_URI = " \ - http://w1.fi/releases/hostapd-${PV}.tar.gz \ - file://defconfig \ - file://init \ - file://hostapd.service \ -" - -SRC_URI[md5sum] = "ed2c254e5f400838cb9d8e7b6e43b86c" -SRC_URI[sha256sum] = "929f522be6eeec38c53147e7bc084df028f65f148a3f7e4fa6c4c3f955cee4b0" - -S = "${WORKDIR}/hostapd-${PV}" -B = "${WORKDIR}/hostapd-${PV}/hostapd" - -inherit update-rc.d systemd pkgconfig distro_features_check - -CONFLICT_DISTRO_FEATURES = "openssl-no-weak-ciphers" - -INITSCRIPT_NAME = "hostapd" - -SYSTEMD_SERVICE_${PN} = "hostapd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" - -do_configure_append() { - install -m 0644 ${WORKDIR}/defconfig ${B}/.config -} - -do_compile() { - export CFLAGS="-MMD -O2 -Wall -g" - export EXTRA_CFLAGS="${CFLAGS}" - make V=1 -} - -do_install() { - install -d ${D}${sbindir} ${D}${sysconfdir}/init.d ${D}${systemd_unitdir}/system/ - install -m 0644 ${B}/hostapd.conf ${D}${sysconfdir} - install -m 0755 ${B}/hostapd ${D}${sbindir} - install -m 0755 ${B}/hostapd_cli ${D}${sbindir} - install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/hostapd - install -m 0644 ${WORKDIR}/hostapd.service ${D}${systemd_unitdir}/system/ - sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/hostapd.service -} - -CONFFILES_${PN} += "${sysconfdir}/hostapd.conf" diff --git a/recipes-connectivity/lora/lora-gateway-sx1303_2.0.1.bb b/recipes-connectivity/lora/lora-gateway-sx1303_2.0.1.bb new file mode 100644 index 0000000..c5c2ab1 --- /dev/null +++ b/recipes-connectivity/lora/lora-gateway-sx1303_2.0.1.bb @@ -0,0 +1,65 @@ +DESCRIPTION = "LoRa Packet Forwarder" +HOMEPAGE = "https://github.com/Lora-net/sx1302_hal" +PRIORITY = "optional" +SECTION = "console/utils" +# Semtech license is a modified BSD-style license +LICENSE = "Proprietary" +LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=d2119120bd616e725f4580070bd9ee19" +DEPENDS = "logrotate" +RDEPENDS_${PN} += "bash" +PR = "r0" + +# SRCREV = "100104ee350a0e469b348ac383486d311caaf5e5" +SRCREV = "V${PV}" + +SRC_URI = "git://github.com/Lora-net/sx1302_hal.git;protocol=git;branch=master \ +" + + +S = "${WORKDIR}/git" +B = "${S}" + +LORA_DIR = "/opt/lora" + + +CFLAGS += " -I${S}/packet_forwarder/inc -I${S}/libloragw/inc -I${S}/libtools/inc -I${S}/inc -I. -std=gnu11" + +do_compile() { + oe_runmake packet_forwarder LDFLAGS=${LDFLAGS} + oe_runmake util_boot LDFLAGS=${LDFLAGS} + oe_runmake util_chip_id FLAGS=${LDFLAGS} + oe_runmake util_net_downlink LDFLAGS=${LDFLAGS} + # oe_runmake util_spectral_scan LDFLAGS=${LDFLAGS} +} + +do_install() { + install -d ${D}${LORA_DIR} + install -d ${D}${LORA_DIR}/forwarder-utils-sx1303 + install -d ${D}${LORA_DIR}/gateway-utils-sx1303 + install -m 755 packet_forwarder/lora_pkt_fwd ${D}${LORA_DIR}/lora_pkt_fwd_sx1303 + install -m 755 libloragw/test_loragw* ${D}${LORA_DIR}/gateway-utils-sx1303/ + install -m 755 util_boot/boot ${D}${LORA_DIR}/forwarder-utils-sx1303/util_boot + install -m 755 util_chip_id/chip_id ${D}${LORA_DIR}/forwarder-utils-sx1303/util_chip_id + install -m 755 util_net_downlink/net_downlink ${D}${LORA_DIR}/forwarder-utils-sx1303/util_net_downlink + # install -m 755 util_spectral_scan/util_spectral_scan ${D}${LORA_DIR}/forwarder-utils-sx1303/ +} + +do_install_append_mtcdt() { +} + +do_install_append_mtcap() { +} + +do_install_append_mtcdt3() { +} + +do_install_append_mtcdt3hs() { +} + + +FILES_${PN} += "${LORA_DIR}" + +# disable this on purpose for dev purposes +do_rm_work() { + echo "skipping" +} diff --git a/recipes-connectivity/lora/lora-gateway_5.0.1.bb b/recipes-connectivity/lora/lora-gateway_5.0.4.bb index dc3a985..f16cadf 100644 --- a/recipes-connectivity/lora/lora-gateway_5.0.1.bb +++ b/recipes-connectivity/lora/lora-gateway_5.0.4.bb @@ -5,18 +5,18 @@ SECTION = "console/utils" # Semtech license is a modified BSD-style license LICENSE = "Proprietary" LIC_FILES_CHKSUM = "file://LICENSE;md5=a2bdef95625509f821ba00460e3ae0eb" -DEPENDS = "libgps25" -RDEPENDS_${PN} = "libgps25" +DEPENDS = "gpsd" -PR = "r27" -SRCREV = "dea57d6f29246434173c33c56850708c51fc5b23" +PR = "r23" +SRCREV = "004c03449d498cfa495df4d7834b733f4697a10f" - -SRC_URI = "git://git.multitech.net/lora_gateway_mtac_full;branch=master;protocol=git \ +SRC_URI = "git://git@gitlab.multitech.net/lora_enterprise/lora_gateway_mtac_full.git;protocol=ssh;branch=master \ file://library_4.0.cfg \ file://ln-lora-spi-dev.sh \ " +SRC_URI[md5sum] = "9e06a3733a9fea39a3d61f77b412badf" +SRC_URI[sha256sum] = "28fbfe098013908794b32e51d1fed4427f20dd6c8adbbca78df2e1800f5c84dc" S = "${WORKDIR}/git" @@ -28,7 +28,7 @@ do_configure_append() { } do_compile() { - oe_runmake + oe_runmake LDFLAGS=${LDFLAGS} } do_install() { @@ -55,6 +55,7 @@ do_install_append_mtcdt() { install -m 0755 ${WORKDIR}/ln-lora-spi-dev.sh ${D}/opt/lora/ } + PACKAGES += "${PN}-utils ${PN}-utils-dbg" FILES_${PN} = "${libdir}/lora/lora-gw-readme.md" @@ -67,3 +68,4 @@ FILES_${PN}-staticdev = "${libdir}/lora/libloragw.a" do_rm_work() { echo "skipping" } + diff --git a/recipes-connectivity/lora/lora-network-server_2.4.4.bb b/recipes-connectivity/lora/lora-network-server_2.4.4.bb index 49143a9..84c7289 100644 --- a/recipes-connectivity/lora/lora-network-server_2.4.4.bb +++ b/recipes-connectivity/lora/lora-network-server_2.4.4.bb @@ -3,8 +3,8 @@ PRIORITY = "optional" SECTION = "console/utils" LICENSE = "Proprietary" LIC_FILES_CHKSUM = "file://LICENSE;md5=2b9a30a3082ddccd2c695a4dbeeab80d" -DEPENDS = "jsoncpp libmts mosquitto sqlite3 curl gnutls" -RDEPENDS_${PN} += "lora-packet-forwarder logrotate bash lora-logging jsoncpp" +DEPENDS = "jsoncpp16 libmts mosquitto sqlite3 curl gnutls" +RDEPENDS_${PN} += "lora-packet-forwarder logrotate bash lora-logging jsoncpp16" PR = "r0" CONFFILES_${PN} += "${sysconfdir}/default/lora-network-server ${sysconfdir}/init.d/lora-network-server" diff --git a/recipes-connectivity/lora/lora-packet-forwarder_4.0.1.bb b/recipes-connectivity/lora/lora-packet-forwarder_4.0.6.bb index a56ec60..ac5bf6b 100644 --- a/recipes-connectivity/lora/lora-packet-forwarder_4.0.1.bb +++ b/recipes-connectivity/lora/lora-packet-forwarder_4.0.6.bb @@ -5,11 +5,11 @@ SECTION = "console/utils" # Semtech license is a modified BSD-style license LICENSE = "Proprietary" LIC_FILES_CHKSUM = "file://LICENSE;md5=22af7693d7b76ef0fc76161c4be76c45" -DEPENDS = "lora-gateway logrotate lora-logging libgps25" +DEPENDS = "lora-gateway logrotate lora-logging gpsd" RDEPENDS_${PN} += "bash" FILESEXTRAPATHS_append_mtcdt3hs := ":${THISDIR}/lora-packet-forwarder/mtcdt3" -PR = "r26" -SRCREV = "28b9dff2eb06fb88421cf32771d380a178079fce" +PR = "r29" +SRCREV = "${PV}" PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "git://git.multitech.net/packet_forwarder_mtac_full;branch=master;protocol=git \ @@ -148,6 +148,21 @@ do_install_append_mtcdt3hs() { install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.IN865.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.IN865 } +do_install_append_mtcpmhs() { + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.EU868.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_0.EU868.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_0 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.EU868.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_0.EU868.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_0.EU868 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.EU868.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.EU868 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.RU864.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.RU864 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_0.US915.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_0.US915 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.US915.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.US915 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.AU915.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.AU915 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.AS923.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.AS923 + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.AS923-LBT.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.AS923-LBT + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.KR920-LBT.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.KR920-LBT + install -m 755 ${WORKDIR}/global_conf.json.3.0.0.MTAC_LORA_1_5.IN865.basic.clksrc0 ${D}${LORA_DIR}/global_conf.json.MTAC_LORA_1_5.IN865 +} FILES_${PN} += "${LORA_DIR}" FILES_${PN}-dbg += "${LORA_DIR}/.debug ${LORA_DIR}/forwarder-utils/.debug" diff --git a/recipes-connectivity/lora/lora-query_1.0.6.bb b/recipes-connectivity/lora/lora-query_1.0.6.bb index 60bcc42..43afdf3 100644 --- a/recipes-connectivity/lora/lora-query_1.0.6.bb +++ b/recipes-connectivity/lora/lora-query_1.0.6.bb @@ -2,8 +2,8 @@ DESCRIPTION = "LoRa network server query tool" HOMEPAGE = "http://www.multitech.net/" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=94d55d512a9ba36caa9b7df079bae19f" -DEPENDS = "jsoncpp libmts" -RDEPENDS_${PN} += "jsoncpp" +DEPENDS = "jsoncpp16 libmts" +RDEPENDS_${PN} += "jsoncpp16" PR = "r2" SRCREV = "${PV}" diff --git a/recipes-connectivity/mbedtls/mbedtls_2.13.0.bb b/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb index ff3f7f0..c54e18a 100644 --- a/recipes-connectivity/mbedtls/mbedtls_2.13.0.bb +++ b/recipes-connectivity/mbedtls/mbedtls_2.25.0.bb @@ -18,19 +18,18 @@ understand what the code does. It features: \ HOMEPAGE = "https://tls.mbed.org/" LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=302d50a6369f5f22efdb674db908167a" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SECTION = "libs" -SRC_URI = "https://tls.mbed.org/download/mbedtls-${PV}-apache.tgz" - -SRC_URI[md5sum] = "659d96bb03012ca6db414a9137fcdbd6" -SRC_URI[sha256sum] = "593b4e4d2e1629fc407ab4750d69fa309a0ddb66565dc3deb5b60eddbdeb06da" +S = "${WORKDIR}/git" +SRCREV = "1c54b5410fd48d6bcada97e30cac417c5c7eea67" +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master" inherit cmake PACKAGECONFIG ??= "shared-libs programs" -PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-USE_SHARED_MBEDTLS_LIBRARY=OFF" +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}" @@ -40,3 +39,5 @@ RPROVIDES_${PN} = "polarssl" PACKAGES =+ "${PN}-programs" FILES_${PN}-programs = "${bindir}/" + +BBCLASSEXTEND = "native nativesdk"
\ No newline at end of file diff --git a/recipes-connectivity/mosquitto/mosquitto/config_mk.patch b/recipes-connectivity/mosquitto/mosquitto/config_mk.patch deleted file mode 100644 index 437022c..0000000 --- a/recipes-connectivity/mosquitto/mosquitto/config_mk.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -Naur old/config.mk new/config.mk ---- old/config.mk 2017-04-17 14:33:32.504351936 -0500 -+++ new/config.mk 2017-04-17 14:34:27.061557282 -0500 -@@ -83,9 +83,9 @@ - # Strip executables and shared libraries on install. - WITH_STRIP:=no - - # Build static libraries --WITH_STATIC_LIBRARIES:=no -+WITH_STATIC_LIBRARIES:=yes - - # Build with async dns lookup support for bridges (temporary). Requires glibc. - #WITH_ADNS:=yes - -@@ -272,7 +272,7 @@ - endif - - INSTALL?=install --prefix=/usr/local -+prefix=/usr - mandir=${prefix}/share/man - localedir=${prefix}/share/locale - STRIP?=strip - - - - diff --git a/recipes-connectivity/mosquitto/mosquitto/mosquitto.conf b/recipes-connectivity/mosquitto/mosquitto/mosquitto.conf index 25821b8..6b861d6 100644 --- a/recipes-connectivity/mosquitto/mosquitto/mosquitto.conf +++ b/recipes-connectivity/mosquitto/mosquitto/mosquitto.conf @@ -4,84 +4,136 @@ # # Default values are shown, uncomment to change. # -# Use the # character to indicate a comment, but only if it is the +# Use the # character to indicate a comment, but only if it is the # very first character on the line. # ================================================================= # General configuration # ================================================================= -# Time in seconds to wait before resending an outgoing QoS=1 or -# QoS=2 message. -#retry_interval 20 - -# Time in seconds between updates of the $SYS tree. -# Set to 0 to disable the publishing of the $SYS tree. -#sys_interval 10 +# Use per listener security settings. +# +# It is recommended this option be set before any other options. +# +# If this option is set to true, then all authentication and access control +# options are controlled on a per listener basis. The following options are +# affected: +# +# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous +# auto_id_prefix allow_zero_length_clientid +# +# Note that if set to true, then a durable client (i.e. with clean session set +# to false) that has disconnected will use the ACL settings defined for the +# listener that it was most recently connected to. +# +# The default behaviour is for this to be set to false, which maintains the +# setting behaviour from previous versions of mosquitto. +#per_listener_settings false -# Time in seconds between cleaning the internal message store of -# unreferenced messages. Lower values will result in lower memory -# usage but more processor time, higher values will have the -# opposite effect. -# Setting a value of 0 means the unreferenced messages will be -# disposed of as quickly as possible. -#store_clean_interval 10 -# Write process id to a file. Default is a blank string which means -# a pid file shouldn't be written. -# This should be set to /var/run/mosquitto.pid if mosquitto is -# being run automatically on boot with an init script and -# start-stop-daemon or similar. -pid_file /var/run/mosquitto.pid +# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# +# and foo/+/baz , then MQTT expects that when the broker receives a message on +# a topic that matches both subscriptions, such as foo/bar/baz, then the client +# should only receive the message once. +# Mosquitto keeps track of which clients a message has been sent to in order to +# meet this requirement. The allow_duplicate_messages option allows this +# behaviour to be disabled, which may be useful if you have a large number of +# clients subscribed to the same set of topics and are very concerned about +# minimising memory usage. +# It can be safely set to true if you know in advance that your clients will +# never have overlapping subscriptions, otherwise your clients must be able to +# correctly deal with duplicate messages even when then have QoS=2. +#allow_duplicate_messages false -# When run as root, drop privileges to this user and its primary -# group. -# Leave blank to stay as root, but this is not recommended. -# If run as a non-root user, this setting has no effect. -# Note that on Windows this has no effect and so mosquitto should -# be started by the user you wish it to run as. -user root +# This option controls whether a client is allowed to connect with a zero +# length client id or not. This option only affects clients using MQTT v3.1.1 +# and later. If set to false, clients connecting with a zero length client id +# are disconnected. If set to true, clients will be allocated a client id by +# the broker. This means it is only useful for clients with clean session set +# to true. +#allow_zero_length_clientid true -# The maximum number of QoS 1 and 2 messages currently inflight per +# If allow_zero_length_clientid is true, this option allows you to set a prefix +# to automatically generated client ids to aid visibility in logs. +# Defaults to 'auto-' +#auto_id_prefix auto- + +# This option affects the scenario when a client subscribes to a topic that has +# retained messages. It is possible that the client that published the retained +# message to the topic had access at the time they published, but that access +# has been subsequently removed. If check_retain_source is set to true, the +# default, the source of a retained message will be checked for access rights +# before it is republished. When set to false, no check will be made and the +# retained message will always be published. This affects all listeners. +#check_retain_source true + +# QoS 1 and 2 messages will be allowed inflight per client until this limit +# is exceeded. Defaults to 0. (No maximum) +# See also max_inflight_messages +#max_inflight_bytes 0 + +# The maximum number of QoS 1 and 2 messages currently inflight per # client. -# This includes messages that are partway through handshakes and -# those that are being retried. Defaults to 20. Set to 0 for no -# maximum. Setting to 1 will guarantee in-order delivery of QoS 1 +# This includes messages that are partway through handshakes and +# those that are being retried. Defaults to 20. Set to 0 for no +# maximum. Setting to 1 will guarantee in-order delivery of QoS 1 # and 2 messages. #max_inflight_messages 20 -# The maximum number of QoS 1 and 2 messages to hold in a queue -# above those that are currently in-flight. Defaults to 100. Set +# For MQTT v5 clients, it is possible to have the server send a "server +# keepalive" value that will override the keepalive value set by the client. +# This is intended to be used as a mechanism to say that the server will +# disconnect the client earlier than it anticipated, and that the client should +# use the new keepalive value. The max_keepalive option allows you to specify +# that clients may only connect with keepalive less than or equal to this +# value, otherwise they will be sent a server keepalive telling them to use +# max_keepalive. This only applies to MQTT v5 clients. The maximum value +# allowable is 65535. Do not set below 10. +#max_keepalive 65535 + +# For MQTT v5 clients, it is possible to have the server send a "maximum packet +# size" value that will instruct the client it will not accept MQTT packets +# with size greater than max_packet_size bytes. This applies to the full MQTT +# packet, not just the payload. Setting this option to a positive value will +# set the maximum packet size to that number of bytes. If a client sends a +# packet which is larger than this value, it will be disconnected. This applies +# to all clients regardless of the protocol version they are using, but v3.1.1 +# and earlier clients will of course not have received the maximum packet size +# information. Defaults to no limit. Setting below 20 bytes is forbidden +# because it is likely to interfere with ordinary client operation, even with +# very small payloads. +#max_packet_size 0 + +# QoS 1 and 2 messages above those currently in-flight will be queued per +# client until this limit is exceeded. Defaults to 0. (No maximum) +# See also max_queued_messages. +# If both max_queued_messages and max_queued_bytes are specified, packets will +# be queued until the first limit is reached. +#max_queued_bytes 0 + +# The maximum number of QoS 1 and 2 messages to hold in a queue per client +# above those that are currently in-flight. Defaults to 100. Set # to 0 for no maximum (not recommended). # See also queue_qos0_messages. +# See also max_queued_bytes. #max_queued_messages 100 - -# Set to true to queue messages with QoS 0 when a persistent client is -# disconnected. These messages are included in the limit imposed by -# max_queued_messages. -# Defaults to false. -# This is a non-standard option for the MQTT v3.1 spec but is allowed in -# v3.1.1. -#queue_qos0_messages false +# +# This option sets the maximum number of heap memory bytes that the broker will +# allocate, and hence sets a hard limit on memory use by the broker. Memory +# requests that exceed this value will be denied. The effect will vary +# depending on what has been denied. If an incoming message is being processed, +# then the message will be dropped and the publishing client will be +# disconnected. If an outgoing message is being sent, then the individual +# message will be dropped and the receiving client will be disconnected. +# Defaults to no limit. +#memory_limit 0 # This option sets the maximum publish payload size that the broker will allow. # Received messages that exceed this size will not be accepted by the broker. # The default value is 0, which means that all valid MQTT messages are -# accepted. MQTT imposes a maximum payload size of 268435455 bytes. +# accepted. MQTT imposes a maximum payload size of 268435455 bytes. #message_size_limit 0 -# This option controls whether a client is allowed to connect with a zero -# length client id or not. This option only affects clients using MQTT v3.1.1 -# and later. If set to false, clients connecting with a zero length client id -# are disconnected. If set to true, clients will be allocated a client id by -# the broker. This means it is only useful for clients with clean session set -# to true. -#allow_zero_length_clientid true - -# If allow_zero_length_clientid is true, this option allows you to set a prefix -# to automatically generated client ids to aid visibility in logs. -#auto_id_prefix - # This option allows persistent clients (those with clean session set to false) # to be removed if they do not reconnect within a certain time frame. # @@ -101,19 +153,34 @@ user root # The default if not set is to never expire persistent clients. #persistent_client_expiration -# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# -# and foo/+/baz , then MQTT expects that when the broker receives a message on -# a topic that matches both subscriptions, such as foo/bar/baz, then the client -# should only receive the message once. -# Mosquitto keeps track of which clients a message has been sent to in order to -# meet this requirement. The allow_duplicate_messages option allows this -# behaviour to be disabled, which may be useful if you have a large number of -# clients subscribed to the same set of topics and are very concerned about -# minimising memory usage. -# It can be safely set to true if you know in advance that your clients will -# never have overlapping subscriptions, otherwise your clients must be able to -# correctly deal with duplicate messages even when then have QoS=2. -#allow_duplicate_messages false +# Write process id to a file. Default is a blank string which means +# a pid file shouldn't be written. +# This should be set to /var/run/mosquitto.pid if mosquitto is +# being run automatically on boot with an init script and +# start-stop-daemon or similar. +#pid_file + +# Set to true to queue messages with QoS 0 when a persistent client is +# disconnected. These messages are included in the limit imposed by +# max_queued_messages and max_queued_bytes +# Defaults to false. +# This is a non-standard option for the MQTT v3.1 spec but is allowed in +# v3.1.1. +#queue_qos0_messages false + +# Set to false to disable retained message support. If a client publishes a +# message with the retain bit set, it will be disconnected if this is set to +# false. +#retain_available true + +# Disable Nagle's algorithm on client sockets. This has the effect of reducing +# latency of individual messages at the potential cost of increasing the number +# of packets being sent. +#set_tcp_nodelay false + +# Time in seconds between updates of the $SYS tree. +# Set to 0 to disable the publishing of the $SYS tree. +#sys_interval 10 # The MQTT specification requires that the QoS of a message delivered to a # subscriber is never upgraded to match the QoS of the subscription. Enabling @@ -122,12 +189,20 @@ user root # This is a non-standard option explicitly disallowed by the spec. #upgrade_outgoing_qos false +# When run as root, drop privileges to this user and its primary +# group. +# Set to root to stay as root, but this is not recommended. +# If run as a non-root user, this setting has no effect. +# Note that on Windows this has no effect and so mosquitto should +# be started by the user you wish it to run as. +user root + # ================================================================= # Default listener # ================================================================= # IP address/hostname to bind the default listener to. If not -# given, the default listener will not be bound to a specific +# given, the default listener will not be bound to a specific # address and so will be accessible to all network interfaces. # bind_address ip-address/host name bind_address 127.0.0.1 @@ -135,11 +210,25 @@ bind_address 127.0.0.1 # Port to use for the default listener. port 1883 -# The maximum number of client connections to allow. This is +# Bind the listener to a specific interface. This is similar to +# bind_address above but is useful when an interface has multiple addresses or +# the address may change. It is valid to use this with the bind_address option, +# but take care that the interface you are binding to contains the address you +# are binding to, otherwise you will not be able to connect. +# Example: bind_interface eth0 +#bind_interface + +# When a listener is using the websockets protocol, it is possible to serve +# http data as well. Set http_dir to a directory which contains the files you +# wish to serve. If this option is not specified, then no normal http +# connections will be possible. +#http_dir + +# The maximum number of client connections to allow. This is # a per listener setting. # Default is -1, which means unlimited connections. -# Note that other process limits mean that unlimited connections -# are not really possible. Typically the default maximum number of +# Note that other process limits mean that unlimited connections +# are not really possible. Typically the default maximum number of # connections possible is around 1024. #max_connections -1 @@ -150,12 +239,6 @@ port 1883 # only the cafile, certfile, keyfile and ciphers options are supported. protocol mqtt -# When a listener is using the websockets protocol, it is possible to serve -# http data as well. Set http_dir to a directory which contains the files you -# wish to serve. If this option is not specified, then no normal http -# connections will be possible. -#http_dir - # Set use_username_as_clientid to true to replace the clientid that a client # connected with with its username. This allows authentication to be tied to # the clientid, which means that it is possible to prevent one client @@ -169,21 +252,21 @@ protocol mqtt # ----------------------------------------------------------------- # Certificate based SSL/TLS support # ----------------------------------------------------------------- -# The following options can be used to enable SSL/TLS support for +# The following options can be used to enable SSL/TLS support for # this listener. Note that the recommended port for MQTT over TLS # is 8883, but this must be set manually. # # See also the mosquitto-tls man page. -# At least one of cafile or capath must be defined. They both -# define methods of accessing the PEM encoded Certificate -# Authority certificates that have signed your server certificate +# At least one of cafile or capath must be defined. They both +# define methods of accessing the PEM encoded Certificate +# Authority certificates that have signed your server certificate # and that you wish to trust. # cafile defines the path to a file containing the CA certificates. # capath defines a directory that will be searched for files # containing the CA certificates. For capath to work correctly, the # certificate files must have ".crt" as the file ending and you must run -# "c_rehash <path to capath>" each time you add/remove a certificate. +# "openssl rehash <path to capath>" each time you add/remove a certificate. #cafile #capath @@ -193,12 +276,24 @@ protocol mqtt # Path to the PEM encoded keyfile. #keyfile -# This option defines the version of the TLS protocol to use for this listener. -# The default value allows v1.2, v1.1 and v1.0, if they are all supported by -# the version of openssl that the broker was compiled against. For openssl >= -# 1.0.1 the valid values are tlsv1.2 tlsv1.1 and tlsv1. For openssl < 1.0.1 the -# valid values are tlsv1. -#tls_version + +# If you have require_certificate set to true, you can create a certificate +# revocation list file to revoke access to particular client certificates. If +# you have done this, use crlfile to point to the PEM encoded revocation file. +#crlfile + +# If you wish to control which encryption ciphers are used, use the ciphers +# option. The list of available ciphers can be obtained using the "openssl +# ciphers" command and should be provided in the same format as the output of +# that command. +# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH +#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH + +# To allow the use of ephemeral DH key exchange, which provides forward +# security, the listener must load DH parameters. This can be specified with +# the dhparamfile option. The dhparamfile can be generated with the command +# e.g. "openssl dhparam -out dhparam.pem 2048" +#dhparamfile # By default a TLS enabled listener will operate in a similar fashion to a # https enabled web server, in that the server has a certificate signed by a CA @@ -209,22 +304,23 @@ protocol mqtt # outside of the mechanisms provided by MQTT. #require_certificate false +# This option defines the version of the TLS protocol to use for this listener. +# The default value allows all of v1.3, v1.2 and v1.1. The valid values are +# tlsv1.3 tlsv1.2 and tlsv1.1. +#tls_version + # If require_certificate is true, you may set use_identity_as_username to true # to use the CN value from the client certificate as a username. If this is # true, the password_file option will not be used for this listener. +# This takes priority over use_subject_as_username. +# See also use_subject_as_username. #use_identity_as_username false -# If you have require_certificate set to true, you can create a certificate -# revocation list file to revoke access to particular client certificates. If -# you have done this, use crlfile to point to the PEM encoded revocation file. -#crlfile - -# If you wish to control which encryption ciphers are used, use the ciphers -# option. The list of available ciphers can be optained using the "openssl -# ciphers" command and should be provided in the same format as the output of -# that command. -# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH -#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH +# If require_certificate is true, you may set use_subject_as_username to true +# to use the complete subject value from the client certificate as a username. +# If this is true, the password_file option will not be used for this listener. +# See also use_identity_as_username +#use_subject_as_username false # ----------------------------------------------------------------- # Pre-shared-key based SSL/TLS support @@ -245,40 +341,60 @@ protocol mqtt # used or create a security plugin to handle them. #psk_hint +# When using PSK, the encryption ciphers used will be chosen from the list of +# available PSK ciphers. If you want to control which ciphers are available, +# use the "ciphers" option. The list of available ciphers can be obtained +# using the "openssl ciphers" command and should be provided in the same format +# as the output of that command. +#ciphers + # Set use_identity_as_username to have the psk identity sent by the client used # as its username. Authentication will be carried out using the PSK rather than # the MQTT username/password and so password_file will not be used for this # listener. #use_identity_as_username false -# When using PSK, the encryption ciphers used will be chosen from the list of -# available PSK ciphers. If you want to control which ciphers are available, -# use the "ciphers" option. The list of available ciphers can be optained -# using the "openssl ciphers" command and should be provided in the same format -# as the output of that command. -#ciphers # ================================================================= # Extra listeners # ================================================================= -# Listen on a port/ip address combination. By using this variable -# multiple times, mosquitto can listen on more than one port. If -# this variable is used and neither bind_address nor port given, +# Listen on a port/ip address combination. By using this variable +# multiple times, mosquitto can listen on more than one port. If +# this variable is used and neither bind_address nor port given, # then the default listener will not be started. -# The port number to listen on must be given. Optionally, an ip -# address or host name may be supplied as a second argument. In -# this case, mosquitto will attempt to bind the listener to that -# address and so restrict access to the associated network and +# The port number to listen on must be given. Optionally, an ip +# address or host name may be supplied as a second argument. In +# this case, mosquitto will attempt to bind the listener to that +# address and so restrict access to the associated network and # interface. By default, mosquitto will listen on all interfaces. +# Note that for a websockets listener it is not possible to bind to a host +# name. # listener port-number [ip address/host name] #listener -# The maximum number of client connections to allow. This is +# Bind the listener to a specific interface. This is similar to +# the [ip address/host name] part of the listener definition, but is useful +# when an interface has multiple addresses or the address may change. It is +# valid to use this with the [ip address/host name] part of the listener +# definition, but take care that the interface you are binding to contains the +# address you are binding to, otherwise you will not be able to connect. +# Only available on Linux and requires elevated privileges. +# +# Example: bind_interface eth0 +#bind_interface + +# When a listener is using the websockets protocol, it is possible to serve +# http data as well. Set http_dir to a directory which contains the files you +# wish to serve. If this option is not specified, then no normal http +# connections will be possible. +#http_dir + +# The maximum number of client connections to allow. This is # a per listener setting. # Default is -1, which means unlimited connections. -# Note that other process limits mean that unlimited connections -# are not really possible. Typically the default maximum number of +# Note that other process limits mean that unlimited connections +# are not really possible. Typically the default maximum number of # connections possible is around 1024. #max_connections -1 @@ -294,12 +410,6 @@ protocol mqtt # cafile, certfile, keyfile and ciphers options are supported. protocol mqtt -# When a listener is using the websockets protocol, it is possible to serve -# http data as well. Set http_dir to a directory which contains the files you -# wish to serve. If this option is not specified, then no normal http -# connections will be possible. -#http_dir - # Set use_username_as_clientid to true to replace the clientid that a client # connected with with its username. This allows authentication to be tied to # the clientid, which means that it is possible to prevent one client @@ -310,6 +420,13 @@ protocol mqtt # See also use_identity_as_username. #use_username_as_clientid +# Change the websockets headers size. This is a global option, it is not +# possible to set per listener. This option sets the size of the buffer used in +# the libwebsockets library when reading HTTP headers. If you are passing large +# header data such as cookies then you may need to increase this value. If left +# unset, or set to 0, then the default of 1024 bytes will be used. +#websockets_headers_size + # ----------------------------------------------------------------- # Certificate based SSL/TLS support # ----------------------------------------------------------------- @@ -329,7 +446,7 @@ protocol mqtt # capath defines a directory that will be searched for files # containing the CA certificates. For capath to work correctly, the # certificate files must have ".crt" as the file ending and you must run -# "c_rehash <path to capath>" each time you add/remove a certificate. +# "openssl rehash <path to capath>" each time you add/remove a certificate. #cafile #capath @@ -339,6 +456,24 @@ protocol mqtt # Path to the PEM encoded keyfile. #keyfile + +# If you wish to control which encryption ciphers are used, use the ciphers +# option. The list of available ciphers can be optained using the "openssl +# ciphers" command and should be provided in the same format as the output of +# that command. +#ciphers + +# If you have require_certificate set to true, you can create a certificate +# revocation list file to revoke access to particular client certificates. If +# you have done this, use crlfile to point to the PEM encoded revocation file. +#crlfile + +# To allow the use of ephemeral DH key exchange, which provides forward +# security, the listener must load DH parameters. This can be specified with +# the dhparamfile option. The dhparamfile can be generated with the command +# e.g. "openssl dhparam -out dhparam.pem 2048" +#dhparamfile + # By default an TLS enabled listener will operate in a similar fashion to a # https enabled web server, in that the server has a certificate signed by a CA # and the client will verify that it is a trusted certificate. The overall aim @@ -353,17 +488,6 @@ protocol mqtt # true, the password_file option will not be used for this listener. #use_identity_as_username false -# If you have require_certificate set to true, you can create a certificate -# revocation list file to revoke access to particular client certificates. If -# you have done this, use crlfile to point to the PEM encoded revocation file. -#crlfile - -# If you wish to control which encryption ciphers are used, use the ciphers -# option. The list of available ciphers can be optained using the "openssl -# ciphers" command and should be provided in the same format as the output of -# that command. -#ciphers - # ----------------------------------------------------------------- # Pre-shared-key based SSL/TLS support # ----------------------------------------------------------------- @@ -383,12 +507,6 @@ protocol mqtt # used or create a security plugin to handle them. #psk_hint -# Set use_identity_as_username to have the psk identity sent by the client used -# as its username. Authentication will be carried out using the PSK rather than -# the MQTT username/password and so password_file will not be used for this -# listener. -#use_identity_as_username false - # When using PSK, the encryption ciphers used will be chosen from the list of # available PSK ciphers. If you want to control which ciphers are available, # use the "ciphers" option. The list of available ciphers can be optained @@ -396,15 +514,22 @@ protocol mqtt # as the output of that command. #ciphers +# Set use_identity_as_username to have the psk identity sent by the client used +# as its username. Authentication will be carried out using the PSK rather than +# the MQTT username/password and so password_file will not be used for this +# listener. +#use_identity_as_username false + + # ================================================================= # Persistence # ================================================================= -# If persistence is enabled, save the in-memory database to disk -# every autosave_interval seconds. If set to 0, the persistence +# If persistence is enabled, save the in-memory database to disk +# every autosave_interval seconds. If set to 0, the persistence # database will only be written when mosquitto exits. See also # autosave_on_changes. -# Note that writing of the persistence database can be forced by +# Note that writing of the persistence database can be forced by # sending mosquitto a SIGUSR1 signal. #autosave_interval 1800 @@ -416,13 +541,13 @@ protocol mqtt #autosave_on_changes false # Save persistent message data to disk (true/false). -# This saves information about all messages, including -# subscriptions, currently in-flight messages and retained +# This saves information about all messages, including +# subscriptions, currently in-flight messages and retained # messages. # retained_persistence is a synonym for this option. #persistence false -# The filename to use for the persistent database, not including +# The filename to use for the persistent database, not including # the path. #persistence_file mosquitto.db @@ -432,21 +557,22 @@ protocol mqtt # similar. #persistence_location + # ================================================================= # Logging # ================================================================= -# Places to log to. Use multiple log_dest lines for multiple +# Places to log to. Use multiple log_dest lines for multiple # logging destinations. # Possible destinations are: stdout stderr syslog topic file # # stdout and stderr log to the console on the named output. # -# syslog uses the userspace syslog facility which usually ends up +# syslog uses the userspace syslog facility which usually ends up # in /var/log/messages or similar. # -# topic logs to the broker topic '$SYS/broker/log/<severity>', -# where severity is one of D, E, W, N, I, M which are debug, error, +# topic logs to the broker topic '$SYS/broker/log/<severity>', +# where severity is one of D, E, W, N, I, M which are debug, error, # warning, notice, information and message. Message type severity is used by # the subscribe/unsubscribe log_types and publishes log messages to # $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. @@ -461,15 +587,9 @@ protocol mqtt # Use "log_dest none" if you wish to disable logging. log_dest file /var/log/mosquitto.log -# If using syslog logging (not on Windows), messages will be logged to the -# "daemon" facility by default. Use the log_facility option to choose which of -# local0 to local7 to log to instead. The option value should be an integer -# value, e.g. "log_facility 5" to use local5. -#log_facility - # Types of messages to log. Use multiple log_type lines for logging # multiple types of messages. -# Possible types are: debug, error, warning, notice, information, +# Possible types are: debug, error, warning, notice, information, # none, subscribe, unsubscribe, websockets, all. # Note that debug type messages are for decoding the incoming/outgoing # network packets. They are not logged in "topics". @@ -478,40 +598,58 @@ log_type warning log_type notice log_type information + # If set to true, client connection and disconnection messages will be included # in the log. connection_messages true +# If using syslog logging (not on Windows), messages will be logged to the +# "daemon" facility by default. Use the log_facility option to choose which of +# local0 to local7 to log to instead. The option value should be an integer +# value, e.g. "log_facility 5" to use local5. +#log_facility + # If set to true, add a timestamp value to each log message. log_timestamp true +# Set the format of the log timestamp. If left unset, this is the number of +# seconds since the Unix epoch. +# This is a free text string which will be passed to the strftime function. To +# get an ISO 8601 datetime, for example: +# log_timestamp_format %Y-%m-%dT%H:%M:%S +#log_timestamp_format + +# Change the websockets logging level. This is a global option, it is not +# possible to set per listener. This is an integer that is interpreted by +# libwebsockets as a bit mask for its lws_log_levels enum. See the +# libwebsockets documentation for more details. "log_type websockets" must also +# be enabled. +#websockets_log_level 0 + + # ================================================================= # Security # ================================================================= -# If set, only clients that have a matching prefix on their -# clientid will be allowed to connect to the broker. By default, +# If set, only clients that have a matching prefix on their +# clientid will be allowed to connect to the broker. By default, # all clients may connect. # For example, setting "secure-" here would mean a client "secure- # client" could connect but another with clientid "mqtt" couldn't. #clientid_prefixes -# Boolean value that determines whether clients that connect -# without providing a username are allowed to connect. If set to -# false then a password file should be created (see the -# password_file option) to control authenticated client access. -# Defaults to true. +# Boolean value that determines whether clients that connect +# without providing a username are allowed to connect. If set to +# false then a password file should be created (see the +# password_file option) to control authenticated client access. +# +# Defaults to true if no other security options are set. If `password_file` or +# `psk_file` is set, or if an authentication plugin is loaded which implements +# username/password or TLS-PSK checks, then `allow_anonymous` defaults to +# false. +# #allow_anonymous true -# In addition to the clientid_prefixes, allow_anonymous and TLS -# authentication options, username based authentication is also -# possible. The default support is described in "Default -# authentication and topic access control" below. The auth_plugin -# allows another authentication method to be used. -# Specify the path to the loadable plugin and see the -# "Authentication and topic access plugin options" section below. -#auth_plugin - # ----------------------------------------------------------------- # Default authentication and topic access control # ----------------------------------------------------------------- @@ -522,11 +660,12 @@ log_timestamp true # plain text passwords are used, in which case the file should be a text file # with lines in the format: # username:password -# The password (and colon) may be omitted if desired, although this +# The password (and colon) may be omitted if desired, although this # offers very little in the way of security. -# +# # See the TLS client require_certificate and use_identity_as_username options -# for alternative authentication options. +# for alternative authentication options. If an auth_plugin is used as well as +# password_file, the auth_plugin check will be made first. #password_file # Access may also be controlled using a pre-shared-key file. This requires @@ -534,6 +673,7 @@ log_timestamp true # lines in the format: # identity:key # The key should be in hexadecimal format without a leading "0x". +# If an auth_plugin is used as well, the auth_plugin check will be made first. #psk_file # Control access to topics on the broker using an access control list @@ -544,14 +684,14 @@ log_timestamp true # Topic access is added with lines of the format: # # topic [read|write|readwrite] <topic> -# +# # The access type is controlled using "read", "write" or "readwrite". This # parameter is optional (unless <topic> contains a space character) - if not # given then the access is read/write. <topic> can contain the + or # # wildcards as in subscriptions. -# +# # The first set of topics are applied to anonymous clients, assuming -# allow_anonymous is true. User specific topic ACLs are added after a +# allow_anonymous is true. User specific topic ACLs are added after a # user line as follows: # # user <username> @@ -583,18 +723,31 @@ log_timestamp true # # pattern write sensor/%u/data # +# If an auth_plugin is used as well as acl_file, the auth_plugin check will be +# made first. #acl_file # ----------------------------------------------------------------- -# Authentication and topic access plugin options +# External authentication and topic access plugin options # ----------------------------------------------------------------- +# External authentication and access control can be supported with the +# auth_plugin option. This is a path to a loadable plugin. See also the +# auth_opt_* options described below. +# +# The auth_plugin option can be specified multiple times to load multiple +# plugins. The plugins will be processed in the order that they are specified +# here. If the auth_plugin option is specified alongside either of +# password_file or acl_file then the plugin checks will be made first. +# +#auth_plugin + # If the auth_plugin option above is used, define options to pass to the # plugin here as described by the plugin instructions. All options named # using the format auth_opt_* will be passed to the plugin, for example: # # auth_opt_db_host -# auth_opt_db_port +# auth_opt_db_port # auth_opt_db_username # auth_opt_db_password @@ -607,21 +760,29 @@ log_timestamp true # Create a new bridge using the "connection" option as described below. Set # options for the bridges using the remaining parameters. You must specify the # address and at least one topic to subscribe to. +# # Each connection must have a unique name. +# # The address line may have multiple host address and ports specified. See # below in the round_robin description for more details on bridge behaviour if -# multiple addresses are used. -# The direction that the topic will be shared can be chosen by -# specifying out, in or both, where the default value is out. +# multiple addresses are used. Note that if you use an IPv6 address, then you +# are required to specify a port. +# +# The direction that the topic will be shared can be chosen by +# specifying out, in or both, where the default value is out. # The QoS level of the bridged communication can be specified with the next # topic option. The default QoS level is 0, to change the QoS the topic # direction must also be given. +# # The local and remote prefix options allow a topic to be remapped when it is # bridged to/from the remote broker. This provides the ability to place a topic -# tree in an appropriate location. +# tree in an appropriate location. +# # For more details see the mosquitto.conf man page. -# Multiple topics can be specified per connection, but be careful +# +# Multiple topics can be specified per connection, but be careful # not to create any loops. +# # If you are using bridges with cleansession set to false (the default), then # you may get unexpected behaviour from incoming topics if you change what # topics you are subscribing to. This is because the remote broker keeps the @@ -632,9 +793,6 @@ log_timestamp true #address <host>[:<port>] [<host>[:<port>]] #topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix] -# Set the version of the MQTT protocol to use with for this bridge. Can be one -# of mqttv31 or mqttv311. Defaults to mqttv31. -#bridge_protocol_version mqttv31 # If a bridge has topics that have "out" direction, the default behaviour is to # send an unsubscribe request to the remote broker on that topic. This means @@ -644,56 +802,93 @@ log_timestamp true # the unsubscribe request. #bridge_attempt_unsubscribe true -# If the bridge has more than one address given in the address/addresses -# configuration, the round_robin option defines the behaviour of the bridge on -# a failure of the bridge connection. If round_robin is false, the default -# value, then the first address is treated as the main bridge connection. If -# the connection fails, the other secondary addresses will be attempted in -# turn. Whilst connected to a secondary bridge, the bridge will periodically -# attempt to reconnect to the main bridge until successful. -# If round_robin is true, then all addresses are treated as equals. If a -# connection fails, the next address will be tried and if successful will -# remain connected until it fails -#round_robin false +# Set the version of the MQTT protocol to use with for this bridge. Can be one +# of mqttv311 or mqttv11. Defaults to mqttv311. +#bridge_protocol_version mqttv311 -# Set the client id to use on the remote end of this bridge connection. If not -# defined, this defaults to 'name.hostname' where name is the connection name -# and hostname is the hostname of this computer. -# This replaces the old "clientid" option to avoid confusion. "clientid" -# remains valid for the time being. -#remote_clientid +# Set the clean session variable for this bridge. +# When set to true, when the bridge disconnects for any reason, all +# messages and subscriptions will be cleaned up on the remote +# broker. Note that with cleansession set to true, there may be a +# significant amount of retained messages sent when the bridge +# reconnects after losing its connection. +# When set to false, the subscriptions and messages are kept on the +# remote broker, and delivered when the bridge reconnects. +#cleansession false + +# Set the amount of time a bridge using the lazy start type must be idle before +# it will be stopped. Defaults to 60 seconds. +#idle_timeout 60 + +# Set the keepalive interval for this bridge connection, in +# seconds. +#keepalive_interval 60 # Set the clientid to use on the local broker. If not defined, this defaults to # 'local.<clientid>'. If you are bridging a broker to itself, it is important # that local_clientid and clientid do not match. #local_clientid -# Set the clean session variable for this bridge. -# When set to true, when the bridge disconnects for any reason, all -# messages and subscriptions will be cleaned up on the remote -# broker. Note that with cleansession set to true, there may be a -# significant amount of retained messages sent when the bridge -# reconnects after losing its connection. -# When set to false, the subscriptions and messages are kept on the -# remote broker, and delivered when the bridge reconnects. -#cleansession false - # If set to true, publish notification messages to the local and remote brokers # giving information about the state of the bridge connection. Retained # messages are published to the topic $SYS/broker/connection/<clientid>/state # unless the notification_topic option is used. # If the message is 1 then the connection is active, or 0 if the connection has # failed. +# This uses the last will and testament feature. #notifications true # Choose the topic on which notification messages for this bridge are # published. If not set, messages are published on the topic # $SYS/broker/connection/<clientid>/state -#notification_topic +#notification_topic -# Set the keepalive interval for this bridge connection, in -# seconds. -#keepalive_interval 60 +# Set the client id to use on the remote end of this bridge connection. If not +# defined, this defaults to 'name.hostname' where name is the connection name +# and hostname is the hostname of this computer. +# This replaces the old "clientid" option to avoid confusion. "clientid" +# remains valid for the time being. +#remote_clientid + +# Set the password to use when connecting to a broker that requires +# authentication. This option is only used if remote_username is also set. +# This replaces the old "password" option to avoid confusion. "password" +# remains valid for the time being. +#remote_password + +# Set the username to use when connecting to a broker that requires +# authentication. +# This replaces the old "username" option to avoid confusion. "username" +# remains valid for the time being. +#remote_username + +# Set the amount of time a bridge using the automatic start type will wait +# until attempting to reconnect. +# This option can be configured to use a constant delay time in seconds, or to +# use a backoff mechanism based on "Decorrelated Jitter", which adds a degree +# of randomness to when the restart occurs. +# +# Set a constant timeout of 20 seconds: +# restart_timeout 20 +# +# Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of +# 60 seconds: +# restart_timeout 10 30 +# +# Defaults to jitter with a base of 5 and cap of 30 +#restart_timeout 5 30 + +# If the bridge has more than one address given in the address/addresses +# configuration, the round_robin option defines the behaviour of the bridge on +# a failure of the bridge connection. If round_robin is false, the default +# value, then the first address is treated as the main bridge connection. If +# the connection fails, the other secondary addresses will be attempted in +# turn. Whilst connected to a secondary bridge, the bridge will periodically +# attempt to reconnect to the main bridge until successful. +# If round_robin is true, then all addresses are treated as equals. If a +# connection fails, the next address will be tried and if successful will +# remain connected until it fails +#round_robin false # Set the start type of the bridge. This controls how the bridge starts and # can be one of three types: automatic, lazy and once. Note that RSMB provides @@ -713,14 +908,6 @@ log_timestamp true # broker starts but will not be restarted if the connection fails. #start_type automatic -# Set the amount of time a bridge using the automatic start type will wait -# until attempting to reconnect. Defaults to 30 seconds. -#restart_timeout 30 - -# Set the amount of time a bridge using the lazy start type must be idle before -# it will be stopped. Defaults to 60 seconds. -#idle_timeout 60 - # Set the number of messages that need to be queued for a bridge with lazy # start type to be restarted. Defaults to 10 messages. # Must be less than max_queued_messages. @@ -734,18 +921,6 @@ log_timestamp true # properly. #try_private true -# Set the username to use when connecting to a broker that requires -# authentication. -# This replaces the old "username" option to avoid confusion. "username" -# remains valid for the time being. -#remote_username - -# Set the password to use when connecting to a broker that requires -# authentication. This option is only used if remote_username is also set. -# This replaces the old "password" option to avoid confusion. "password" -# remains valid for the time being. -#remote_password - # ----------------------------------------------------------------- # Certificate based SSL/TLS support # ----------------------------------------------------------------- @@ -756,16 +931,16 @@ log_timestamp true # certificate. # bridge_capath defines a directory that will be searched for files containing # the CA certificates. For bridge_capath to work correctly, the certificate -# files must have ".crt" as the file ending and you must run "c_rehash <path to -# capath>" each time you add/remove a certificate. +# files must have ".crt" as the file ending and you must run "openssl rehash +# <path to capath>" each time you add/remove a certificate. #bridge_cafile #bridge_capath -# Path to the PEM encoded client certificate, if required by the remote broker. -#bridge_certfile -# Path to the PEM encoded client private key, if required by the remote broker. -#bridge_keyfile +# If the remote broker has more than one protocol available on its port, e.g. +# MQTT and WebSockets, then use bridge_alpn to configure which protocol is +# requested. Note that WebSockets support for bridges is not yet available. +#bridge_alpn # When using certificate based encryption, bridge_insecure disables # verification of the server hostname in the server certificate. This can be @@ -776,6 +951,12 @@ log_timestamp true # point using encryption. #bridge_insecure false +# Path to the PEM encoded client certificate, if required by the remote broker. +#bridge_certfile + +# Path to the PEM encoded client private key, if required by the remote broker. +#bridge_keyfile + # ----------------------------------------------------------------- # PSK based SSL/TLS support # ----------------------------------------------------------------- @@ -793,20 +974,15 @@ log_timestamp true # External config files # ================================================================= -# External configuration files may be included by using the +# External configuration files may be included by using the # include_dir option. This defines a directory that will be searched # for config files. All files that end in '.conf' will be loaded as # a configuration file. It is best to have this as the last option # in the main file. This option will only be processed from the main -# configuration file. The directory specified must not contain the +# configuration file. The directory specified must not contain the # main configuration file. +# Files within include_dir will be loaded sorted in case-sensitive +# alphabetical order, with capital letters ordered first. If this option is +# given multiple times, all of the files from the first instance will be +# processed before the next instance. See the man page for examples. #include_dir - -# ================================================================= -# rsmb options - unlikely to ever be supported -# ================================================================= - -#ffdc_output -#max_log_entries -#trace_level -#trace_output diff --git a/recipes-connectivity/mosquitto/mosquitto/mosquitto.init b/recipes-connectivity/mosquitto/mosquitto/mosquitto.init index 7b3e634..21bffe6 100755 --- a/recipes-connectivity/mosquitto/mosquitto/mosquitto.init +++ b/recipes-connectivity/mosquitto/mosquitto/mosquitto.init @@ -1,53 +1,96 @@ -#!/bin/sh -# -# mosquitto Starts and stops Mosquitto -# mosquitto (MQTT 3.5 broker) -# -# chkconfig: - 58 74 -# description: mosquitto is a MQTT 3.5 broker. \ -# http://mosquitto.org/ +#! /bin/sh + +# Based on the Debian initscript for mosquitto ### BEGIN INIT INFO -# Provides: mosquitto -# Required-Start: $network $local_fs -# Required-Stop: $network $local_fs -# Should-Start: $syslog $named -# Should-Stop: $syslog $named -# Short-Description: start and stop mosquitto -# Description: mosquitto is a MQTT 3.5 broker. +# Provides: mosquitto +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: mosquitto MQTT message broker +# Description: +# This is a message broker that supports version 3.1/3.1.1 of the MQ Telemetry +# Transport (MQTT) protocol. +# +# MQTT provides a method of carrying out messaging using a publish/subscribe +# model. It is lightweight, both in terms of bandwidth usage and ease of +# implementation. This makes it particularly useful at the edge of the network +# where a sensor or other simple device may be implemented using an arduino for +# example. ### END INIT INFO -PIDFILE=/var/run/mosquitto.pid -DAEMON=/usr/sbin/mosquitto +## mlinux ENABLED="yes" [ -f /etc/default/mosquitto ] && . /etc/default/mosquitto +[ "$ENABLED" = "yes" ] || exit +## mlinux -start() { - echo "Starting Mosquitto..." - start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON -- -d -c /etc/mosquitto/mosquitto.conf -} +set -e -stop() { - echo "Stopping Mosquitto..." - start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE -} +PIDFILE=@LOCALSTATEDIR@/run/mosquitto.pid +DAEMON=@SBINDIR@/mosquitto -[ "$ENABLED" = "yes" ] || exit +# start and stop the mosquitto MQTT message broker + +test -x ${DAEMON} || exit 0 + +umask 022 + +. @SYSCONFDIR@/init.d/functions + +export PATH="${PATH:+$PATH:}@SBINDIR@:@BASE_SBINDIR@" case "$1" in - start) - start + start) + echo "Starting Mosquitto message broker" "mosquitto" + if start-stop-daemon --start --quiet --oknodo --background --make-pidfile --pidfile ${PIDFILE} --exec ${DAEMON} -- -c @SYSCONFDIR@/mosquitto/mosquitto.conf ; then + exit 0 + else + exit 1 + fi ;; - stop) - stop + stop) + echo "Stopping Mosquitto message broker" "mosquitto" + if start-stop-daemon --stop --quiet --oknodo --pidfile ${PIDFILE}; then + rm -f ${PIDFILE} + exit 0 + else + exit 1 + fi ;; - restart) - stop - start + + + reload|force-reload) + if [ -f ${PIDFILE} ] ; then + echo "Reloading configuration for mosquitto" + pid=`cat ${PIDFILE}` + kill -HUP $pid + else + echo "mosquitto does not seem to be running" + fi + ;; + + restart) + echo "Restarting Mosquitto message broker" "mosquitto" + if start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile ${PIDFILE}; then + rm -f ${PIDFILE} + fi + if start-stop-daemon --start --quiet --oknodo --background --make-pidfile --pidfile ${PIDFILE} --exec ${DAEMON} -- -c @SYSCONFDIR@/mosquitto/mosquitto.conf ; then + exit 0 + else + exit 1 + fi ;; - *) - echo $"Usage: $0 {start|stop|restart}" - exit 2 + + status) + status ${DAEMON} && exit 0 || exit $? + ;; + + *) + echo "Usage: $0 {start|stop|reload|force-reload|restart|status}" + exit 1 esac +exit 0 diff --git a/recipes-connectivity/mosquitto/mosquitto/nostrip.patch b/recipes-connectivity/mosquitto/mosquitto/nostrip.patch deleted file mode 100644 index b36be35..0000000 --- a/recipes-connectivity/mosquitto/mosquitto/nostrip.patch +++ /dev/null @@ -1,58 +0,0 @@ -Index: mosquitto-1.4/client/Makefile -=================================================================== ---- mosquitto-1.4.orig/client/Makefile 2015-02-17 19:44:09.000000000 -0600 -+++ mosquitto-1.4/client/Makefile 2015-03-25 11:34:01.388614891 -0500 -@@ -24,8 +24,8 @@ - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/bin -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto_pub ${DESTDIR}${prefix}/bin/mosquitto_pub -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto_sub ${DESTDIR}${prefix}/bin/mosquitto_sub -+ $(INSTALL) mosquitto_pub ${DESTDIR}${prefix}/bin/mosquitto_pub -+ $(INSTALL) mosquitto_sub ${DESTDIR}${prefix}/bin/mosquitto_sub - - uninstall : - -rm -f ${DESTDIR}${prefix}/bin/mosquitto_pub -Index: mosquitto-1.4/lib/Makefile -=================================================================== ---- mosquitto-1.4.orig/lib/Makefile 2015-02-17 19:44:09.000000000 -0600 -+++ mosquitto-1.4/lib/Makefile 2015-03-25 11:34:01.388614891 -0500 -@@ -25,7 +25,7 @@ - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/ -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} libmosquitto.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION} -+ $(INSTALL) libmosquitto.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION} - ln -sf libmosquitto.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so - $(INSTALL) -d ${DESTDIR}${prefix}/include/ - $(INSTALL) mosquitto.h ${DESTDIR}${prefix}/include/mosquitto.h -Index: mosquitto-1.4/src/Makefile -=================================================================== ---- mosquitto-1.4.orig/src/Makefile 2015-02-17 19:44:09.000000000 -0600 -+++ mosquitto-1.4/src/Makefile 2015-03-25 11:34:01.388614891 -0500 -@@ -103,10 +103,10 @@ - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/sbin -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto ${DESTDIR}${prefix}/sbin/mosquitto -+ $(INSTALL) mosquitto ${DESTDIR}${prefix}/sbin/mosquitto - $(INSTALL) mosquitto_plugin.h ${DESTDIR}${prefix}/include/mosquitto_plugin.h - ifeq ($(WITH_TLS),yes) -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto_passwd ${DESTDIR}${prefix}/bin/mosquitto_passwd -+ $(INSTALL) mosquitto_passwd ${DESTDIR}${prefix}/bin/mosquitto_passwd - endif - - uninstall : -Index: mosquitto-1.4/lib/cpp/Makefile -=================================================================== ---- mosquitto-1.4.orig/lib/cpp/Makefile 2015-02-17 19:44:09.000000000 -0600 -+++ mosquitto-1.4/lib/cpp/Makefile 2015-03-25 11:34:25.984217051 -0500 -@@ -10,7 +10,7 @@ - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/ -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} libmosquittopp.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so.${SOVERSION} -+ $(INSTALL) libmosquittopp.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so.${SOVERSION} - ln -sf libmosquittopp.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so - $(INSTALL) -d ${DESTDIR}${prefix}/include/ - $(INSTALL) mosquittopp.h ${DESTDIR}${prefix}/include/mosquittopp.h diff --git a/recipes-connectivity/mosquitto/mosquitto_1.5.1.bb b/recipes-connectivity/mosquitto/mosquitto_1.5.1.bb deleted file mode 100644 index 947dcdf..0000000 --- a/recipes-connectivity/mosquitto/mosquitto_1.5.1.bb +++ /dev/null @@ -1,81 +0,0 @@ -# This recipe was a merger of the Multitech Daisy 3.5 Recipe with the -# reciped found at: -# http://git.yoctoproject.org/cgit/cgit.cgi/meta-intel-iot-middleware/plain/recipes-connectivity/mosquitto/mosquitto_1.4.10.bb -inherit autotools-brokensep -SUMMARY = "Open source MQTT v3.5 implemention" -DESCRIPTION = "Mosquitto is an open source (BSD licensed) message broker that implements the MQ Telemetry Transport protocol version 3.5. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. " -HOMEPAGE = "http://mosquitto.org/" -SECTION = "console/network" -LICENSE = "EPL-1.0 & EDL-1.0" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=62ddc846179e908dc0c8efec4a42ef20" - -# util-linux is needed to provide libuuid dependancy -DEPENDS = "c-ares openssl util-linux" - -PR = "r3" - -SRC_URI = "http://mosquitto.org/files/source/${PN}-${PV}.tar.gz \ - file://mosquitto.init \ - file://mosquitto.conf \ - file://mosquitto.default \ - file://mosquitto.logrotate.conf \ - file://config_mk.patch \ - " -SRC_URI[md5sum] = "f98c99998a36a234f3a9d9b402b991db" -SRC_URI[sha256sum] = "8557bc7ae34dfaf32a0fb56d2491b7a7f731269c88337227233013502df4d5b0" - -export LIB_SUFFIX="${@d.getVar('baselib', True).replace('lib', '')}" -inherit autotools update-rc.d - -INITSCRIPT_NAME = "mosquitto" -INITSCRIPT_PARAMS = "defaults 70 30" -do_compile() { - WITH_STATIC_LIBRARIES=1 oe_runmake PREFIX=/usr WITH_STATIC_LIBRARIES=1 -} -do_install() { - # oe_runmake DESTDIR=${D} prefix=/usr install - oe_runmake install DESTDIR=${D} - install -m 0755 -d ${D}/usr/lib - install -m 0644 lib/libmosquitto.a ${D}${libdir}/ - - install -d ${D}${sysconfdir}/init.d - install -d ${D}${sysconfdir}/default - install -m 0755 ${WORKDIR}/mosquitto.init ${D}${sysconfdir}/init.d/mosquitto - install -m 0644 ${WORKDIR}/mosquitto.conf ${D}${sysconfdir}/mosquitto/ - install -m 0644 ${WORKDIR}/mosquitto.default ${D}${sysconfdir}/default/mosquitto - - install -d ${D}${sysconfdir}/logrotate.d - install -m 0644 ${WORKDIR}/mosquitto.logrotate.conf ${D}${sysconfdir}/logrotate.d/mosquitto.conf -} - -do_rm_work() { - echo "skipping" -} - - -PACKAGES += "libmosquitto1 libmosquittopp1 ${PN}-clients ${PN}-python" - -CONFFILES_${PN} = "${sysconfdir}/mosquitto.conf ${sysconfdir}/default/mosquitto" -FILES_${PN} = "${sbindir}/mosquitto \ - ${bindir}/mosquitto_passwd \ - ${sysconfdir}/mosquitto \ - ${systemd_unitdir}/system/mosquitto.service \ - ${sysconfdir}/ \ -" - -FILES_libmosquitto1 = "${libdir}/libmosquitto.so.1" - -FILES_libmosquittopp1 = "${libdir}/libmosquittopp.so.1" - -FILES_${PN}-clients = "${bindir}/mosquitto_pub \ - ${bindir}/mosquitto_sub \ -" - -FILES_${PN}-staticdev += "${libdir}/libmosquitto.a" - -FILES_${PN}-python = "/usr/lib/python2.7/site-packages" - -inherit systemd - -SYSTEMD_SERVICE_${PN} = "mosquitto.service" - diff --git a/recipes-connectivity/mosquitto/mosquitto_1.6.10.bbappend b/recipes-connectivity/mosquitto/mosquitto_1.6.10.bbappend new file mode 100644 index 0000000..a03e26e --- /dev/null +++ b/recipes-connectivity/mosquitto/mosquitto_1.6.10.bbappend @@ -0,0 +1,36 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://mosquitto.conf \ + file://mosquitto.default \ + file://mosquitto.logrotate.conf \ + " +RDEPENDS_${PN} += "logrotate" + +INITSCRIPT_PARAMS = "defaults 70 30" + +EXTRA_OECMAKE += " -DWITH_STATIC_LIBRARIES=ON" + +do_install_append() { + install -d ${D}${sysconfdir}/mosquitto + install -m 0644 ${WORKDIR}/mosquitto.conf ${D}${sysconfdir}/mosquitto/ + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/mosquitto.default ${D}${sysconfdir}/default/mosquitto + + install -d ${D}${sysconfdir}/logrotate.d + install -m 0644 ${WORKDIR}/mosquitto.logrotate.conf ${D}${sysconfdir}/logrotate.d/mosquitto.conf +} + + + +PACKAGES += "${PN}-python" + +CONFFILES_${PN} = "${sysconfdir}/mosquitto.conf ${sysconfdir}/default/mosquitto" + +FILES_${PN} += "${sysconfdir}/default \ + ${sysconfdir}/logrotate.d \ + " + +FILES_${PN}-staticdev += "${libdir}/libmosquitto.a" + +FILES_${PN}-python = "/usr/lib/python2.7/site-packages"
\ No newline at end of file diff --git a/recipes-connectivity/openssh/openssh/ssh.default b/recipes-connectivity/openssh/openssh-mlinux/ssh.default index d5c0507..d5c0507 100644 --- a/recipes-connectivity/openssh/openssh/ssh.default +++ b/recipes-connectivity/openssh/openssh-mlinux/ssh.default diff --git a/recipes-connectivity/openssh/openssh-mlinux/sshd b/recipes-connectivity/openssh/openssh-mlinux/sshd new file mode 100644 index 0000000..182650b --- /dev/null +++ b/recipes-connectivity/openssh/openssh-mlinux/sshd @@ -0,0 +1,11 @@ +#%PAM-1.0 + +auth include common-auth +account required pam_nologin.so +account include common-account +password include common-password +session optional pam_keyinit.so force revoke +session optional pam_radauth.so +session include common-session +session required pam_loginuid.so + diff --git a/recipes-connectivity/openssh/openssh-mlinux/sshd_check_keys b/recipes-connectivity/openssh/openssh-mlinux/sshd_check_keys new file mode 100644 index 0000000..4af8d5c --- /dev/null +++ b/recipes-connectivity/openssh/openssh-mlinux/sshd_check_keys @@ -0,0 +1,82 @@ +#! /bin/sh + +generate_key() { + local FILE=$1 + local TYPE=$2 + local DIR="$(dirname "$FILE")" + + mkdir -p "$DIR" + ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE + + # Atomically rename file public key + mv -f "${FILE}.tmp.pub" "${FILE}.pub" + + # This sync does double duty: Ensuring that the data in the temporary + # private key file is on disk before the rename, and ensuring that the + # public key rename is completed before the private key rename, since we + # switch on the existence of the private key to trigger key generation. + # This does mean it is possible for the public key to exist, but be garbage + # but this is OK because in that case the private key won't exist and the + # keys will be regenerated. + # + # In the event that sync understands arguments that limit what it tries to + # fsync(), we provided them. If it does not, it will simply call sync() + # which is just as well + sync "${FILE}.pub" "$DIR" "${FILE}.tmp" + + mv "${FILE}.tmp" "$FILE" + + # sync to ensure the atomic rename is committed + sync "$DIR" +} + +# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS +if test -f /etc/default/ssh; then + . /etc/default/ssh +fi + +[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh +mkdir -p $SYSCONFDIR + +# parse sshd options +set -- ${SSHD_OPTS} -- +sshd_config=/etc/ssh/sshd_config +while true ; do + case "$1" in + -f*) if [ "$1" = "-f" ] ; then + sshd_config="$2" + shift + else + sshd_config="${1#-f}" + fi + shift + ;; + --) shift; break;; + *) shift;; + esac +done + +HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") +[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_dsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" + +for key in ${HOST_KEYS} ; do + [ -f $key ] && continue + case $key in + *_rsa_key) + echo " generating ssh RSA host key..." + generate_key $key rsa + ;; + *_dsa_key) + echo " generating ssh DSA host key..." + generate_key $key dsa + ;; + *_ecdsa_key) + echo " generating ssh ECDSA host key..." + generate_key $key ecdsa + ;; + *_ed25519_key) + echo " generating ssh ED25519 host key..." + generate_key $key ed25519 + ;; + esac +done diff --git a/recipes-connectivity/openssh/openssh-mlinux/sshd_config b/recipes-connectivity/openssh/openssh-mlinux/sshd_config new file mode 100644 index 0000000..7e9da84 --- /dev/null +++ b/recipes-connectivity/openssh/openssh-mlinux/sshd_config @@ -0,0 +1,122 @@ +# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + + +# The default requires explicit activation of protocol 1 +Protocol 2 + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#PermitUserEnvironment no +Compression no +ClientAliveInterval 15 +ClientAliveCountMax 4 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/recipes-connectivity/openssh/openssh/0f90440ca70abab947acbd77795e9f130967956c.patch b/recipes-connectivity/openssh/openssh/0f90440ca70abab947acbd77795e9f130967956c.patch new file mode 100644 index 0000000..b88bc18 --- /dev/null +++ b/recipes-connectivity/openssh/openssh/0f90440ca70abab947acbd77795e9f130967956c.patch @@ -0,0 +1,28 @@ +From 0f90440ca70abab947acbd77795e9f130967956c Mon Sep 17 00:00:00 2001 +From: Darren Tucker <dtucker@dtucker.net> +Date: Fri, 20 Nov 2020 13:37:54 +1100 +Subject: [PATCH] Add new pselect6_time64 syscall on ARM. + +This is apparently needed on armhfp/armv7hl. bz#3232, patch from +jjelen at redhat.com. +--- + sandbox-seccomp-filter.c | 3 +++ + 1 file changed, 3 insertions(+) + +Upstream-Status: Backport +[fixes issues on 32bit IA and probably other 32 bit platforms too with glibc 2.33] + +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index e0768c063..5065ae7ef 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = { + #ifdef __NR_pselect6 + SC_ALLOW(__NR_pselect6), + #endif ++#ifdef __NR_pselect6_time64 ++ SC_ALLOW(__NR_pselect6_time64), ++#endif + #ifdef __NR_read + SC_ALLOW(__NR_read), + #endif diff --git a/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch new file mode 100644 index 0000000..b8402a4 --- /dev/null +++ b/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch @@ -0,0 +1,47 @@ +Adjust test cases to work with busybox. + +- Replace dd parameter "obs" with "bs". +- Replace "head -<num>" with "head -n <num>". + +Signed-off-by: Maxin B. John <maxin.john@enea.com> +Upstream-Status: Pending + +Index: openssh-7.6p1/regress/cipher-speed.sh +=================================================================== +--- openssh-7.6p1.orig/regress/cipher-speed.sh ++++ openssh-7.6p1/regress/cipher-speed.sh +@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for + printf "%-60s" "$c/$m:" + ( ${SSH} -o 'compression no' \ + -F $OBJ/ssh_proxy -m $m -c $c somehost \ +- exec sh -c \'"dd of=/dev/null obs=32k"\' \ ++ exec sh -c \'"dd of=/dev/null bs=32k"\' \ + < ${DATA} ) 2>&1 | getbytes + + if [ $? -ne 0 ]; then +Index: openssh-7.6p1/regress/transfer.sh +=================================================================== +--- openssh-7.6p1.orig/regress/transfer.sh ++++ openssh-7.6p1/regress/transfer.sh +@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY} || fail "corrupted + for s in 10 100 1k 32k 64k 128k 256k; do + trace "dd-size ${s}" + rm -f ${COPY} +- dd if=$DATA obs=${s} 2> /dev/null | \ ++ dd if=$DATA bs=${s} 2> /dev/null | \ + ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}" + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" +Index: openssh-7.6p1/regress/key-options.sh +=================================================================== +--- openssh-7.6p1.orig/regress/key-options.sh ++++ openssh-7.6p1/regress/key-options.sh +@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do + fi + + sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys +- from=`head -1 $authkeys | cut -f1 -d ' '` ++ from=`head -n 1 $authkeys | cut -f1 -d ' '` + verbose "key option $from" + r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'` + if [ "$r" = "true" ]; then diff --git a/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch index 7e043a2..20036da 100644 --- a/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch +++ b/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch @@ -11,14 +11,17 @@ would lead to program abort. Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> + +Complete the fix +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- - openbsd-compat/strlcat.c | 8 ++++++-- - openbsd-compat/strlcpy.c | 8 ++++++-- - openbsd-compat/strnlen.c | 8 ++++++-- - 3 files changed, 18 insertions(+), 6 deletions(-) + openbsd-compat/strlcat.c | 10 +++++++--- + openbsd-compat/strlcpy.c | 8 ++++++-- + openbsd-compat/strnlen.c | 8 ++++++-- + 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c -index bcc1b61..e758ebf 100644 +index bcc1b61..124e1e3 100644 --- a/openbsd-compat/strlcat.c +++ b/openbsd-compat/strlcat.c @@ -23,6 +23,7 @@ @@ -29,6 +32,15 @@ index bcc1b61..e758ebf 100644 /* * Appends src to string dst of size siz (unlike strncat, siz is the +@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz) + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; +- dlen = d - dst; ++ dlen = (uintptr_t)d - (uintptr_t)dst; + n = siz - dlen; + + if (n == 0) @@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz) s++; } @@ -70,7 +82,7 @@ index b4b1b60..b06f374 100644 #endif /* !HAVE_STRLCPY */ diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c -index 93d5155..9b8de5d 100644 +index 7ad3573..7040f1f 100644 --- a/openbsd-compat/strnlen.c +++ b/openbsd-compat/strnlen.c @@ -23,6 +23,7 @@ @@ -95,5 +107,5 @@ index 93d5155..9b8de5d 100644 } #endif -- -1.9.1 +2.17.1 diff --git a/recipes-connectivity/openssh/openssh/init b/recipes-connectivity/openssh/openssh/init index 386628a..8887e3a 100644 --- a/recipes-connectivity/openssh/openssh/init +++ b/recipes-connectivity/openssh/openssh/init @@ -19,25 +19,6 @@ fi [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh mkdir -p $SYSCONFDIR -parse_sshd_opts() { - set -- ${SSHD_OPTS} -- - sshd_config=/etc/ssh/sshd_config - while true ; do - case "$1" in - -f*) if [ "$1" = "-f" ] ; then - sshd_config="$2" - shift - else - sshd_config="${1#-f}" - fi - shift - ;; - --) shift; break;; - *) shift;; - esac - done -} - check_for_no_start() { # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then @@ -55,51 +36,7 @@ check_privsep_dir() { } check_config() { - /usr/sbin/sshd -t $SSHD_OPTS || exit 1 -} - -check_keys() { - # parse location of keys - local HOST_KEY_RSA - local HOST_KEY_DSA - local HOST_KEY_ECDSA - local HOST_KEY_ED25519 - - parse_sshd_opts - HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key - HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key - HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key - HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') - [ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key - - # create keys if necessary - if [ ! -f $HOST_KEY_RSA ]; then - echo " generating ssh RSA key..." - mkdir -p $(dirname $HOST_KEY_RSA) - ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa - fi - if [ ! -f $HOST_KEY_ECDSA ]; then - echo " generating ssh ECDSA key..." - mkdir -p $(dirname $HOST_KEY_ECDSA) - ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa - fi - if [ ! -f $HOST_KEY_DSA ]; then - echo " generating ssh DSA key..." - mkdir -p $(dirname $HOST_KEY_DSA) - ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa - fi - if [ ! -f $HOST_KEY_ED25519 ]; then - echo " generating ssh ED25519 key..." - mkdir -p $(dirname $HOST_KEY_ED25519) - ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519 - fi + /usr/sbin/sshd $SSHD_OPTS -t || exit 1 } export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" @@ -108,30 +45,30 @@ case "$1" in start) check_for_no_start echo "Starting OpenBSD Secure Shell server: sshd" - check_keys + @LIBEXECDIR@/sshd_check_keys check_privsep_dir start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS - echo "done." + echo "done." ;; stop) - echo -n "Stopping OpenBSD Secure Shell server: sshd" + echo -n "Stopping OpenBSD Secure Shell server: sshd" start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd - echo "." + echo "." ;; reload|force-reload) check_for_no_start - check_keys + @LIBEXECDIR@/sshd_check_keys check_config - echo -n "Reloading OpenBSD Secure Shell server's configuration" + echo -n "Reloading OpenBSD Secure Shell server's configuration" start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd echo "." ;; restart) - check_keys + @LIBEXECDIR@/sshd_check_keys check_config - echo -n "Restarting OpenBSD Secure Shell server: sshd" + echo -n "Restarting OpenBSD Secure Shell server: sshd" start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd check_for_no_start check_privsep_dir diff --git a/recipes-connectivity/openssh/openssh/openssh-8.1p1-add-test-support-for-busybox.patch b/recipes-connectivity/openssh/openssh/openssh-8.1p1-add-test-support-for-busybox.patch deleted file mode 100644 index d6fbd3b..0000000 --- a/recipes-connectivity/openssh/openssh/openssh-8.1p1-add-test-support-for-busybox.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -ruN a/regress/cipher-speed.sh b/regress/cipher-speed.sh ---- a/regress/cipher-speed.sh 2019-12-03 13:16:36.091896387 -0600 -+++ b/regress/cipher-speed.sh 2019-12-03 13:28:29.726275955 -0600 -@@ -17,7 +17,7 @@ - printf "%-60s" "$c/$m:" - ( ${SSH} -o 'compression no' \ - -F $OBJ/ssh_proxy -m $m -c $c somehost \ -- exec sh -c \'"dd of=/dev/null obs=32k"\' \ -+ exec sh -c \'"dd of=/dev/null bs=32k"\' \ - < ${DATA} ) 2>&1 | getbytes - - if [ $? -ne 0 ]; then -diff -ruN a/regress/key-options.sh b/regress/key-options.sh ---- a/regress/key-options.sh 2019-12-03 13:24:44.164243780 -0600 -+++ b/regress/key-options.sh 2019-12-03 13:33:14.447235791 -0600 -@@ -84,7 +84,7 @@ - fi - - sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys -- from=`head -1 $authkeys | cut -f1 -d ' '` -+ from=`head -n 1 $authkeys | cut -f1 -d ' '` - verbose "key option $from" - r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'` - if [ "$r" = "true" ]; then -diff -ruN a/regress/transfer.sh b/regress/transfer.sh ---- a/regress/transfer.sh 2019-12-03 13:16:58.342857354 -0600 -+++ b/regress/transfer.sh 2019-12-03 13:29:08.733267753 -0600 -@@ -13,7 +13,7 @@ - for s in 10 100 1k 32k 64k 128k 256k; do - trace "dd-size ${s}" - rm -f ${COPY} -- dd if=$DATA obs=${s} 2> /dev/null | \ -+ dd if=$DATA bs=${s} 2> /dev/null | \ - ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}" - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" -diff -ruN a/regress/yes-head.sh b/regress/yes-head.sh ---- a/regress/yes-head.sh 2019-12-03 13:17:11.682259074 -0600 -+++ b/regress/yes-head.sh 2019-12-03 13:32:47.699869866 -0600 -@@ -3,7 +3,7 @@ - - tid="yes pipe head" - --lines=`${SSH} -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` -+lines=`${SSH} -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)` - if [ $? -ne 0 ]; then - fail "yes|head test failed" - lines = 0; diff --git a/recipes-connectivity/openssh/openssh/openssh-8.1p1-conditional-compile-des-in-cipher.patch b/recipes-connectivity/openssh/openssh/openssh-8.1p1-conditional-compile-des-in-cipher.patch deleted file mode 100644 index 507026c..0000000 --- a/recipes-connectivity/openssh/openssh/openssh-8.1p1-conditional-compile-des-in-cipher.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/cipher.c 2019-12-03 12:46:22.282290586 -0600 -+++ b/cipher.c 2019-12-03 12:45:19.273805437 -0600 -@@ -158,8 +158,10 @@ - u_int - cipher_seclen(const struct sshcipher *c) - { -+#ifndef OPENSSL_NO_DES - if (strcmp("3des-cbc", c->name) == 0) - return 14; -+#endif - return cipher_keylen(c); - } - diff --git a/recipes-connectivity/openssh/openssh/openssh-8.1p1-conditional-compile-des-in-pkcs11.patch b/recipes-connectivity/openssh/openssh/openssh-8.1p1-conditional-compile-des-in-pkcs11.patch deleted file mode 100644 index 46b60b5..0000000 --- a/recipes-connectivity/openssh/openssh/openssh-8.1p1-conditional-compile-des-in-pkcs11.patch +++ /dev/null @@ -1,52 +0,0 @@ ---- a/pkcs11.h 2019-12-03 12:52:10.920974412 -0600 -+++ b/pkcs11.h 2019-12-03 12:56:56.383171416 -0600 -@@ -342,9 +342,11 @@ - #define CKK_GENERIC_SECRET (0x10) - #define CKK_RC2 (0x11) - #define CKK_RC4 (0x12) -+#ifndef OPENSSL_NO_DES - #define CKK_DES (0x13) - #define CKK_DES2 (0x14) - #define CKK_DES3 (0x15) -+#endif /* OPENSSL_NO_DES */ - #define CKK_CAST (0x16) - #define CKK_CAST3 (0x17) - #define CKK_CAST128 (0x18) -@@ -512,6 +514,7 @@ - #define CKM_RC2_CBC_PAD (0x105) - #define CKM_RC4_KEY_GEN (0x110) - #define CKM_RC4 (0x111) -+#ifndef OPENSSL_NO_DES - #define CKM_DES_KEY_GEN (0x120) - #define CKM_DES_ECB (0x121) - #define CKM_DES_CBC (0x122) -@@ -525,6 +528,7 @@ - #define CKM_DES3_MAC (0x134) - #define CKM_DES3_MAC_GENERAL (0x135) - #define CKM_DES3_CBC_PAD (0x136) -+#endif /* OPENSSL_NO_DES */ - #define CKM_CDMF_KEY_GEN (0x140) - #define CKM_CDMF_ECB (0x141) - #define CKM_CDMF_CBC (0x142) -@@ -610,8 +614,10 @@ - #define CKM_MD5_KEY_DERIVATION (0x390) - #define CKM_MD2_KEY_DERIVATION (0x391) - #define CKM_SHA1_KEY_DERIVATION (0x392) -+#ifndef OPENSSL_NO_DES - #define CKM_PBE_MD2_DES_CBC (0x3a0) - #define CKM_PBE_MD5_DES_CBC (0x3a1) -+#endif /* OPENSSL_NO_DES */ - #define CKM_PBE_MD5_CAST_CBC (0x3a2) - #define CKM_PBE_MD5_CAST3_CBC (0x3a3) - #define CKM_PBE_MD5_CAST5_CBC (0x3a4) -@@ -620,8 +626,10 @@ - #define CKM_PBE_SHA1_CAST128_CBC (0x3a5) - #define CKM_PBE_SHA1_RC4_128 (0x3a6) - #define CKM_PBE_SHA1_RC4_40 (0x3a7) -+#ifndef OPENSSL_NO_DES - #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) - #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) -+#endif /* OPENSSL_NO_DES */ - #define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) - #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) - #define CKM_PKCS5_PBKD2 (0x3b0) diff --git a/recipes-connectivity/openssh/openssh/run-ptest b/recipes-connectivity/openssh/openssh/run-ptest index 36a3d2a..ae03e92 100755 --- a/recipes-connectivity/openssh/openssh/run-ptest +++ b/recipes-connectivity/openssh/openssh/run-ptest @@ -1,11 +1,12 @@ #!/bin/sh export TEST_SHELL=sh +export SKIP_UNIT=1 cd regress sed -i "/\t\tagent-ptrace /d" Makefile make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ - | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' + | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' SSHAGENT=`which ssh-agent` GDB=`which gdb` diff --git a/recipes-connectivity/openssh/openssh/ssh_config b/recipes-connectivity/openssh/openssh/ssh_config index 9e91915..e0d0238 100644 --- a/recipes-connectivity/openssh/openssh/ssh_config +++ b/recipes-connectivity/openssh/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ +# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -31,14 +31,14 @@ Host * # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_ecdsa +# IdentityFile ~/.ssh/id_ed25519 # Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# Protocol 2 +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any diff --git a/recipes-connectivity/openssh/openssh/sshd b/recipes-connectivity/openssh/openssh/sshd index 182650b..4882e58 100644 --- a/recipes-connectivity/openssh/openssh/sshd +++ b/recipes-connectivity/openssh/openssh/sshd @@ -5,7 +5,6 @@ account required pam_nologin.so account include common-account password include common-password session optional pam_keyinit.so force revoke -session optional pam_radauth.so session include common-session session required pam_loginuid.so diff --git a/recipes-connectivity/openssh/openssh/sshd.socket b/recipes-connectivity/openssh/openssh/sshd.socket index 12c39b2..8d76d62 100644 --- a/recipes-connectivity/openssh/openssh/sshd.socket +++ b/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,5 +1,6 @@ [Unit] Conflicts=sshd.service +Wants=sshdgenkeys.service [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd diff --git a/recipes-connectivity/openssh/openssh/sshd@.service b/recipes-connectivity/openssh/openssh/sshd@.service index 9d83dfb..9d9965e 100644 --- a/recipes-connectivity/openssh/openssh/sshd@.service +++ b/recipes-connectivity/openssh/openssh/sshd@.service @@ -1,13 +1,10 @@ [Unit] Description=OpenSSH Per-Connection Daemon -Wants=sshdgenkeys.service After=sshdgenkeys.service [Service] Environment="SSHD_OPTS=" EnvironmentFile=-/etc/default/ssh ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID StandardInput=socket -StandardError=syslog KillMode=process diff --git a/recipes-connectivity/openssh/openssh/sshd_check_keys b/recipes-connectivity/openssh/openssh/sshd_check_keys new file mode 100644 index 0000000..1931dc7 --- /dev/null +++ b/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -0,0 +1,78 @@ +#! /bin/sh + +generate_key() { + local FILE=$1 + local TYPE=$2 + local DIR="$(dirname "$FILE")" + + mkdir -p "$DIR" + ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE + + # Atomically rename file public key + mv -f "${FILE}.tmp.pub" "${FILE}.pub" + + # This sync does double duty: Ensuring that the data in the temporary + # private key file is on disk before the rename, and ensuring that the + # public key rename is completed before the private key rename, since we + # switch on the existence of the private key to trigger key generation. + # This does mean it is possible for the public key to exist, but be garbage + # but this is OK because in that case the private key won't exist and the + # keys will be regenerated. + # + # In the event that sync understands arguments that limit what it tries to + # fsync(), we provided them. If it does not, it will simply call sync() + # which is just as well + sync "${FILE}.pub" "$DIR" "${FILE}.tmp" + + mv "${FILE}.tmp" "$FILE" + + # sync to ensure the atomic rename is committed + sync "$DIR" +} + +# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS +if test -f /etc/default/ssh; then + . /etc/default/ssh +fi + +[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh +mkdir -p $SYSCONFDIR + +# parse sshd options +set -- ${SSHD_OPTS} -- +sshd_config=/etc/ssh/sshd_config +while true ; do + case "$1" in + -f*) if [ "$1" = "-f" ] ; then + sshd_config="$2" + shift + else + sshd_config="${1#-f}" + fi + shift + ;; + --) shift; break;; + *) shift;; + esac +done + +HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") +[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" + +for key in ${HOST_KEYS} ; do + [ -f $key ] && continue + case $key in + *_rsa_key) + echo " generating ssh RSA host key..." + generate_key $key rsa + ;; + *_ecdsa_key) + echo " generating ssh ECDSA host key..." + generate_key $key ecdsa + ;; + *_ed25519_key) + echo " generating ssh ED25519 host key..." + generate_key $key ed25519 + ;; + esac +done diff --git a/recipes-connectivity/openssh/openssh/sshd_config b/recipes-connectivity/openssh/openssh/sshd_config index 31fe5d9..15f061b 100644 --- a/recipes-connectivity/openssh/openssh/sshd_config +++ b/recipes-connectivity/openssh/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -15,43 +15,30 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes +#PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none @@ -59,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes @@ -72,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to no to disable s/key passwords +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options @@ -111,7 +97,7 @@ ChallengeResponseAuthentication no Compression no ClientAliveInterval 15 ClientAliveCountMax 4 -#UseDNS yes +#UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no diff --git a/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/recipes-connectivity/openssh/openssh/sshdgenkeys.service index 148e6ad..fd81793 100644 --- a/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -1,22 +1,9 @@ [Unit] Description=OpenSSH Key Generation RequiresMountsFor=/var /run -ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key -ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key -ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key -ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key -ConditionPathExists=!/etc/ssh/ssh_host_rsa_key -ConditionPathExists=!/etc/ssh/ssh_host_dsa_key -ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key -ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key [Service] -Environment="SYSCONFDIR=/etc/ssh" -EnvironmentFile=-/etc/default/ssh -ExecStart=@BASE_BINDIR@/mkdir -p $SYSCONFDIR -ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' -t rsa -ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -t dsa -ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' -t ecdsa -ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ed25519_key -N '' -t ed25519 +ExecStart=@LIBEXECDIR@/sshd_check_keys Type=oneshot RemainAfterExit=yes +Nice=10 diff --git a/recipes-connectivity/openssh/openssh_8.1p1.bb b/recipes-connectivity/openssh/openssh_8.4p1.bb index 5bfd8e3..128e2e3 100644 --- a/recipes-connectivity/openssh/openssh_8.1p1.bb +++ b/recipes-connectivity/openssh/openssh_8.4p1.bb @@ -5,10 +5,10 @@ Ssh (Secure Shell) is a program for logging into a remote machine \ and for executing commands on a remote machine." HOMEPAGE = "http://www.openssh.com/" SECTION = "console/network" -LICENSE = "BSD" +LICENSE = "BSD & ISC & MIT" LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" -DEPENDS = "zlib openssl" +DEPENDS = "zlib openssl virtual/crypt" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ @@ -20,19 +20,21 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd@.service \ file://sshdgenkeys.service \ file://volatiles.99_sshd \ - file://openssh-8.1p1-add-test-support-for-busybox.patch \ file://run-ptest \ - file://openssh-8.1p1-conditional-compile-des-in-cipher.patch \ - file://openssh-8.1p1-conditional-compile-des-in-pkcs11.patch \ file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ + file://sshd_check_keys \ + file://add-test-support-for-busybox.patch \ + file://0f90440ca70abab947acbd77795e9f130967956c.patch \ " +SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24" -PAM_SRC_URI = "file://sshd" +# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 +# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded +CVE_CHECK_WHITELIST += "CVE-2014-9278" -SRC_URI[md5sum] = "513694343631a99841e815306806edf0" -SRC_URI[sha256sum] = "02f5dbef3835d0753556f973cd57b4c19b6b1f6cd24c03445e23ac77ca1b93ff" +PAM_SRC_URI = "file://sshd" -inherit useradd update-rc.d update-alternatives systemd +inherit manpages useradd update-rc.d update-alternatives systemd USERADD_PACKAGES = "${PN}-sshd" USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" @@ -45,19 +47,30 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest -# LFS support: -CFLAGS += "-D__FILE_OFFSET_BITS=64" +PACKAGECONFIG ??= "rng-tools" +PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" +PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" +PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" +PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" + +# Add RRECOMMENDS to rng-tools for sshd package +PACKAGECONFIG[rng-tools] = "" + +EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ --without-zlib-version-check \ - --with-privsep-path=/var/run/sshd \ + --with-privsep-path=${localstatedir}/run/sshd \ --sysconfdir=${sysconfdir}/ssh \ - --with-xauth=/usr/bin/xauth \ + --with-xauth=${bindir}/xauth \ --disable-strip \ " +# musl doesn't implement wtmp/utmp and logwtmp +EXTRA_OECONF_append_libc-musl = " --disable-wtmp --disable-lastlog" + # Since we do not depend on libbsd, we do not want configure to use it # just because it finds libutil.h. But, specifying --disable-libutil # causes compile errors, so... @@ -73,24 +86,22 @@ do_configure_prepend () { export LD="${CC}" install -m 0644 ${WORKDIR}/sshd_config ${B}/ install -m 0644 ${WORKDIR}/ssh_config ${B}/ - if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then - cp aclocal.m4 acinclude.m4 - fi } do_compile_ptest() { # skip regress/unittests/ binaries: this will silently skip # unittests in run-ptests which is good because they are so slow. - oe_runmake regress/modpipe regress/setuid-allowed regress/netcat + oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ + regress/check-perm regress/mkdtemp } do_install_append () { - if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config fi - if [ "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}" = "x11" ]; then + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config fi @@ -107,7 +118,6 @@ do_install_append () { install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly @@ -118,7 +128,13 @@ do_install_append () { sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ + -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service + + sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${sysconfdir}/init.d/sshd + + install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys } do_install_ptest () { @@ -133,6 +149,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}" FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" FILES_${PN}-sftp = "${bindir}/sftp" FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" @@ -140,14 +157,18 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make" +RRECOMMENDS_${PN}-sshd_append_class-target = "\ + ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ +" + +# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies +RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" RPROVIDES_${PN}-ssh = "ssh" RPROVIDES_${PN}-sshd = "sshd" RCONFLICTS_${PN} = "dropbear" RCONFLICTS_${PN}-sshd = "dropbear" -RCONFLICTS_${PN}-keygen = "ssh-keygen" CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" @@ -156,5 +177,4 @@ ALTERNATIVE_PRIORITY = "90" ALTERNATIVE_${PN}-scp = "scp" ALTERNATIVE_${PN}-ssh = "ssh" -do_rm_work () { -} +BBCLASSEXTEND += "nativesdk" diff --git a/recipes-connectivity/openssh/openssh_%.bbappend b/recipes-connectivity/openssh/openssh_8.4p1.bbappend index 53d3da1..c594fa8 100644 --- a/recipes-connectivity/openssh/openssh_%.bbappend +++ b/recipes-connectivity/openssh/openssh_8.4p1.bbappend @@ -1,6 +1,9 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-mlinux:" -SRC_URI += "file://ssh.default" +SRC_URI += "file://ssh.default \ + file://sshd \ + file://sshd_config \ + file://sshd_check_keys" KEYFILES = "ssh_host_dsa_key \ ssh_host_dsa_key.pub \ @@ -12,7 +15,12 @@ ssh_host_ed25519_key \ ssh_host_ed25519_key.pub \ " +PACKAGECONFIG = "" + do_install_append() { + + echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + install -d ${D}${sysconfdir}/default install -m 644 ${WORKDIR}/ssh.default ${D}${sysconfdir}/default/ssh for f in ${KEYFILES}; do diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch deleted file mode 100644 index a476cf0..0000000 --- a/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001 -From: Joshua DeWeese <jdeweese@hennypenny.com> -Date: Wed, 30 Jan 2019 16:19:47 -0500 -Subject: [PATCH] replace systemd install Alias with WantedBy - -According to the systemd documentation "WantedBy=foo.service in a -service bar.service is mostly equivalent to -Alias=foo.service.wants/bar.service in the same file." However, -this is not really the intended purpose of install Aliases. - -Upstream-Status: Submitted [hostap@lists.infradead.org] - -Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com> ---- - wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +- - wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +- - wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -index 03ac507..da69a87 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service -+WantedBy=multi-user.target -diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -index c8a744d..ca3054b 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service -+WantedBy=multi-user.target -diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -index 7788b38..55d2b9c 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant@%i.service -+WantedBy=multi-user.target --- -2.7.4 - diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant b/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant deleted file mode 100644 index 6ff4dd8..0000000 --- a/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant +++ /dev/null @@ -1 +0,0 @@ -d root root 0700 /var/run/wpa_supplicant none diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig deleted file mode 100644 index f04e398..0000000 --- a/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig +++ /dev/null @@ -1,552 +0,0 @@ -# Example wpa_supplicant build time configuration -# -# This file lists the configuration options that are used when building the -# hostapd binary. All lines starting with # are ignored. Configuration option -# lines must be commented out complete, if they are not to be included, i.e., -# just setting VARIABLE=n is not disabling that variable. -# -# This file is included in Makefile, so variables like CFLAGS and LIBS can also -# be modified from here. In most cases, these lines should use += in order not -# to override previous values of the variables. - - -# Uncomment following two lines and fix the paths if you have installed OpenSSL -# or GnuTLS in non-default location -#CFLAGS += -I/usr/local/openssl/include -#LIBS += -L/usr/local/openssl/lib - -# Some Red Hat versions seem to include kerberos header files from OpenSSL, but -# the kerberos files are not in the default include path. Following line can be -# used to fix build issues on such systems (krb5.h not found). -#CFLAGS += -I/usr/include/kerberos - -# Example configuration for various cross-compilation platforms - -#### sveasoft (e.g., for Linksys WRT54G) ###################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS += -I../src/include -I../../src/router/openssl/include -#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl -############################################################################### - -#### openwrt (e.g., for Linksys WRT54G) ####################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ -# -I../WRT54GS/release/src/include -#LIBS = -lssl -############################################################################### - - -# Driver interface for Host AP driver -CONFIG_DRIVER_HOSTAP=y - -# Driver interface for Agere driver -#CONFIG_DRIVER_HERMES=y -# Change include directories to match with the local setup -#CFLAGS += -I../../hcf -I../../include -I../../include/hcf -#CFLAGS += -I../../include/wireless - -# Driver interface for madwifi driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_MADWIFI=y -# Set include directory to the madwifi source tree -#CFLAGS += -I../../madwifi - -# Driver interface for ndiswrapper -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_NDISWRAPPER=y - -# Driver interface for Atmel driver -# CONFIG_DRIVER_ATMEL=y - -# Driver interface for old Broadcom driver -# Please note that the newer Broadcom driver ("hybrid Linux driver") supports -# Linux wireless extensions and does not need (or even work) with the old -# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. -#CONFIG_DRIVER_BROADCOM=y -# Example path for wlioctl.h; change to match your configuration -#CFLAGS += -I/opt/WRT54GS/release/src/include - -# Driver interface for Intel ipw2100/2200 driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_IPW=y - -# Driver interface for Ralink driver -#CONFIG_DRIVER_RALINK=y - -# Driver interface for generic Linux wireless extensions -# Note: WEXT is deprecated in the current Linux kernel version and no new -# functionality is added to it. nl80211-based interface is the new -# replacement for WEXT and its use allows wpa_supplicant to properly control -# the driver to improve existing functionality like roaming and to support new -# functionality. -CONFIG_DRIVER_WEXT=y - -# Driver interface for Linux drivers using the nl80211 kernel interface -CONFIG_DRIVER_NL80211=y - -# driver_nl80211.c requires libnl. If you are compiling it yourself -# you may need to point hostapd to your version of libnl. -# -#CFLAGS += -I$<path to libnl include files> -#LIBS += -L$<path to libnl library files> - -# Use libnl v2.0 (or 3.0) libraries. -#CONFIG_LIBNL20=y - -# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) -CONFIG_LIBNL32=y - - -# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) -#CONFIG_DRIVER_BSD=y -#CFLAGS += -I/usr/local/include -#LIBS += -L/usr/local/lib -#LIBS_p += -L/usr/local/lib -#LIBS_c += -L/usr/local/lib - -# Driver interface for Windows NDIS -#CONFIG_DRIVER_NDIS=y -#CFLAGS += -I/usr/include/w32api/ddk -#LIBS += -L/usr/local/lib -# For native build using mingw -#CONFIG_NATIVE_WINDOWS=y -# Additional directories for cross-compilation on Linux host for mingw target -#CFLAGS += -I/opt/mingw/mingw32/include/ddk -#LIBS += -L/opt/mingw/mingw32/lib -#CC=mingw32-gcc -# By default, driver_ndis uses WinPcap for low-level operations. This can be -# replaced with the following option which replaces WinPcap calls with NDISUIO. -# However, this requires that WZC is disabled (net stop wzcsvc) before starting -# wpa_supplicant. -# CONFIG_USE_NDISUIO=y - -# Driver interface for development testing -#CONFIG_DRIVER_TEST=y - -# Driver interface for wired Ethernet drivers -CONFIG_DRIVER_WIRED=y - -# Driver interface for the Broadcom RoboSwitch family -#CONFIG_DRIVER_ROBOSWITCH=y - -# Driver interface for no driver (e.g., WPS ER only) -#CONFIG_DRIVER_NONE=y - -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) -CONFIG_IEEE8021X_EAPOL=y - -# EAP-MD5 -CONFIG_EAP_MD5=y - -# EAP-MSCHAPv2 -CONFIG_EAP_MSCHAPV2=y - -# EAP-TLS -CONFIG_EAP_TLS=y - -# EAL-PEAP -CONFIG_EAP_PEAP=y - -# EAP-TTLS -CONFIG_EAP_TTLS=y - -# EAP-FAST -# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed -# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., -# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. -#CONFIG_EAP_FAST=y - -# EAP-GTC -CONFIG_EAP_GTC=y - -# EAP-OTP -CONFIG_EAP_OTP=y - -# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) -#CONFIG_EAP_SIM=y - -# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) -#CONFIG_EAP_PSK=y - -# EAP-pwd (secure authentication using only a password) -#CONFIG_EAP_PWD=y - -# EAP-PAX -#CONFIG_EAP_PAX=y - -# LEAP -CONFIG_EAP_LEAP=y - -# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) -#CONFIG_EAP_AKA=y - -# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). -# This requires CONFIG_EAP_AKA to be enabled, too. -#CONFIG_EAP_AKA_PRIME=y - -# Enable USIM simulator (Milenage) for EAP-AKA -#CONFIG_USIM_SIMULATOR=y - -# EAP-SAKE -#CONFIG_EAP_SAKE=y - -# EAP-GPSK -#CONFIG_EAP_GPSK=y -# Include support for optional SHA256 cipher suite in EAP-GPSK -#CONFIG_EAP_GPSK_SHA256=y - -# EAP-TNC and related Trusted Network Connect support (experimental) -#CONFIG_EAP_TNC=y - -# Wi-Fi Protected Setup (WPS) -CONFIG_WPS=y -# Enable WSC 2.0 support -#CONFIG_WPS2=y -# Enable WPS external registrar functionality -#CONFIG_WPS_ER=y -# Disable credentials for an open network by default when acting as a WPS -# registrar. -#CONFIG_WPS_REG_DISABLE_OPEN=y -# Enable WPS support with NFC config method -#CONFIG_WPS_NFC=y - -# EAP-IKEv2 -#CONFIG_EAP_IKEV2=y - -# EAP-EKE -#CONFIG_EAP_EKE=y - -# PKCS#12 (PFX) support (used to read private key and certificate file from -# a file that usually has extension .p12 or .pfx) -CONFIG_PKCS12=y - -# Smartcard support (i.e., private key on a smartcard), e.g., with openssl -# engine. -CONFIG_SMARTCARD=y - -# PC/SC interface for smartcards (USIM, GSM SIM) -# Enable this if EAP-SIM or EAP-AKA is included -#CONFIG_PCSC=y - -# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) -#CONFIG_HT_OVERRIDES=y - -# Support VHT overrides (disable VHT, mask MCS rates, etc.) -#CONFIG_VHT_OVERRIDES=y - -# Development testing -#CONFIG_EAPOL_TEST=y - -# Select control interface backend for external programs, e.g, wpa_cli: -# unix = UNIX domain sockets (default for Linux/*BSD) -# udp = UDP sockets using localhost (127.0.0.1) -# named_pipe = Windows Named Pipe (default for Windows) -# udp-remote = UDP sockets with remote access (only for tests systems/purpose) -# y = use default (backwards compatibility) -# If this option is commented out, control interface is not included in the -# build. -CONFIG_CTRL_IFACE=y - -# Include support for GNU Readline and History Libraries in wpa_cli. -# When building a wpa_cli binary for distribution, please note that these -# libraries are licensed under GPL and as such, BSD license may not apply for -# the resulting binary. -#CONFIG_READLINE=y - -# Include internal line edit mode in wpa_cli. This can be used as a replacement -# for GNU Readline to provide limited command line editing and history support. -#CONFIG_WPA_CLI_EDIT=y - -# Remove debugging code that is printing out debug message to stdout. -# This can be used to reduce the size of the wpa_supplicant considerably -# if debugging code is not needed. The size reduction can be around 35% -# (e.g., 90 kB). -#CONFIG_NO_STDOUT_DEBUG=y - -# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save -# 35-50 kB in code size. -#CONFIG_NO_WPA=y - -# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support -# This option can be used to reduce code size by removing support for -# converting ASCII passphrases into PSK. If this functionality is removed, the -# PSK can only be configured as the 64-octet hexstring (e.g., from -# wpa_passphrase). This saves about 0.5 kB in code size. -#CONFIG_NO_WPA_PASSPHRASE=y - -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. -# This can be used if ap_scan=1 mode is never enabled. -#CONFIG_NO_SCAN_PROCESSING=y - -# Select configuration backend: -# file = text file (e.g., wpa_supplicant.conf; note: the configuration file -# path is given on command line, not here; this option is just used to -# select the backend that allows configuration files to be used) -# winreg = Windows registry (see win_example.reg for an example) -CONFIG_BACKEND=file - -# Remove configuration write functionality (i.e., to allow the configuration -# file to be updated based on runtime configuration changes). The runtime -# configuration can still be changed, the changes are just not going to be -# persistent over restarts. This option can be used to reduce code size by -# about 3.5 kB. -#CONFIG_NO_CONFIG_WRITE=y - -# Remove support for configuration blobs to reduce code size by about 1.5 kB. -#CONFIG_NO_CONFIG_BLOBS=y - -# Select program entry point implementation: -# main = UNIX/POSIX like main() function (default) -# main_winsvc = Windows service (read parameters from registry) -# main_none = Very basic example (development use only) -#CONFIG_MAIN=main - -# Select wrapper for operatins system and C library specific functions -# unix = UNIX/POSIX like systems (default) -# win32 = Windows systems -# none = Empty template -#CONFIG_OS=unix - -# Select event loop implementation -# eloop = select() loop (default) -# eloop_win = Windows events and WaitForMultipleObject() loop -#CONFIG_ELOOP=eloop - -# Should we use poll instead of select? Select is used by default. -#CONFIG_ELOOP_POLL=y - -# Select layer 2 packet implementation -# linux = Linux packet socket (default) -# pcap = libpcap/libdnet/WinPcap -# freebsd = FreeBSD libpcap -# winpcap = WinPcap with receive thread -# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) -# none = Empty template -#CONFIG_L2_PACKET=linux - -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - -# IEEE 802.11w (management frame protection), also known as PMF -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y - -# Select TLS implementation -# openssl = OpenSSL (default) -# gnutls = GnuTLS -# internal = Internal TLSv1 implementation (experimental) -# none = Empty template -#CONFIG_TLS=openssl - -# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) -# can be enabled to get a stronger construction of messages when block ciphers -# are used. It should be noted that some existing TLS v1.0 -based -# implementation may not be compatible with TLS v1.1 message (ClientHello is -# sent prior to negotiating which version will be used) -#CONFIG_TLSV11=y - -# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) -# can be enabled to enable use of stronger crypto algorithms. It should be -# noted that some existing TLS v1.0 -based implementation may not be compatible -# with TLS v1.2 message (ClientHello is sent prior to negotiating which version -# will be used) -#CONFIG_TLSV12=y - -# If CONFIG_TLS=internal is used, additional library and include paths are -# needed for LibTomMath. Alternatively, an integrated, minimal version of -# LibTomMath can be used. See beginning of libtommath.c for details on benefits -# and drawbacks of this option. -#CONFIG_INTERNAL_LIBTOMMATH=y -#ifndef CONFIG_INTERNAL_LIBTOMMATH -#LTM_PATH=/usr/src/libtommath-0.39 -#CFLAGS += -I$(LTM_PATH) -#LIBS += -L$(LTM_PATH) -#LIBS_p += -L$(LTM_PATH) -#endif -# At the cost of about 4 kB of additional binary size, the internal LibTomMath -# can be configured to include faster routines for exptmod, sqr, and div to -# speed up DH and RSA calculation considerably -#CONFIG_INTERNAL_LIBTOMMATH_FAST=y - -# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. -# This is only for Windows builds and requires WMI-related header files and -# WbemUuid.Lib from Platform SDK even when building with MinGW. -#CONFIG_NDIS_EVENTS_INTEGRATED=y -#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" - -# Add support for old DBus control interface -# (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y - -# Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) -CONFIG_CTRL_IFACE_DBUS_NEW=y - -# Add introspection support for new DBus control interface -#CONFIG_CTRL_IFACE_DBUS_INTRO=y - -# Add support for loading EAP methods dynamically as shared libraries. -# When this option is enabled, each EAP method can be either included -# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). -# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to -# be loaded in the beginning of the wpa_supplicant configuration file -# (see load_dynamic_eap parameter in the example file) before being used in -# the network blocks. -# -# Note that some shared parts of EAP methods are included in the main program -# and in order to be able to use dynamic EAP methods using these parts, the -# main program must have been build with the EAP method enabled (=y or =dyn). -# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries -# unless at least one of them was included in the main build to force inclusion -# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included -# in the main build to be able to load these methods dynamically. -# -# Please also note that using dynamic libraries will increase the total binary -# size. Thus, it may not be the best option for targets that have limited -# amount of memory/flash. -#CONFIG_DYNAMIC_EAP_METHODS=y - -# IEEE Std 802.11r-2008 (Fast BSS Transition) -#CONFIG_IEEE80211R=y - -# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) -#CONFIG_DEBUG_FILE=y - -# Send debug messages to syslog instead of stdout -#CONFIG_DEBUG_SYSLOG=y -# Set syslog facility for debug messages -#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON - -# Add support for sending all debug messages (regardless of debug verbosity) -# to the Linux kernel tracing facility. This helps debug the entire stack by -# making it easy to record everything happening from the driver up into the -# same file, e.g., using trace-cmd. -#CONFIG_DEBUG_LINUX_TRACING=y - -# Enable privilege separation (see README 'Privilege separation' for details) -#CONFIG_PRIVSEP=y - -# Enable mitigation against certain attacks against TKIP by delaying Michael -# MIC error reports by a random amount of time between 0 and 60 seconds -#CONFIG_DELAYED_MIC_ERROR_REPORT=y - -# Enable tracing code for developer debugging -# This tracks use of memory allocations and other registrations and reports -# incorrect use with a backtrace of call (or allocation) location. -#CONFIG_WPA_TRACE=y -# For BSD, uncomment these. -#LIBS += -lexecinfo -#LIBS_p += -lexecinfo -#LIBS_c += -lexecinfo - -# Use libbfd to get more details for developer debugging -# This enables use of libbfd to get more detailed symbols for the backtraces -# generated by CONFIG_WPA_TRACE=y. -#CONFIG_WPA_TRACE_BFD=y -# For BSD, uncomment these. -#LIBS += -lbfd -liberty -lz -#LIBS_p += -lbfd -liberty -lz -#LIBS_c += -lbfd -liberty -lz - -CONFIG_TLS = %ssl% -CONFIG_CTRL_IFACE_DBUS=y -CONFIG_CTRL_IFACE_DBUS_NEW=y - -# wpa_supplicant depends on strong random number generation being available -# from the operating system. os_get_random() function is used to fetch random -# data when needed, e.g., for key generation. On Linux and BSD systems, this -# works by reading /dev/urandom. It should be noted that the OS entropy pool -# needs to be properly initialized before wpa_supplicant is started. This is -# important especially on embedded devices that do not have a hardware random -# number generator and may by default start up with minimal entropy available -# for random number generation. -# -# As a safety net, wpa_supplicant is by default trying to internally collect -# additional entropy for generating random data to mix in with the data fetched -# from the OS. This by itself is not considered to be very strong, but it may -# help in cases where the system pool is not initialized properly. However, it -# is very strongly recommended that the system pool is initialized with enough -# entropy either by using hardware assisted random number generator or by -# storing state over device reboots. -# -# wpa_supplicant can be configured to maintain its own entropy store over -# restarts to enhance random number generation. This is not perfect, but it is -# much more secure than using the same sequence of random numbers after every -# reboot. This can be enabled with -e<entropy file> command line option. The -# specified file needs to be readable and writable by wpa_supplicant. -# -# If the os_get_random() is known to provide strong random data (e.g., on -# Linux/BSD, the board in question is known to have reliable source of random -# data from /dev/urandom), the internal wpa_supplicant random pool can be -# disabled. This will save some in binary size and CPU use. However, this -# should only be considered for builds that are known to be used on devices -# that meet the requirements described above. -#CONFIG_NO_RANDOM_POOL=y - -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y - -# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) -# (depends on CONFIG_IEEE80211N) -#CONFIG_IEEE80211AC=y - -# Wireless Network Management (IEEE Std 802.11v-2011) -# Note: This is experimental and not complete implementation. -#CONFIG_WNM=y - -# Interworking (IEEE 802.11u) -# This can be used to enable functionality to improve interworking with -# external networks (GAS/ANQP to learn more about the networks and network -# selection based on available credentials). -#CONFIG_INTERWORKING=y - -# Hotspot 2.0 -#CONFIG_HS20=y - -# Disable roaming in wpa_supplicant -#CONFIG_NO_ROAMING=y - -# AP mode operations with wpa_supplicant -# This can be used for controlling AP mode operations with wpa_supplicant. It -# should be noted that this is mainly aimed at simple cases like -# WPA2-Personal while more complex configurations like WPA2-Enterprise with an -# external RADIUS server can be supported with hostapd. -CONFIG_AP=y - -CONFIG_BGSCAN_SIMPLE=y - -# P2P (Wi-Fi Direct) -# This can be used to enable P2P support in wpa_supplicant. See README-P2P for -# more information on P2P operations. -#CONFIG_P2P=y - -# Enable TDLS support -#CONFIG_TDLS=y - -# Wi-Fi Direct -# This can be used to enable Wi-Fi Direct extensions for P2P using an external -# program to control the additional information exchanges in the messages. -#CONFIG_WIFI_DISPLAY=y - -# Autoscan -# This can be used to enable automatic scan support in wpa_supplicant. -# See wpa_supplicant.conf for more information on autoscan usage. -# -# Enabling directly a module will enable autoscan support. -# For exponential module: -CONFIG_AUTOSCAN_EXPONENTIAL=y -# For periodic module: -#CONFIG_AUTOSCAN_PERIODIC=y - -# Password (and passphrase, etc.) backend for external storage -# These optional mechanisms can be used to add support for storing passwords -# and other secrets in external (to wpa_supplicant) location. This allows, for -# example, operating system specific key storage to be used -# -# External password backend for testing purposes (developer use) -#CONFIG_EXT_PASSWORD_TEST=y diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh deleted file mode 100644 index 35a1aa6..0000000 --- a/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh - - -WPA_SUP_BIN="/usr/sbin/wpa_supplicant" -WPA_SUP_PNAME="wpa_supplicant" -WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid" -WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant" -WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE" - -VERBOSITY=0 - - -if [ -s "$IF_WPA_CONF" ]; then - WPA_SUP_CONF="-c $IF_WPA_CONF" -else - exit 0 -fi - -if [ ! -x "$WPA_SUP_BIN" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN" - fi - - exit 1 -fi - -if [ "$MODE" = "start" ] ; then - # driver type of interface, defaults to wext when undefined - if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then - IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE") - elif [ -z "$IF_WPA_DRIVER" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\"" - fi - - IF_WPA_DRIVER="wext" - fi - - # if we have passed the criteria, start wpa_supplicant - if [ -n "$WPA_SUP_CONF" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER" - fi - - start-stop-daemon --start --quiet \ - --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \ - -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER - fi - - # if the interface socket exists, then wpa_supplicant was invoked successfully - if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE" - fi - - exit 0 - - fi - -elif [ "$MODE" = "stop" ]; then - - if [ -f "$WPA_SUP_PIDFILE" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon" - fi - - start-stop-daemon --stop --quiet \ - --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE - - if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then - rm -f $WPA_COMMON_CTRL_IFACE/$IFACE - fi - - if [ -f "$WPA_SUP_PIDFILE" ]; then - rm -f $WPA_SUP_PIDFILE - fi - fi - -fi - -exit 0 diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf b/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf deleted file mode 100644 index 68258f5..0000000 --- a/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf +++ /dev/null @@ -1,690 +0,0 @@ -##### Example wpa_supplicant configuration file ############################### -# -# This file describes configuration file format and lists all available option. -# Please also take a look at simpler configuration examples in 'examples' -# subdirectory. -# -# Empty lines and lines starting with # are ignored - -# NOTE! This file may contain password information and should probably be made -# readable only by root user on multiuser systems. - -# Note: All file paths in this configuration file should use full (absolute, -# not relative to working directory) path in order to allow working directory -# to be changed. This can happen if wpa_supplicant is run in the background. - -# Whether to allow wpa_supplicant to update (overwrite) configuration -# -# This option can be used to allow wpa_supplicant to overwrite configuration -# file whenever configuration is changed (e.g., new network block is added with -# wpa_cli or wpa_gui, or a password is changed). This is required for -# wpa_cli/wpa_gui to be able to store the configuration changes permanently. -# Please note that overwriting configuration file will remove the comments from -# it. -#update_config=1 - -# global configuration (shared by all network blocks) -# -# Parameters for the control interface. If this is specified, wpa_supplicant -# will open a control interface that is available for external programs to -# manage wpa_supplicant. The meaning of this string depends on which control -# interface mechanism is used. For all cases, the existence of this parameter -# in configuration is used to determine whether the control interface is -# enabled. -# -# For UNIX domain sockets (default on Linux and BSD): This is a directory that -# will be created for UNIX domain sockets for listening to requests from -# external programs (CLI/GUI, etc.) for status information and configuration. -# The socket file will be named based on the interface name, so multiple -# wpa_supplicant processes can be run at the same time if more than one -# interface is used. -# /var/run/wpa_supplicant is the recommended directory for sockets and by -# default, wpa_cli will use it when trying to connect with wpa_supplicant. -# -# Access control for the control interface can be configured by setting the -# directory to allow only members of a group to use sockets. This way, it is -# possible to run wpa_supplicant as root (since it needs to change network -# configuration and open raw sockets) and still allow GUI/CLI components to be -# run as non-root users. However, since the control interface can be used to -# change the network configuration, this access needs to be protected in many -# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you -# want to allow non-root users to use the control interface, add a new group -# and change this value to match with that group. Add users that should have -# control interface access to this group. If this variable is commented out or -# not included in the configuration file, group will not be changed from the -# value it got by default when the directory or socket was created. -# -# When configuring both the directory and group, use following format: -# DIR=/var/run/wpa_supplicant GROUP=wheel -# DIR=/var/run/wpa_supplicant GROUP=0 -# (group can be either group name or gid) -# -# For UDP connections (default on Windows): The value will be ignored. This -# variable is just used to select that the control interface is to be created. -# The value can be set to, e.g., udp (ctrl_interface=udp) -# -# For Windows Named Pipe: This value can be used to set the security descriptor -# for controlling access to the control interface. Security descriptor can be -# set using Security Descriptor String Format (see http://msdn.microsoft.com/ -# library/default.asp?url=/library/en-us/secauthz/security/ -# security_descriptor_string_format.asp). The descriptor string needs to be -# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty -# DACL (which will reject all connections). See README-Windows.txt for more -# information about SDDL string format. -# -ctrl_interface=/var/run/wpa_supplicant - -# IEEE 802.1X/EAPOL version -# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines -# EAPOL version 2. However, there are many APs that do not handle the new -# version number correctly (they seem to drop the frames completely). In order -# to make wpa_supplicant interoperate with these APs, the version number is set -# to 1 by default. This configuration value can be used to set it to the new -# version (2). -eapol_version=1 - -# AP scanning/selection -# By default, wpa_supplicant requests driver to perform AP scanning and then -# uses the scan results to select a suitable AP. Another alternative is to -# allow the driver to take care of AP scanning and selection and use -# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association -# information from the driver. -# 1: wpa_supplicant initiates scanning and AP selection -# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association -# parameters (e.g., WPA IE generation); this mode can also be used with -# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with -# APs (i.e., external program needs to control association). This mode must -# also be used when using wired Ethernet drivers. -# 2: like 0, but associate with APs using security policy and SSID (but not -# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to -# enable operation with hidden SSIDs and optimized roaming; in this mode, -# the network blocks in the configuration file are tried one by one until -# the driver reports successful association; each network block should have -# explicit security policy (i.e., only one option in the lists) for -# key_mgmt, pairwise, group, proto variables -ap_scan=1 - -# EAP fast re-authentication -# By default, fast re-authentication is enabled for all EAP methods that -# support it. This variable can be used to disable fast re-authentication. -# Normally, there is no need to disable this. -fast_reauth=1 - -# OpenSSL Engine support -# These options can be used to load OpenSSL engines. -# The two engines that are supported currently are shown below: -# They are both from the opensc project (http://www.opensc.org/) -# By default no engines are loaded. -# make the opensc engine available -#opensc_engine_path=/usr/lib/opensc/engine_opensc.so -# make the pkcs11 engine available -#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so -# configure the path to the pkcs11 module required by the pkcs11 engine -#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so - -# Dynamic EAP methods -# If EAP methods were built dynamically as shared object files, they need to be -# loaded here before being used in the network blocks. By default, EAP methods -# are included statically in the build, so these lines are not needed -#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so -#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so - -# Driver interface parameters -# This field can be used to configure arbitrary driver interace parameters. The -# format is specific to the selected driver interface. This field is not used -# in most cases. -#driver_param="field=value" - -# Maximum lifetime for PMKSA in seconds; default 43200 -#dot11RSNAConfigPMKLifetime=43200 -# Threshold for reauthentication (percentage of PMK lifetime); default 70 -#dot11RSNAConfigPMKReauthThreshold=70 -# Timeout for security association negotiation in seconds; default 60 -#dot11RSNAConfigSATimeout=60 - -# network block -# -# Each network (usually AP's sharing the same SSID) is configured as a separate -# block in this configuration file. The network blocks are in preference order -# (the first match is used). -# -# network block fields: -# -# disabled: -# 0 = this network can be used (default) -# 1 = this network block is disabled (can be enabled through ctrl_iface, -# e.g., with wpa_cli or wpa_gui) -# -# id_str: Network identifier string for external scripts. This value is passed -# to external action script through wpa_cli as WPA_ID_STR environment -# variable to make it easier to do network specific configuration. -# -# ssid: SSID (mandatory); either as an ASCII string with double quotation or -# as hex string; network name -# -# scan_ssid: -# 0 = do not scan this SSID with specific Probe Request frames (default) -# 1 = scan with SSID-specific Probe Request frames (this can be used to -# find APs that do not accept broadcast SSID or use multiple SSIDs; -# this will add latency to scanning, so enable this only when needed) -# -# bssid: BSSID (optional); if set, this network block is used only when -# associating with the AP using the configured BSSID -# -# priority: priority group (integer) -# By default, all networks will get same priority group (0). If some of the -# networks are more desirable, this field can be used to change the order in -# which wpa_supplicant goes through the networks when selecting a BSS. The -# priority groups will be iterated in decreasing priority (i.e., the larger the -# priority value, the sooner the network is matched against the scan results). -# Within each priority group, networks will be selected based on security -# policy, signal strength, etc. -# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not -# using this priority to select the order for scanning. Instead, they try the -# networks in the order that used in the configuration file. -# -# mode: IEEE 802.11 operation mode -# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default) -# 1 = IBSS (ad-hoc, peer-to-peer) -# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) -# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has -# to be set to 2 for IBSS. WPA-None requires following network block options: -# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not -# both), and psk must also be set. -# -# proto: list of accepted protocols -# WPA = WPA/IEEE 802.11i/D3.0 -# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) -# If not set, this defaults to: WPA RSN -# -# key_mgmt: list of accepted authenticated key management protocols -# WPA-PSK = WPA pre-shared key (this requires 'psk' field) -# WPA-EAP = WPA using EAP authentication (this can use an external -# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication -# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically -# generated WEP keys -# NONE = WPA is not used; plaintext or static WEP could be used -# If not set, this defaults to: WPA-PSK WPA-EAP -# -# auth_alg: list of allowed IEEE 802.11 authentication algorithms -# OPEN = Open System authentication (required for WPA/WPA2) -# SHARED = Shared Key authentication (requires static WEP keys) -# LEAP = LEAP/Network EAP (only used with LEAP) -# If not set, automatic selection is used (Open System with LEAP enabled if -# LEAP is allowed as one of the EAP methods). -# -# pairwise: list of accepted pairwise (unicast) ciphers for WPA -# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] -# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] -# NONE = Use only Group Keys (deprecated, should not be included if APs support -# pairwise keys) -# If not set, this defaults to: CCMP TKIP -# -# group: list of accepted group (broadcast/multicast) ciphers for WPA -# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] -# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] -# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key -# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11] -# If not set, this defaults to: CCMP TKIP WEP104 WEP40 -# -# psk: WPA preshared key; 256-bit pre-shared key -# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e., -# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be -# generated using the passphrase and SSID). ASCII passphrase must be between -# 8 and 63 characters (inclusive). -# This field is not needed, if WPA-EAP is used. -# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys -# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant -# startup and reconfiguration time can be optimized by generating the PSK only -# only when the passphrase or SSID has actually changed. -# -# eapol_flags: IEEE 802.1X/EAPOL options (bit field) -# Dynamic WEP key required for non-WPA mode -# bit0 (1): require dynamically generated unicast WEP key -# bit1 (2): require dynamically generated broadcast WEP key -# (3 = require both keys; default) -# Note: When using wired authentication, eapol_flags must be set to 0 for the -# authentication to be completed successfully. -# -# proactive_key_caching: -# Enable/disable opportunistic PMKSA caching for WPA2. -# 0 = disabled (default) -# 1 = enabled -# -# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or -# hex without quotation, e.g., 0102030405) -# wep_tx_keyidx: Default WEP key index (TX) (0..3) -# -# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is -# allowed. This is only used with RSN/WPA2. -# 0 = disabled (default) -# 1 = enabled -#peerkey=1 -# -# Following fields are only used with internal EAP implementation. -# eap: space-separated list of accepted EAP methods -# MD5 = EAP-MD5 (unsecure and does not generate keying material -> -# cannot be used with WPA; to be used as a Phase 2 method -# with EAP-PEAP or EAP-TTLS) -# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) -# OTP = EAP-OTP (cannot be used separately with WPA; to be used -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) -# GTC = EAP-GTC (cannot be used separately with WPA; to be used -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) -# TLS = EAP-TLS (client and server certificate) -# PEAP = EAP-PEAP (with tunnelled EAP authentication) -# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2 -# authentication) -# If not set, all compiled in methods are allowed. -# -# identity: Identity string for EAP -# anonymous_identity: Anonymous identity string for EAP (to be used as the -# unencrypted identity with EAP types that support different tunnelled -# identity, e.g., EAP-TTLS) -# password: Password string for EAP -# ca_cert: File path to CA certificate file (PEM/DER). This file can have one -# or more trusted CA certificates. If ca_cert and ca_path are not -# included, server certificate will not be verified. This is insecure and -# a trusted CA certificate should always be configured when using -# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may -# change when wpa_supplicant is run in the background. -# On Windows, trusted CA certificates can be loaded from the system -# certificate store by setting this to cert_store://<name>, e.g., -# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". -# Note that when running wpa_supplicant as an application, the user -# certificate store (My user account) is used, whereas computer store -# (Computer account) is used when running wpasvc as a service. -# ca_path: Directory path for CA certificate files (PEM). This path may -# contain multiple CA certificates in OpenSSL format. Common use for this -# is to point to system trusted CA list which is often installed into -# directory like /etc/ssl/certs. If configured, these certificates are -# added to the list of trusted CAs. ca_cert may also be included in that -# case, but it is not required. -# client_cert: File path to client certificate file (PEM/DER) -# Full path should be used since working directory may change when -# wpa_supplicant is run in the background. -# Alternatively, a named configuration blob can be used by setting this -# to blob://<blob name>. -# private_key: File path to client private key file (PEM/DER/PFX) -# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be -# commented out. Both the private key and certificate will be read from -# the PKCS#12 file in this case. Full path should be used since working -# directory may change when wpa_supplicant is run in the background. -# Windows certificate store can be used by leaving client_cert out and -# configuring private_key in one of the following formats: -# cert://substring_to_match -# hash://certificate_thumbprint_in_hex -# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4" -# Note that when running wpa_supplicant as an application, the user -# certificate store (My user account) is used, whereas computer store -# (Computer account) is used when running wpasvc as a service. -# Alternatively, a named configuration blob can be used by setting this -# to blob://<blob name>. -# private_key_passwd: Password for private key file (if left out, this will be -# asked through control interface) -# dh_file: File path to DH/DSA parameters file (in PEM format) -# This is an optional configuration file for setting parameters for an -# ephemeral DH key exchange. In most cases, the default RSA -# authentication does not use this configuration. However, it is possible -# setup RSA to use ephemeral DH key exchange. In addition, ciphers with -# DSA keys always use ephemeral DH keys. This can be used to achieve -# forward secrecy. If the file is in DSA parameters format, it will be -# automatically converted into DH params. -# subject_match: Substring to be matched against the subject of the -# authentication server certificate. If this string is set, the server -# sertificate is only accepted if it contains this string in the subject. -# The subject string is in following format: -# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com -# altsubject_match: Semicolon separated string of entries to be matched against -# the alternative subject name of the authentication server certificate. -# If this string is set, the server sertificate is only accepted if it -# contains one of the entries in an alternative subject name extension. -# altSubjectName string is in following format: TYPE:VALUE -# Example: EMAIL:server@example.com -# Example: DNS:server.example.com;DNS:server2.example.com -# Following types are supported: EMAIL, DNS, URI -# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters -# (string with field-value pairs, e.g., "peapver=0" or -# "peapver=1 peaplabel=1") -# 'peapver' can be used to force which PEAP version (0 or 1) is used. -# 'peaplabel=1' can be used to force new label, "client PEAP encryption", -# to be used during key derivation when PEAPv1 or newer. Most existing -# PEAPv1 implementation seem to be using the old label, "client EAP -# encryption", and wpa_supplicant is now using that as the default value. -# Some servers, e.g., Radiator, may require peaplabel=1 configuration to -# interoperate with PEAPv1; see eap_testing.txt for more details. -# 'peap_outer_success=0' can be used to terminate PEAP authentication on -# tunneled EAP-Success. This is required with some RADIUS servers that -# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., -# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode) -# include_tls_length=1 can be used to force wpa_supplicant to include -# TLS Message Length field in all TLS messages even if they are not -# fragmented. -# sim_min_num_chal=3 can be used to configure EAP-SIM to require three -# challenges (by default, it accepts 2 or 3) -# phase2: Phase2 (inner authentication with TLS tunnel) parameters -# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or -# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS) -# Following certificate/private key fields are used in inner Phase2 -# authentication when using EAP-TTLS or EAP-PEAP. -# ca_cert2: File path to CA certificate file. This file can have one or more -# trusted CA certificates. If ca_cert2 and ca_path2 are not included, -# server certificate will not be verified. This is insecure and a trusted -# CA certificate should always be configured. -# ca_path2: Directory path for CA certificate files (PEM) -# client_cert2: File path to client certificate file -# private_key2: File path to client private key file -# private_key2_passwd: Password for private key file -# dh_file2: File path to DH/DSA parameters file (in PEM format) -# subject_match2: Substring to be matched against the subject of the -# authentication server certificate. -# altsubject_match2: Substring to be matched against the alternative subject -# name of the authentication server certificate. -# -# fragment_size: Maximum EAP fragment size in bytes (default 1398). -# This value limits the fragment size for EAP methods that support -# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set -# small enough to make the EAP messages fit in MTU of the network -# interface used for EAPOL. The default value is suitable for most -# cases. -# -# EAP-PSK variables: -# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format -# nai: user NAI -# -# EAP-PAX variables: -# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format -# -# EAP-SAKE variables: -# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format -# (this is concatenation of Root-Secret-A and Root-Secret-B) -# nai: user NAI (PEERID) -# -# EAP-GPSK variables: -# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits) -# nai: user NAI (ID_Client) -# -# EAP-FAST variables: -# pac_file: File path for the PAC entries. wpa_supplicant will need to be able -# to create this file and write updates to it when PAC is being -# provisioned or refreshed. Full path to the file should be used since -# working directory may change when wpa_supplicant is run in the -# background. Alternatively, a named configuration blob can be used by -# setting this to blob://<blob name> -# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST -# credentials (PAC) -# -# wpa_supplicant supports number of "EAP workarounds" to work around -# interoperability issues with incorrectly behaving authentication servers. -# These are enabled by default because some of the issues are present in large -# number of authentication servers. Strict EAP conformance mode can be -# configured by disabling workarounds with eap_workaround=0. - -# Example blocks: - -# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers -network={ - ssid="simple" - psk="very secret passphrase" - priority=5 -} - -# Same as previous, but request SSID-specific scanning (for APs that reject -# broadcast SSID) -network={ - ssid="second ssid" - scan_ssid=1 - psk="very secret passphrase" - priority=2 -} - -# Only WPA-PSK is used. Any valid cipher combination is accepted. -network={ - ssid="example" - proto=WPA - key_mgmt=WPA-PSK - pairwise=CCMP TKIP - group=CCMP TKIP WEP104 WEP40 - psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb - priority=2 -} - -# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104 -# or WEP40 as the group cipher will not be accepted. -network={ - ssid="example" - proto=RSN - key_mgmt=WPA-EAP - pairwise=CCMP TKIP - group=CCMP TKIP - eap=TLS - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - priority=1 -} - -# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel -# (e.g., Radiator) -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=PEAP - identity="user@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - phase1="peaplabel=1" - phase2="auth=MSCHAPV2" - priority=10 -} - -# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the -# unencrypted use. Real identity is sent only within an encrypted TLS tunnel. -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - identity="user@example.com" - anonymous_identity="anonymous@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - priority=2 -} - -# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted -# use. Real identity is sent only within an encrypted TLS tunnel. -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - identity="user@example.com" - anonymous_identity="anonymous@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - phase2="auth=MSCHAPV2" -} - -# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner -# authentication. -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - # Phase1 / outer authentication - anonymous_identity="anonymous@example.com" - ca_cert="/etc/cert/ca.pem" - # Phase 2 / inner authentication - phase2="autheap=TLS" - ca_cert2="/etc/cert/ca2.pem" - client_cert2="/etc/cer/user.pem" - private_key2="/etc/cer/user.prv" - private_key2_passwd="password" - priority=2 -} - -# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and -# group cipher. -network={ - ssid="example" - bssid=00:11:22:33:44:55 - proto=WPA RSN - key_mgmt=WPA-PSK WPA-EAP - pairwise=CCMP - group=CCMP - psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb -} - -# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP -# and all valid ciphers. -network={ - ssid=00010203 - psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f -} - - -# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using -# EAP-TLS for authentication and key generation; require both unicast and -# broadcast WEP keys. -network={ - ssid="1x-test" - key_mgmt=IEEE8021X - eap=TLS - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - eapol_flags=3 -} - - -# LEAP with dynamic WEP keys -network={ - ssid="leap-example" - key_mgmt=IEEE8021X - eap=LEAP - identity="user" - password="foobar" -} - -# Plaintext connection (no WPA, no IEEE 802.1X) -network={ - ssid="plaintext-test" - key_mgmt=NONE -} - - -# Shared WEP key connection (no WPA, no IEEE 802.1X) -network={ - ssid="static-wep-test" - key_mgmt=NONE - wep_key0="abcde" - wep_key1=0102030405 - wep_key2="1234567890123" - wep_tx_keyidx=0 - priority=5 -} - - -# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key -# IEEE 802.11 authentication -network={ - ssid="static-wep-test2" - key_mgmt=NONE - wep_key0="abcde" - wep_key1=0102030405 - wep_key2="1234567890123" - wep_tx_keyidx=0 - priority=5 - auth_alg=SHARED -} - - -# IBSS/ad-hoc network with WPA-None/TKIP. -network={ - ssid="test adhoc" - mode=1 - proto=WPA - key_mgmt=WPA-NONE - pairwise=NONE - group=TKIP - psk="secret passphrase" -} - - -# Catch all example that allows more or less all configuration modes -network={ - ssid="example" - scan_ssid=1 - key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE - pairwise=CCMP TKIP - group=CCMP TKIP WEP104 WEP40 - psk="very secret passphrase" - eap=TTLS PEAP TLS - identity="user@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - phase1="peaplabel=0" -} - -# Example of EAP-TLS with smartcard (openssl engine) -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TLS - proto=RSN - pairwise=CCMP TKIP - group=CCMP TKIP - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - - engine=1 - - # The engine configured here must be available. Look at - # OpenSSL engine support in the global section. - # The key available through the engine must be the private key - # matching the client certificate configured above. - - # use the opensc engine - #engine_id="opensc" - #key_id="45" - - # use the pkcs11 engine - engine_id="pkcs11" - key_id="id_45" - - # Optional PIN configuration; this can be left out and PIN will be - # asked through the control interface - pin="1234" -} - -# Example configuration showing how to use an inlined blob as a CA certificate -# data instead of using external file -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - identity="user@example.com" - anonymous_identity="anonymous@example.com" - password="foobar" - ca_cert="blob://exampleblob" - priority=20 -} - -blob-base64-exampleblob={ -SGVsbG8gV29ybGQhCg== -} - - -# Wildcard match for SSID (plaintext APs only). This example select any -# open AP regardless of its SSID. -network={ - key_mgmt=NONE -} diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane b/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane deleted file mode 100644 index c91ffe0..0000000 --- a/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane +++ /dev/null @@ -1,7 +0,0 @@ -ctrl_interface=/var/run/wpa_supplicant -ctrl_interface_group=0 -update_config=1 - -network={ - key_mgmt=NONE -} diff --git a/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb b/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb deleted file mode 100644 index bd4167c..0000000 --- a/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb +++ /dev/null @@ -1,109 +0,0 @@ -SUMMARY = "Client for Wi-Fi Protected Access (WPA)" -HOMEPAGE = "http://w1.fi/wpa_supplicant/" -BUGTRACKER = "http://w1.fi/security/" -SECTION = "network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \ - file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \ - file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b" -DEPENDS = "dbus libnl" -RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" - -PACKAGECONFIG ??= "gnutls" -PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" -PACKAGECONFIG[openssl] = ",,openssl" - -inherit pkgconfig systemd - -SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" -SYSTEMD_AUTO_ENABLE = "disable" - -SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ - file://defconfig \ - file://wpa-supplicant.sh \ - file://wpa_supplicant.conf \ - file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ - file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ - " -SRC_URI[md5sum] = "0af5998c5d924e985cab16b9a1c77904" -SRC_URI[sha256sum] = "a689336a12a99151b9de5e25bfccadb88438f4f4438eb8db331cd94346fd3d96" - -CVE_PRODUCT = "wpa_supplicant" - -S = "${WORKDIR}/wpa_supplicant-${PV}" - -PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " -FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" -FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" -FILES_${PN} += "${datadir}/dbus-1/system-services/*" -CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" - -do_configure () { - ${MAKE} -C wpa_supplicant clean - install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config - - if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then - ssl=openssl - elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then - ssl=gnutls - fi - if [ -n "$ssl" ]; then - sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config - fi - - # For rebuild - rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d -} - -export EXTRA_CFLAGS = "${CFLAGS}" -export BINDIR = "${sbindir}" - -do_compile () { - unset CFLAGS CPPFLAGS CXXFLAGS - sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules - oe_runmake -C wpa_supplicant -} - -do_install () { - install -d ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir} - - install -d ${D}${bindir} - install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir} - - install -d ${D}${docdir}/wpa_supplicant - install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant - - install -d ${D}${sysconfdir} - install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf - - install -d ${D}${sysconfdir}/network/if-pre-up.d/ - install -d ${D}${sysconfdir}/network/if-post-down.d/ - install -d ${D}${sysconfdir}/network/if-down.d/ - install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant - cd ${D}${sysconfdir}/network/ && \ - ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant - - install -d ${D}/${sysconfdir}/dbus-1/system.d - install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d - install -d ${D}/${datadir}/dbus-1/system-services - install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system - fi - - install -d ${D}/etc/default/volatiles - install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles -} - -pkg_postinst_wpa-supplicant () { - # If we're offline, we don't need to do this. - if [ "x$D" = "x" ]; then - killall -q -HUP dbus-daemon || true - fi - -} diff --git a/recipes-core/base-files/base-files_3.0.14.bbappend b/recipes-core/base-files/base-files_3.0.14.bbappend index 4221344..74fb040 100644 --- a/recipes-core/base-files/base-files_3.0.14.bbappend +++ b/recipes-core/base-files/base-files_3.0.14.bbappend @@ -1,5 +1,5 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -PR = "m2" +PR = "m3" CONFFILES_${PN}_remove = "${sysconfdir}/fstab" FILES_${PN}_remove = "${sysconfdir}/fstab" @@ -14,7 +14,8 @@ do_install_append() { rm ${D}/${sysconfdir}/fstab fi set +x - + rm -rf ${D}/tmp + ln -snf /var/tmp ${D}/tmp cat >> ${D}${sysconfdir}/profile << 'EOT' for g in $(groups) ; do diff --git a/recipes-core/initscripts/initscripts-1.0/umountfs b/recipes-core/initscripts/initscripts-1.0/umountfs index 07379c4..b044a4a 100644 --- a/recipes-core/initscripts/initscripts-1.0/umountfs +++ b/recipes-core/initscripts/initscripts-1.0/umountfs @@ -78,6 +78,24 @@ err_leds() { flash_upgrade() { + supercap=$(mts-io-sysfs show capability/supercap 2>/dev/null) + if ((supercap == 1)) ; then + count=0 + while ((count < 180)) ; do + powerfail=$(mts-io-sysfs show power-fail) + if ((powerfail == 1)) ; then + logger -s -t 'flash_upgrade' -p daemon.err 'Power has failed. Skipping flash upgrade. Try again later' + return + fi + full=$(mts-io-sysfs show supercap-full) + if ((full == 1)); then + break # Continue with flash + fi + logger -s -t 'flash_upgrade' -p daemon.err 'Supercap is not yet full. Wait for flash upgrade.' + ((count++)) + sleep 1 + done # Looping on 3 minute timeout + fi if [ $# -ne 1 ]; then echo "need to specify flash-root" return diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend index c5bd486..537fbee 100644 --- a/recipes-core/initscripts/initscripts_1.0.bbappend +++ b/recipes-core/initscripts/initscripts_1.0.bbappend @@ -3,4 +3,4 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:" # flash on reboot/umountfs needs regular umount (not busybox) RDEPENDS_${PN} += "util-linux-umount util-linux-mount bash" -PR .= ".44" +PR .= ".46" diff --git a/recipes-core/libusb/libusb-compat/0001-usb.h-Include-sys-types.h.patch b/recipes-core/libusb/libusb-compat/0001-usb.h-Include-sys-types.h.patch deleted file mode 100644 index b88440d..0000000 --- a/recipes-core/libusb/libusb-compat/0001-usb.h-Include-sys-types.h.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 340f911f9e3f4ff6b01682c5341c959060782af2 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Thu, 2 Apr 2015 19:18:45 -0700 -Subject: [PATCH] usb.h: Include sys/types.h - -We need the definitions for things like u_intX_t - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - libusb/usb.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libusb/usb.h b/libusb/usb.h -index 84e730f..caffae2 100644 ---- a/libusb/usb.h -+++ b/libusb/usb.h -@@ -31,6 +31,8 @@ - - #include <dirent.h> - -+#include <sys/types.h> -+ - /* - * USB spec information - * --- -2.1.4 - diff --git a/recipes-core/libusb/libusb1/no-dll.patch b/recipes-core/libusb/libusb1/no-dll.patch deleted file mode 100644 index 6e6bb83..0000000 --- a/recipes-core/libusb/libusb1/no-dll.patch +++ /dev/null @@ -1,19 +0,0 @@ -As all invokes all-recursive which uses sub-makes to invoke all-am, the -resulting makefile wants to build libusb-1.0.la twice. In non-parallel builds -the second attempt is skipped as the target already exists, but in highly -parallel builds it's likely that two makes will be building libusb-1.0.la at the -same time. - -Solve this by removing the explicit all target, which as libusb-1.0.dll isn't -built under Linux is redundant anyway. - -Upstream-Status: Pending -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/libusb/Makefile.am b/libusb/Makefile.am -index 0cab0a0..c880213 100644 ---- a/libusb/Makefile.am -+++ b/libusb/Makefile.am -@@ -1,2 +0,0 @@ --all: libusb-1.0.la libusb-1.0.dll -- diff --git a/recipes-core/libusb/libusb1_1.0.21.bb b/recipes-core/libusb/libusb1_1.0.21.bb deleted file mode 100644 index 1fefd14..0000000 --- a/recipes-core/libusb/libusb1_1.0.21.bb +++ /dev/null @@ -1,35 +0,0 @@ -SUMMARY = "Userspace library to access USB (version 1.0)" -HOMEPAGE = "http://libusb.sf.net" -BUGTRACKER = "http://www.libusb.org/report" -SECTION = "libs" - -LICENSE = "LGPLv2.1+" -LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" - -BBCLASSEXTEND = "native nativesdk" - -SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ - file://no-dll.patch \ - " - -SRC_URI[md5sum] = "1da9ea3c27b3858fa85c5f4466003e44" -SRC_URI[sha256sum] = "7dce9cce9a81194b7065ee912bcd55eeffebab694ea403ffb91b67db66b1824b" - -S = "${WORKDIR}/libusb-${PV}" - -inherit autotools pkgconfig - -# Don't configure udev by default since it will cause a circular -# dependecy with udev package, which depends on libusb -EXTRA_OECONF = "--libdir=${base_libdir} --disable-udev" - -do_install_append() { - install -d ${D}${libdir} - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - mv ${D}${base_libdir}/pkgconfig ${D}${libdir} - fi -} - -FILES_${PN} += "${base_libdir}/*.so.*" - -FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la" diff --git a/recipes-core/multitech/commissioning_1.0.1.bb b/recipes-core/multitech/commissioning_1.0.1.bb index 4cee01a..4322906 100644 --- a/recipes-core/multitech/commissioning_1.0.1.bb +++ b/recipes-core/multitech/commissioning_1.0.1.bb @@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=593c81e8a2bd8b4c4e310d8792372b13" PACKAGE_ARCH = "${MACHINE_ARCH}" -DEPENDS = "fcgi jsoncpp shadow" -RDEPENDS_${PN} += "jsoncpp lighttpd lighttpd-module-fastcgi lighttpd-module-openssl lighttpd-module-redirect bash openssl-bin" +DEPENDS = "fcgi jsoncpp16 shadow" +RDEPENDS_${PN} += "jsoncpp16 lighttpd lighttpd-module-fastcgi lighttpd-module-openssl lighttpd-module-redirect bash openssl-bin" RDEPENDS_${PN}-php-fpm += "php-fpm ${PN}" PACKAGES =+ "${PN}-php-fpm" diff --git a/recipes-core/udev/eudev/init b/recipes-core/udev/eudev/init index bd716b0..d941401 100644 --- a/recipes-core/udev/eudev/init +++ b/recipes-core/udev/eudev/init @@ -57,7 +57,7 @@ case "$1" in # the automount rule for udev needs /tmp directory available, as /tmp is a symlink # to /var/tmp which in turn is a symlink to /var/volatile/tmp, we need to make sure # /var/volatile/tmp directory to be available. - mkdir -p /var/volatile/tmp + mkdir -m 1777 -p /var/volatile/tmp # Cache handling. # A list of files which are used as a criteria to judge whether the udev cache could be reused. diff --git a/recipes-core/useradd/useradd.bb b/recipes-core/useradd/useradd.bb index d229a2f..653c597 100644 --- a/recipes-core/useradd/useradd.bb +++ b/recipes-core/useradd/useradd.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Add mtadm user for security purposes" SECTION = "mtadm" PR = "r4" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=b97a012949927931feb7793eee5ed924 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" S = "${WORKDIR}" diff --git a/recipes-devtools/cppunit/cppunit_1.13.2.bbappend b/recipes-devtools/cppunit/cppunit_%.bbappend index d3267ac..d3267ac 100644 --- a/recipes-devtools/cppunit/cppunit_1.13.2.bbappend +++ b/recipes-devtools/cppunit/cppunit_%.bbappend diff --git a/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend new file mode 100644 index 0000000..106aacc --- /dev/null +++ b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend @@ -0,0 +1,4 @@ +# By default e2fsprogs intalls hardlinks for fsck.ext2, fsck.etx3 ... and +# other utilities which sometime leads to problems in initramfs image. +# For unknown reasons sometimes fsck.ext2, etc. files have 0 size. +EXTRA_OECONF += "--enable-symlink-install"
\ No newline at end of file diff --git a/recipes-devtools/python/python-cryptography_%.bbappend b/recipes-devtools/python/python-cryptography_%.bbappend deleted file mode 100644 index 8f4750f..0000000 --- a/recipes-devtools/python/python-cryptography_%.bbappend +++ /dev/null @@ -1,15 +0,0 @@ - -RDEPENDS_${PN}_remove = " \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-pycparser \ - ${PYTHON_PN}-setuptools \ -" - -DEPENDS_${PN}_class_target_remove = " \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-pycparser \ - ${PYTHON_PN}-setuptools \ -" - diff --git a/recipes-extended/libfastjson/libfastjson/CVE-2020-12762.patch b/recipes-extended/libfastjson/libfastjson/CVE-2020-12762.patch new file mode 100644 index 0000000..84e8206 --- /dev/null +++ b/recipes-extended/libfastjson/libfastjson/CVE-2020-12762.patch @@ -0,0 +1,80 @@ +From 73d5726b116e89d1e756419ceea5ed071d211642 Mon Sep 17 00:00:00 2001 +From: "mykola.salomatin" <mykola.salomatin@globallogic.com> +Date: Tue, 2 Mar 2021 13:22:21 +0200 +Subject: [PATCH] Fix integer overflows + +This commit is a backport of the following commit in json-c: + * d07b91014986900a3a75f306d302e13e005e9d67 + +In component json-c, several files were affected: + * linkhash.c + * arraylist.c + * printbuf.c + +In the current version of the libfastjson (0.99.8): + * linkhash.c was removed, + * arraylist.c doesn't have a necessary function for patching, + * printbuf.c is patched manually in current patch. + +--- +CVE: CVE-2020-12762 +Signed-off-by: Mykola Salomatin + + printbuf.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/printbuf.c b/printbuf.c +index cc0f0d2..97e3ddd 100644 +--- a/printbuf.c ++++ b/printbuf.c +@@ -13,6 +13,7 @@ + + #include "config.h" + ++#include <limits.h> + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +@@ -68,9 +69,16 @@ static int printbuf_extend(struct printbuf *p, int min_size) + if (p->size >= min_size) + return 0; + +- new_size = p->size * 2; +- if (new_size < min_size + 8) +- new_size = min_size + 8; ++ /* Prevent signed integer overflows with large buffers. */ ++ if (min_size > INT_MAX - 8) ++ return -1; ++ if (p->size > INT_MAX / 2) ++ new_size = min_size + 8; ++ else { ++ new_size = p->size * 2; ++ if (new_size < min_size + 8) ++ new_size = min_size + 8; ++ } + #ifdef PRINTBUF_DEBUG + MC_DEBUG("printbuf_memappend: realloc " + "bpos=%d min_size=%d old_size=%d new_size=%d\n", +@@ -85,6 +93,9 @@ static int printbuf_extend(struct printbuf *p, int min_size) + + int printbuf_memappend(struct printbuf *p, const char *buf, int size) + { ++ /* Prevent signed integer overflows with large buffers. */ ++ if (size > INT_MAX - p->bpos - 1) ++ return -1; + if (p->size <= p->bpos + size + 1) { + if (printbuf_extend(p, p->bpos + size + 1) < 0) + return -1; +@@ -136,6 +147,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len) + + if (offset == -1) + offset = pb->bpos; ++ /* Prevent signed integer overflows with large buffers. */ ++ if (len > INT_MAX - offset) ++ return -1; + size_needed = offset + len; + if (pb->size < size_needed) + { +-- +2.7.4 + diff --git a/recipes-extended/libfastjson/libfastjson_%.bbappend b/recipes-extended/libfastjson/libfastjson_%.bbappend new file mode 100644 index 0000000..103c92e --- /dev/null +++ b/recipes-extended/libfastjson/libfastjson_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +PR.=".mlinux1" + +SRC_URI += "file://CVE-2020-12762.patch" diff --git a/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch b/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch deleted file mode 100644 index 2e931a2..0000000 --- a/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 68f29ab490cf987aa34b5f4caf1784b58a021308 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Tue, 17 Feb 2015 21:08:07 -0800 -Subject: [PATCH] Act as the "mv" command when rotate log - -Act as the "mv" command when rotate log, first rename, if failed, then -read and write. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - logrotate.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 59 insertions(+), 12 deletions(-) - -diff --git a/logrotate.c b/logrotate.c -index d3deb6a..cf8bf2c 100644 ---- a/logrotate.c -+++ b/logrotate.c -@@ -1157,6 +1157,53 @@ int findNeedRotating(struct logInfo *log, int logNum, int force) - return 0; - } - -+/* Act as the "mv" command, if rename failed, then read the old file and -+ * write to new file. The function which invokes the mvFile will use -+ * the strerror(errorno) to handle the error message, so we don't have -+ * to print the error message here */ -+ -+int mvFile (char *oldName, char *newName, struct logInfo *log, acl_type acl) -+{ -+ struct stat sbprev; -+ int fd_old, fd_new, n; -+ char buf[BUFSIZ]; -+ -+ /* Do the rename first */ -+ if (!rename(oldName, newName)) -+ return 0; -+ -+ /* If the errno is EXDEV, then read old file, write newfile and -+ * remove the oldfile */ -+ if (errno == EXDEV) { -+ /* Open the old file to read */ -+ if ((fd_old = open(oldName, O_RDONLY)) < 0) -+ return 1; -+ -+ /* Create the file to write, keep the same attribute as the old file */ -+ if (stat(oldName, &sbprev)) -+ return 1; -+ else { -+ if ((fd_new = createOutputFile(newName, -+ O_WRONLY | O_CREAT | O_TRUNC, &sbprev, acl, 0)) < 0 ) -+ return 1; -+ } -+ -+ /* Read and write */ -+ while ((n = read(fd_old, buf, BUFSIZ)) > 0) -+ if (write(fd_new, buf, n) != n) -+ return 1; -+ -+ if ((close(fd_old) < 0) || -+ removeLogFile(oldName, log) || -+ (close(fd_new) < 0)) -+ return 1; -+ -+ return 0; -+ } -+ -+ return 1; -+} -+ - int prerotateSingleLog(struct logInfo *log, int logNum, struct logState *state, - struct logNames *rotNames) - { -@@ -1523,15 +1570,15 @@ int prerotateSingleLog(struct logInfo *log, int logNum, struct logState *state, - } - - message(MESS_DEBUG, -- "renaming %s to %s (rotatecount %d, logstart %d, i %d), \n", -+ "moving %s to %s (rotatecount %d, logstart %d, i %d), \n", - oldName, newName, rotateCount, logStart, i); - -- if (!debug && rename(oldName, newName)) { -+ if (!debug && mvFile(oldName, newName, log, prev_acl)) { - if (errno == ENOENT) { - message(MESS_DEBUG, "old log %s does not exist\n", - oldName); - } else { -- message(MESS_ERROR, "error renaming %s to %s: %s\n", -+ message(MESS_ERROR, "error moving %s to %s: %s\n", - oldName, newName, strerror(errno)); - hasErrors = 1; - } -@@ -1669,21 +1716,21 @@ int rotateSingleLog(struct logInfo *log, int logNum, struct logState *state, - return 1; - } - -- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum], -+ message(MESS_DEBUG, "moving %s to %s\n", log->files[logNum], - tmpFilename); -- if (!debug && !hasErrors && rename(log->files[logNum], tmpFilename)) { -- message(MESS_ERROR, "failed to rename %s to %s: %s\n", -+ if (!debug && !hasErrors && mvFile(log->files[logNum], rotNames->finalName, log, prev_acl)) { -+ message(MESS_ERROR, "failed to move %s to %s: %s\n", - log->files[logNum], tmpFilename, - strerror(errno)); - hasErrors = 1; - } - } - else { -- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum], -+ message(MESS_DEBUG, "moving %s to %s\n", log->files[logNum], - rotNames->finalName); - if (!debug && !hasErrors && -- rename(log->files[logNum], rotNames->finalName)) { -- message(MESS_ERROR, "failed to rename %s to %s: %s\n", -+ mvFile(log->files[logNum], rotNames->finalName, log, prev_acl)) { -+ message(MESS_ERROR, "failed to move %s to %s: %s\n", - log->files[logNum], tmpFilename, - strerror(errno)); - hasErrors = 1; -@@ -2063,7 +2110,7 @@ int rotateLogSet(struct logInfo *log, int force) - return hasErrors; - } - --static int writeState(char *stateFilename) -+static int writeState(struct logInfo *log, char *stateFilename) - { - struct logState *p; - FILE *f; -@@ -2227,7 +2274,7 @@ static int writeState(char *stateFilename) - fclose(f); - - if (error == 0) { -- if (rename(tmpFilename, stateFilename)) { -+ if (mvFile(tmpFilename, stateFilename, log, prev_acl)) { - unlink(tmpFilename); - error = 1; - message(MESS_ERROR, "error renaming temp state file %s\n", -@@ -2525,7 +2572,7 @@ int main(int argc, const char **argv) - rc |= rotateLogSet(log, force); - - if (!debug) -- rc |= writeState(stateFile); -+ rc |= writeState(log, stateFile); - - return (rc != 0); - } diff --git a/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch b/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch deleted file mode 100644 index 793d702..0000000 --- a/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch +++ /dev/null @@ -1,32 +0,0 @@ -Disable the check for different filesystems - -The logrotate supports rotate log across different filesystems now, so -disable the check for different filesystems. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - config.c | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/config.c b/config.c -index dbbf563..64e66f6 100644 ---- a/config.c -+++ b/config.c -@@ -1493,15 +1493,6 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig) - goto error; - } - } -- -- if (sb.st_dev != sb2.st_dev -- && !(newlog->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY | LOG_FLAG_TMPFILENAME))) { -- message(MESS_ERROR, -- "%s:%d olddir %s and log file %s " -- "are on different devices\n", configFile, -- lineNum, newlog->oldDir, newlog->files[i]); -- goto error; -- } - } - } - diff --git a/recipes-extended/logrotate/logrotate/update-the-manual.patch b/recipes-extended/logrotate/logrotate/update-the-manual.patch deleted file mode 100644 index 50d037d..0000000 --- a/recipes-extended/logrotate/logrotate/update-the-manual.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e0b0fe30e9c49234994a20a86aacfaf80e690087 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Tue, 17 Feb 2015 21:14:37 -0800 -Subject: [PATCH] Update the manual - -Update the manual for rotating on different filesystems. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - logrotate.8 | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/logrotate.8 b/logrotate.8 -index e4e5f48..84407d0 100644 ---- a/logrotate.8 -+++ b/logrotate.8 -@@ -405,12 +405,10 @@ Do not rotate the log if it is empty (this overrides the \fBifempty\fR option). - - .TP - \fBolddir \fIdirectory\fR --Logs are moved into \fIdirectory\fR for rotation. The \fIdirectory\fR must be --on the same physical device as the log file being rotated, unless \fBcopy\fR, --\fBcopytruncate\fR or \fBrenamecopy\fR option is used. The \fIdirectory\fR --is assumed to be relative to the directory holding the log file --unless an absolute path name is specified. When this option is used all --old versions of the log end up in \fIdirectory\fR. This option may be -+Logs are moved into \fIdirectory\fR for rotation. The \fIdirectory\fR -+is assumed to be relative to the directory holding the log file unless -+an absolute path name is specified. When this option is used all old -+versions of the log end up in \fIdirectory\fR. This option may be - overridden by the \fBnoolddir\fR option. - - .TP --- -1.7.9.5 - diff --git a/recipes-extended/logrotate/logrotate_%.bbappend b/recipes-extended/logrotate/logrotate_%.bbappend index c8adb80..de7a0c3 100644 --- a/recipes-extended/logrotate/logrotate_%.bbappend +++ b/recipes-extended/logrotate/logrotate_%.bbappend @@ -1,9 +1,6 @@ -PR .= ".mlinux2" +PR .= ".mlinux3" FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -SRC_URI[md5sum] = "8572b7c2cf9ade09a8a8e10098500fb3" -SRC_URI[sha256sum] = "5bf8e478c428e7744fefa465118f8296e7e771c981fb6dffb7527856a0ea3617" - SRC_URI += "file://logrotate.conf" diff --git a/recipes-extended/logrotate/logrotate_3.9.1-mlinux1.bb b/recipes-extended/logrotate/logrotate_3.9.1-mlinux1.bb deleted file mode 100644 index ef26ce4..0000000 --- a/recipes-extended/logrotate/logrotate_3.9.1-mlinux1.bb +++ /dev/null @@ -1,73 +0,0 @@ -SUMMARY = "Rotates, compresses, removes and mails system log files" -SECTION = "console/utils" -HOMEPAGE = "https://github.com/logrotate/logrotate/issues" -LICENSE = "GPLv2" - -# TODO: logrotate 3.8.8 adds autotools/automake support, update recipe to use it. -# TODO: Document coreutils dependency. Why not RDEPENDS? Why not busybox? - -DEPENDS="coreutils popt" - -LIC_FILES_CHKSUM = "file://COPYING;md5=18810669f13b87348459e611d31ab760" - -# When updating logrotate to latest upstream, SRC_URI should point to -# a proper release tarball from https://github.com/logrotate/logrotate/releases -# and we have to take the snapshot for now because there is no such -# tarball available for 3.9.1. - -S = "${WORKDIR}/${BPN}-r3-9-1" - -UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" - -SRC_URI = "https://github.com/${BPN}/${BPN}/archive/r3-9-1.tar.gz;downloadfilename=${BP}.tar.gz\ - file://act-as-mv-when-rotate.patch \ - file://update-the-manual.patch \ - file://disable-check-different-filesystems.patch \ - " - -SRC_URI[md5sum] = "8572b7c2cf9ade09a8a8e10098500fb3" -SRC_URI[sha256sum] = "5bf8e478c428e7744fefa465118f8296e7e771c981fb6dffb7527856a0ea3617" - -# PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}" -PACKAGECONFIG ?= "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \ -" - -PACKAGECONFIG[acl] = ",,acl" -PACKAGECONFIG[selinux] = ",,libselinux" - -CONFFILES_${PN} += "${localstatedir}/lib/logrotate.status \ - ${sysconfdir}/logrotate.conf" - -# If RPM_OPT_FLAGS is unset, it adds -g itself rather than obeying our -# optimization variables, so use it rather than EXTRA_CFLAGS. -EXTRA_OEMAKE = "\ - LFS= \ - OS_NAME='${OS_NAME}' \ - 'CC=${CC}' \ - 'RPM_OPT_FLAGS=${CFLAGS}' \ - 'EXTRA_LDFLAGS=${LDFLAGS}' \ - ${@bb.utils.contains('PACKAGECONFIG', 'acl', 'WITH_ACL=yes', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'selinux', 'WITH_SELINUX=yes', '', d)} \ -" - -# OS_NAME in the makefile defaults to `uname -s`. The behavior for -# freebsd/netbsd is questionable, so leave it as Linux, which only sets -# INSTALL=install and BASEDIR=/usr. -OS_NAME = "Linux" - -do_compile_prepend() { - # Make sure the recompile is OK - rm -f ${B}/.depend -} - -do_install(){ - oe_runmake install DESTDIR=${D} PREFIX=${D} MANDIR=${mandir} - mkdir -p ${D}${sysconfdir}/logrotate.d - mkdir -p ${D}${sysconfdir}/cron.daily - mkdir -p ${D}${localstatedir}/lib - install -p -m 644 examples/logrotate-default ${D}${sysconfdir}/logrotate.conf - install -p -m 755 examples/logrotate.cron ${D}${sysconfdir}/cron.daily/logrotate - touch ${D}${localstatedir}/lib/logrotate.status -} diff --git a/recipes-extended/monit/monit/monit b/recipes-extended/monit/monit/monit new file mode 100755 index 0000000..a6d0e95 --- /dev/null +++ b/recipes-extended/monit/monit/monit @@ -0,0 +1,53 @@ +#! /bin/sh +# +# This is an init script for openembedded +# Copy it to /etc/init.d/monit and type +# > update-rc.d monit defaults 89 +# + +## mlinux +ENABLED=yes +[ -f /etc/default/monit ] && . /etc/default/monit + +if [ "$ENABLED" != "yes" ]; then + echo "monit: disabled in /etc/default" + exit +fi +## mlinux + +monit=/usr/bin/monit +pidfile=/var/run/monit.pid +monit_args="-c /etc/monitrc" + +test -x "$monit" || exit 0 + +case "$1" in + start) + echo -n "Starting Monit" + start-stop-daemon --start --quiet --exec $monit -- $monit_args + RETVAL=$? + echo "." + ;; + stop) + echo -n "Stopping Monit" + start-stop-daemon --stop --quiet --pidfile $pidfile + RETVAL=$? + echo "." + ;; + restart) + $0 stop + $0 start + RETVAL=$? + ;; + status) + $monit $monit_args status + RETVAL=$? + echo "." + ;; + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 +esac + +exit $RETVAL + diff --git a/recipes-extended/monit/monit/monit.init b/recipes-extended/monit/monit/monit.init deleted file mode 100755 index 0a3c2ea..0000000 --- a/recipes-extended/monit/monit/monit.init +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh - -NAME=monit - -ENABLED=yes -[ -f /etc/default/$NAME ] && . /etc/default/$NAME - -if [ "$ENABLED" != "yes" ]; then - echo "$NAME: disabled in /etc/default" - exit -fi - -case $1 in - start) - echo "Starting monit" - monit - ;; - - stop) - echo "Stopping monit" - monit quit - ;; - - restart) - echo "Stopping monit" - monit quit - echo "Starting monit" - monit - ;; - - *) - echo "Usage: $0 {start|stop|restart}" - exit 2 - ;; -esac - - diff --git a/recipes-extended/monit/monit/monitrc b/recipes-extended/monit/monit/monitrc index d04b115..492f529 100644 --- a/recipes-extended/monit/monit/monitrc +++ b/recipes-extended/monit/monit/monitrc @@ -5,8 +5,8 @@ ## Comments begin with a '#' and extend through the end of the line. Keywords ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. ## -## Below you will find examples of some frequently used statements. For -## information about the control file and a complete list of statements and +## Below you will find examples of some frequently used statements. For +## information about the control file and a complete list of statements and ## options, please have a look in the Monit manual. ## ## @@ -17,15 +17,15 @@ ## Start Monit in the background (run as a daemon): # set daemon 30 # check services at 30 seconds intervals -# with start delay 240 # optional: delay the first check by 4-minutes (by +# with start delay 240 # optional: delay the first check by 4-minutes (by # # default Monit check immediately after Monit start) # # -## Set syslog logging with the 'daemon' facility. If the FACILITY option is -## omitted, Monit will use 'user' facility by default. If you want to log to -## a standalone log file instead, specify the full path to the log file +## Set syslog logging. If you want to log to a standalone log file instead, +## specify the full path to the log file # -set logfile syslog facility log_daemon +set log syslog + # # ## Set the location of the Monit lock file which stores the process id of the @@ -34,7 +34,7 @@ set logfile syslog facility log_daemon # set pidfile /var/run/monit.pid # ## Set the location of the Monit id file which stores the unique id for the -## Monit instance. The id is generated and stored on first Monit start. By +## Monit instance. The id is generated and stored on first Monit start. By ## default the file is placed in $HOME/.monit.id. # # set idfile /var/.monit.id @@ -47,9 +47,34 @@ set logfile syslog facility log_daemon # # set statefile /var/.monit.state # -## Set the list of mail servers for alert delivery. Multiple servers may be -## specified using a comma separator. If the first mail server fails, Monit -# will use the second mail server in the list and so on. By default Monit uses +# + +## Set limits for various tests. The following example shows the default values: +## +# set limits { +# programOutput: 512 B, # check program's output truncate limit +# sendExpectBuffer: 256 B, # limit for send/expect protocol test +# fileContentBuffer: 512 B, # limit for file content test +# httpContentBuffer: 1 MB, # limit for HTTP content test +# networkTimeout: 5 seconds # timeout for network I/O +# programTimeout: 300 seconds # timeout for check program +# stopTimeout: 30 seconds # timeout for service stop +# startTimeout: 30 seconds # timeout for service start +# restartTimeout: 30 seconds # timeout for service restart +# } + +## Set global SSL options (just most common options showed, see manual for +## full list). +# +# set ssl { +# verify : enable, # verify SSL certificates (disabled by default but STRONGLY RECOMMENDED) +# selfsigned : allow # allow self signed SSL certificates (reject by default) +# } +# +# +## Set the list of mail servers for alert delivery. Multiple servers may be +## specified using a comma separator. If the first mail server fails, Monit +# will use the second mail server in the list and so on. By default Monit uses # port 25 - it is possible to override this with the PORT option. # # set mailserver mail.bar.baz, # primary mailserver @@ -57,10 +82,10 @@ set logfile syslog facility log_daemon # localhost # fallback relay # # -## By default Monit will drop alert events if no mail servers are available. -## If you want to keep the alerts for later delivery retry, you can use the -## EVENTQUEUE statement. The base directory where undelivered alerts will be -## stored is specified by the BASEDIR option. You can limit the queue size +## By default Monit will drop alert events if no mail servers are available. +## If you want to keep the alerts for later delivery retry, you can use the +## EVENTQUEUE statement. The base directory where undelivered alerts will be +## stored is specified by the BASEDIR option. You can limit the queue size ## by using the SLOTS option (if omitted, the queue is limited by space ## available in the back end filesystem). # @@ -69,23 +94,27 @@ set logfile syslog facility log_daemon # slots 100 # optionally limit the queue size # # -## Send status and events to M/Monit (for more informations about M/Monit -## see http://mmonit.com/). By default Monit registers credentials with +## Send status and events to M/Monit (for more information about M/Monit +## see https://mmonit.com/). By default Monit registers credentials with ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't ## have to register Monit credentials manually in M/Monit. It is possible to -## disable credential registration using the commented out option below. +## disable credential registration using the commented out option below. ## Though, if safety is a concern we recommend instead using https when -## communicating with M/Monit and send credentials encrypted. +## communicating with M/Monit and send credentials encrypted. The password +## should be URL encoded if it contains URL-significant characters like +## ":", "?", "@". Default timeout is 5 seconds, you can customize it by +## adding the timeout option. # # set mmonit http://monit:monit@192.168.1.10:8080/collector +# # with timeout 30 seconds # Default timeout is 5 seconds # # and register without credentials # Don't register credentials # # -## Monit by default uses the following format for alerts if the the mail-format +## Monit by default uses the following format for alerts if the mail-format ## statement is missing:: ## --8<-- ## set mail-format { -## from: monit@$HOST +## from: Monit <monit@$HOST> ## subject: monit alert -- $EVENT $SERVICE ## message: $EVENT Service $SERVICE ## Date: $DATE @@ -105,8 +134,8 @@ set logfile syslog facility log_daemon # set mail-format { from: monit@foo.bar } # # -## You can set alert recipients whom will receive alerts if/when a -## service defined in this file has errors. Alerts may be restricted on +## You can set alert recipients whom will receive alerts if/when a +## service defined in this file has errors. Alerts may be restricted on ## events by using a filter as in the second example below. # # set alert sysadm@foo.bar # receive all alerts @@ -117,18 +146,27 @@ set logfile syslog facility log_daemon # set alert your-name@your.domain not on { instance, action } # # -## Monit has an embedded HTTP interface which can be used to view status of -## services monitored and manage services from a web interface. The HTTP +## Monit has an embedded HTTP interface which can be used to view status of +## services monitored and manage services from a web interface. The HTTP ## interface is also required if you want to issue Monit commands from the ## command line, such as 'monit status' or 'monit restart service' The reason ## for this is that the Monit client uses the HTTP interface to send these -## commands to a running Monit daemon. See the Monit Wiki if you want to -## enable SSL for the HTTP interface. +## commands to a running Monit daemon. See the Monit Wiki if you want to +## enable SSL for the HTTP interface. # set httpd port 2812 and - use address localhost # only accept connection from localhost + use address localhost # only accept connection from localhost (drop if you use M/Monit) allow localhost # allow localhost to connect to the server and allow admin:monit # require user 'admin' with password 'monit' + #with ssl { # enable SSL/TLS and set path to server certificate + # pemfile: /etc/ssl/certs/monit.pem + #} +# +## Monit can perform act differently regarding services previous state when +## going back in duty. By default, Monit will 'start' all services. Monit can +## also takes no action to start services in 'nostart' mode. Monit can try to +## restore the 'laststate' of the service when Monit was shutdown. +# set onreboot start # start, nostart, laststart ############################################################################### ## Services @@ -138,42 +176,40 @@ set httpd port 2812 and ## usage. Each test specifies a resource, conditions and the action to be ## performed should a test fail. # -# check system myhost.mydomain.tld -# if loadavg (1min) > 4 then alert -# if loadavg (5min) > 2 then alert +# check system $HOST +# if loadavg (1min) per core > 2 for 5 cycles then alert +# if loadavg (5min) per core > 1.5 for 10 cycles then alert +# if cpu usage > 95% for 10 cycles then alert # if memory usage > 75% then alert # if swap usage > 25% then alert -# if cpu usage (user) > 70% then alert -# if cpu usage (system) > 30% then alert -# if cpu usage (wait) > 20% then alert # -# +# ## Check if a file exists, checksum, permissions, uid and gid. In addition -## to alert recipients in the global section, customized alert can be sent to -## additional recipients by specifying a local alert handler. The service may +## to alert recipients in the global section, customized alert can be sent to +## additional recipients by specifying a local alert handler. The service may ## be grouped using the GROUP option. More than one group can be specified by ## repeating the 'group name' statement. -# +# # check file apache_bin with path /usr/local/apache/bin/httpd -# if failed checksum and +# if failed checksum and # expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor # if failed permission 755 then unmonitor -# if failed uid root then unmonitor -# if failed gid root then unmonitor +# if failed uid "root" then unmonitor +# if failed gid "root" then unmonitor # alert security@foo.bar on { # checksum, permission, uid, gid, unmonitor # } with the mail-format { subject: Alarm! } # group server # -# +# ## Check that a process is running, in this case Apache, and that it respond ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, -## and number of children. If the process is not running, Monit will restart -## it by default. In case the service is restarted very often and the +## and number of children. If the process is not running, Monit will restart +## it by default. In case the service is restarted very often and the ## problem remains, it is possible to disable monitoring using the TIMEOUT ## statement. This service depends on another service (apache_bin) which ## is defined above. -# +# # check process apache with pidfile /usr/local/apache/logs/httpd.pid # start program = "/etc/init.d/httpd start" with timeout 60 seconds # stop program = "/etc/init.d/httpd stop" @@ -181,50 +217,52 @@ set httpd port 2812 and # if cpu > 80% for 5 cycles then restart # if totalmem > 200.0 MB for 5 cycles then restart # if children > 250 then restart -# if loadavg(5min) greater than 10 for 8 cycles then stop -# if failed host www.tildeslash.com port 80 protocol http -# and request "/somefile.html" -# then restart -# if failed port 443 type tcpssl protocol http -# with timeout 15 seconds -# then restart -# if 3 restarts within 5 cycles then timeout +# if disk read > 500 kb/s for 10 cycles then alert +# if disk write > 500 kb/s for 10 cycles then alert +# if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart +# if failed port 443 protocol https with timeout 15 seconds then restart +# if 3 restarts within 5 cycles then unmonitor # depends on apache_bin # group server -# -# -## Check filesystem permissions, uid, gid, space and inode usage. Other services, -## such as databases, may depend on this resource and an automatically graceful -## stop may be cascaded to them before the filesystem will become full and data +# +# +## Check filesystem permissions, uid, gid, space usage, inode usage and disk I/O. +## Other services, such as databases, may depend on this resource and an automatically +## graceful stop may be cascaded to them before the filesystem will become full and data ## lost. # # check filesystem datafs with path /dev/sdb1 # start program = "/bin/mount /data" # stop program = "/bin/umount /data" # if failed permission 660 then unmonitor -# if failed uid root then unmonitor -# if failed gid disk then unmonitor +# if failed uid "root" then unmonitor +# if failed gid "disk" then unmonitor # if space usage > 80% for 5 times within 15 cycles then alert # if space usage > 99% then stop # if inode usage > 30000 then alert # if inode usage > 99% then stop +# if read rate > 1 MB/s for 5 cycles then alert +# if read rate > 500 operations/s for 5 cycles then alert +# if write rate > 1 MB/s for 5 cycles then alert +# if write rate > 500 operations/s for 5 cycles then alert +# if service time > 10 milliseconds for 3 times within 5 cycles then alert # group server # # -## Check a file's timestamp. In this example, we test if a file is older +## Check a file's timestamp. In this example, we test if a file is older ## than 15 minutes and assume something is wrong if its not updated. Also, ## if the file size exceed a given limit, execute a script # # check file database with path /data/mydatabase.db # if failed permission 700 then alert -# if failed uid data then alert -# if failed gid data then alert +# if failed uid "data" then alert +# if failed gid "data" then alert # if timestamp > 15 minutes then alert # if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba # # -## Check directory permission, uid and gid. An event is triggered if the -## directory does not belong to the user with uid 0 and gid 0. In addition, +## Check directory permission, uid and gid. An event is triggered if the +## directory does not belong to the user with uid 0 and gid 0. In addition, ## the permissions have to match the octal description of 755 (see chmod(1)). # # check directory bin with path /bin @@ -233,8 +271,8 @@ set httpd port 2812 and # if failed gid 0 then unmonitor # # -## Check a remote host availability by issuing a ping test and check the -## content of a response from a web server. Up to three pings are sent and +## Check a remote host availability by issuing a ping test and check the +## content of a response from a web server. Up to three pings are sent and ## connection to a port and an application level network check is performed. # # check host myserver with address 192.168.1.1 @@ -253,7 +291,7 @@ set httpd port 2812 and # if changed link then alert # if saturation > 90% then alert # if download > 10 MB/s then alert -# if total upload > 1 GB in last hour then alert +# if total uploaded > 1 GB in last hour then alert # # ## Check custom program status output. diff --git a/recipes-extended/monit/monit_5.22.0.bb b/recipes-extended/monit/monit_5.22.0.bb deleted file mode 100644 index 3ad3074..0000000 --- a/recipes-extended/monit/monit_5.22.0.bb +++ /dev/null @@ -1,51 +0,0 @@ -DESCRIPTION = "Monit" -HOMEPAGE = "http://mmonit.com/" -LICENSE = "AGPL-3.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=ea116a7defaf0e93b3bb73b2a34a3f51" -DEPENDS = "libpam zlib openssl" - -PR = "r0" - -SRC_URI = "http://mmonit.com/monit/dist/monit-5.22.0.tar.gz \ - file://monitrc \ - file://monit.init \ - file://monit.default \ - " - -SRC_URI[md5sum] = "768a637b8d23b6cbce271a8ff125c61f" -SRC_URI[sha256sum] = "9fc58b5e3caafd64f0b6fff3e65ae757239fab37d04fb33efce177da15176183" - -inherit autotools-brokensep - -EXTRA_OECONF += "--with-ssl-lib-dir=${STAGING_LIBDIR} \ - --with-ssl-incl-dir=${STAGING_INCDIR} \ - " - -# Regenerate autoconfig generated aclocal.m4/m4 contained in the tarball -EXTRA_AUTORECONF += " --force" - -do_configure_prepend() { - rm ${S}/aclocal.m4 - rm -Rf ${S}/m4 -} - -EXTRA_OECONF_append_arm = " libmonit_cv_setjmp_available=yes libmonit_cv_vsnprintf_c99_conformant=yes " - -inherit update-rc.d - -INITSCRIPT_NAME = "monit" -INITSCRIPT_PARAMS = "defaults 99 10" - -do_install_append() { - install -d ${D}${sysconfdir} - install -d ${D}${sysconfdir}/monit.d - install -m 0600 ${WORKDIR}/monitrc ${D}${sysconfdir}/ - - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/monit.init ${D}${sysconfdir}/init.d/monit - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/monit.default ${D}${sysconfdir}/default/monit -} - -CONFFILES_${PN} += "${sysconfdir}/monitrc ${sysconfdir}/default/monit" diff --git a/recipes-extended/monit/monit_5.26.0.bbappend b/recipes-extended/monit/monit_5.26.0.bbappend new file mode 100644 index 0000000..e35bb64 --- /dev/null +++ b/recipes-extended/monit/monit_5.26.0.bbappend @@ -0,0 +1,18 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/monit:" + +SRC_URI += "file://monit.default \ + " + +EXTRA_OECONF_remove_arm = "libmonit_cv_setjmp_available=no libmonit_cv_vsnprintf_c99_conformant=no" +EXTRA_OECONF_append_arm = " libmonit_cv_setjmp_available=yes libmonit_cv_vsnprintf_c99_conformant=yes " + +INITSCRIPT_PARAMS = "defaults 99 10" + +do_install_append() { + install -d ${D}${sysconfdir}/monit.d + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/monit.default ${D}${sysconfdir}/default/monit +} + +CONFFILES_${PN} += "${sysconfdir}/monitrc ${sysconfdir}/default/monit" diff --git a/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch new file mode 100644 index 0000000..f7ccfdd --- /dev/null +++ b/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch @@ -0,0 +1,52 @@ +sudo.conf.in: fix conflict with multilib + +When pass ${libdir} to --libexecdir of sudo, it fails to install sudo +and lib32-sudo at same time: + +| Error: Transaction test error: +| file /etc/sudo.conf conflicts between attempted installs of + sudo-1.9.3p1-r0.core2_64 and lib32-sudo-1.9.3p1-r0.core2_32 + +Update the comments in sudo.conf.in to avoid the conflict. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Upstream-Status: Inappropriate [OE configuration specific] +--- + examples/sudo.conf.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in +index 19e33ff..af78235 100644 +--- a/examples/sudo.conf.in ++++ b/examples/sudo.conf.in +@@ -4,7 +4,7 @@ + # Sudo plugins: + # Plugin plugin_name plugin_path plugin_options ... + # +-# The plugin_path is relative to @plugindir@ unless ++# The plugin_path is relative to $plugindir such as /usr/lib/sudo unless + # fully qualified. + # The plugin_name corresponds to a global symbol in the plugin + # that contains the plugin interface structure. +@@ -50,7 +50,7 @@ Plugin sudoers_audit sudoers.so + # The compiled-in value is usually sufficient and should only be changed + # if you rename or move the sudo_noexec.so file. + # +-#Path noexec @plugindir@/sudo_noexec.so ++#Path noexec $plugindir/sudo_noexec.so + + # + # Sudo plugin directory: +@@ -59,7 +59,7 @@ Plugin sudoers_audit sudoers.so + # The default directory to use when searching for plugins that are + # specified without a fully qualified path name. + # +-#Path plugin_dir @plugindir@ ++#Path plugin_dir $plugindir + + # + # Sudo developer mode: +-- +2.17.1 + diff --git a/recipes-extended/sudo/sudo/privacy b/recipes-extended/sudo/files/privacy index 7c03615..7c03615 100644 --- a/recipes-extended/sudo/sudo/privacy +++ b/recipes-extended/sudo/files/privacy diff --git a/recipes-extended/sudo/sudo/sudoers.patch b/recipes-extended/sudo/files/sudoers.patch index aed0f10..aed0f10 100644 --- a/recipes-extended/sudo/sudo/sudoers.patch +++ b/recipes-extended/sudo/files/sudoers.patch diff --git a/recipes-extended/sudo/sudo.inc b/recipes-extended/sudo/sudo.inc index 51748b1..97ecabe 100644 --- a/recipes-extended/sudo/sudo.inc +++ b/recipes-extended/sudo/sudo.inc @@ -4,18 +4,18 @@ HOMEPAGE = "http://www.sudo.ws" BUGTRACKER = "http://www.sudo.ws/bugs/" SECTION = "admin" LICENSE = "ISC & BSD & Zlib" -LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=6c76b73603ac7763ab0516ebfbe67b42 \ - file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=4a162fc04b86b03f5632180fe6076cda \ - file://lib/util/reallocarray.c;beginline=3;endline=16;md5=85b0905b795d4d58bf2e00635649eec6 \ - file://lib/util/fnmatch.c;beginline=3;endline=27;md5=67f83ee9bd456557397082f8f1be0efd \ - file://lib/util/getcwd.c;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ - file://lib/util/glob.c;beginline=6;endline=31;md5=5872733146b9eb0deb79e1f664815b85 \ - file://lib/util/snprintf.c;beginline=6;endline=34;md5=c82c1b3a5c32e08545c9ec5d71e41e50 \ - file://include/sudo_queue.h;beginline=5;endline=27;md5=449af4cc57fc7d46f42090608ba3e681 \ - file://lib/util/inet_pton.c;beginline=3;endline=17;md5=3970ab0518ab79cbd0bafb697f10b33a \ - file://lib/util/arc4random.c;beginline=3;endline=20;md5=15bdc89c1b003fa4d7353e6296ebfd68 \ - file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=31e630ac814d692fd0ab7a942659b46f \ - file://lib/util/getentropy.c;beginline=1;endline=19;md5=9f1a275ecd44cc264a2a4d5e06a75292 \ +LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=fdff64d4fd19126330aa81b94d167173 \ + file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \ + file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \ + file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \ + file://lib/util/getcwd.c;beginline=2;endline=27;md5=50f8d9667750e18dea4e84a935c12009 \ + file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \ + file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \ + file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \ + file://lib/util/inet_pton.c;beginline=3;endline=17;md5=27785c9f5835093eda42aa0816a2d0b4 \ + file://lib/util/arc4random.c;beginline=3;endline=20;md5=ced8636ecefa2ba907cfe390bc3bd964 \ + file://lib/util/arc4random_uniform.c;beginline=3;endline=17;md5=e30c2b777cdc00cfcaf7c445a10b262f \ + file://lib/util/getentropy.c;beginline=1;endline=19;md5=a0f58be3d60b6dcd898ec5fe0866d36f \ " inherit autotools @@ -26,13 +26,12 @@ PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel" CONFFILES_${PN} = "${sysconfdir}/sudoers" -EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor" +EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor" EXTRA_OECONF_append_libc-musl = " --disable-hardening " # mksigname/mksiglist are used on build host to generate source files do_compile_prepend () { - echo "JAK: Correct sudo.inc" # Remove build host references from sudo_usage.h sed -i \ -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ diff --git a/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch b/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch deleted file mode 100644 index eb36cd4..0000000 --- a/recipes-extended/sudo/sudo/0001-Include-sys-types.h-for-id_t-definition.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 386e2c2fa2ab2e02ef71c268a57205139be329ab Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 31 Aug 2015 07:07:49 +0000 -Subject: [PATCH] Include sys/types.h for id_t definition - -/sudo_util.h:219:14: error: unknown type name 'id_t' - __dso_public id_t sudo_strtoid_v1(const char *str, const char *sep, - char **endp, const char **errstr); - ^ - make[1]: *** [preserve_fds.o] Error 1 - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - include/sudo_util.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/sudo_util.h b/include/sudo_util.h -index 89c9f89..ac0855a 100644 ---- a/include/sudo_util.h -+++ b/include/sudo_util.h -@@ -17,6 +17,8 @@ - #ifndef SUDO_UTIL_H - #define SUDO_UTIL_H - -+#include <sys/types.h> -+ - #ifdef HAVE_STDBOOL_H - # include <stdbool.h> - #else --- -2.5.1 - diff --git a/recipes-extended/sudo/sudo_1.8.27.bb b/recipes-extended/sudo/sudo_1.8.27.bb deleted file mode 100644 index 8f0a144..0000000 --- a/recipes-extended/sudo/sudo_1.8.27.bb +++ /dev/null @@ -1,45 +0,0 @@ -require sudo.inc - -SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://0001-Include-sys-types.h-for-id_t-definition.patch \ - " - -PAM_SRC_URI = "file://sudo.pam" - -SRC_URI[md5sum] = "b5c184b13b6b5de32af630af2fd013fd" -SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0" - -DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" - -EXTRA_OECONF += " \ - ac_cv_type_rsize_t=no \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ - " - -do_install_append () { - if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then - install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo - fi - if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then - echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo - sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers - fi - - chmod 4111 ${D}${bindir}/sudo - chmod 0440 ${D}${sysconfdir}/sudoers - - # Explicitly remove the /run directory to avoid QA error - rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo -} - -FILES_${PN} += "${libdir}/tmpfiles.d" -FILES_${PN}-dev += "${libexecdir}/${BPN}/lib*${SOLIBSDEV} ${libexecdir}/${BPN}/*.la \ - ${libexecdir}/lib*${SOLIBSDEV} ${libexecdir}/*.la" - - - - - diff --git a/recipes-extended/sudo/sudo_1.9.5p2.bb b/recipes-extended/sudo/sudo_1.9.5p2.bb new file mode 100644 index 0000000..a1164e9 --- /dev/null +++ b/recipes-extended/sudo/sudo_1.9.5p2.bb @@ -0,0 +1,59 @@ +require sudo.inc + +SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ + " + +PAM_SRC_URI = "file://sudo.pam" + +SRC_URI[sha256sum] = "539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978" + +DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_type_rsize_t=no \ + ac_cv_path_MVPROG=${base_bindir}/mv \ + ac_cv_path_BSHELLPROG=${base_bindir}/sh \ + ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ + ac_cv_path_VIPROG=${base_bindir}/vi \ + " + +EXTRA_OECONF += " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + --with-rundir=/run/sudo \ + --with-vardir=/var/lib/sudo \ + --libexecdir=${libdir} \ + " + +do_install_append () { + if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then + install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + fi + if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then + echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo + sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + fi + + chmod 4111 ${D}${bindir}/sudo + chmod 0440 ${D}${sysconfdir}/sudoers + + # Explicitly remove the /sudo directory to avoid QA error + rmdir -p --ignore-fail-on-non-empty ${D}/run/sudo +} + +FILES_${PN}-dev += "${libdir}/${BPN}/lib*${SOLIBSDEV} ${libdir}/${BPN}/*.la \ + ${libdir}/lib*${SOLIBSDEV} ${libdir}/*.la" + +SUDO_PACKAGES = "${PN}-sudo\ + ${PN}-lib" + +PACKAGE_BEFORE_PN = "${SUDO_PACKAGES}" + +RDEPENDS_${PN}-sudo = "${PN}-lib" +RDEPENDS_${PN} += "${SUDO_PACKAGES}" + +FILES_${PN}-sudo = "${bindir}/sudo ${bindir}/sudoedit" +FILES_${PN}-lib = "${localstatedir} ${libexecdir} ${sysconfdir} ${libdir} ${nonarch_libdir}" diff --git a/recipes-java/openjdk/openjdk-8_172b11.bbappend b/recipes-java/openjdk/openjdk-8_272.bbappend index 4a258d2..4a258d2 100644 --- a/recipes-java/openjdk/openjdk-8_172b11.bbappend +++ b/recipes-java/openjdk/openjdk-8_272.bbappend diff --git a/recipes-navigation/gpsd/gpsd-3.20/0006-itu_r_tf_460_6.patch b/recipes-navigation/gpsd/gpsd-3.20/0006-itu_r_tf_460_6.patch index 8e8d814..f2c814e 100644 --- a/recipes-navigation/gpsd/gpsd-3.20/0006-itu_r_tf_460_6.patch +++ b/recipes-navigation/gpsd/gpsd-3.20/0006-itu_r_tf_460_6.patch @@ -1,9 +1,9 @@ -diff -Naur old/ntpshmwrite.c new/ntpshmwrite.c ---- old/ntpshmwrite.c 2017-01-23 10:00:05.497129473 -0600 -+++ new/ntpshmwrite.c 2017-01-23 09:47:58.881627772 -0600 -@@ -32,11 +32,18 @@ - * NTP expects leap pending for only 1 month prior to insertion - * Per http://bugs.ntp.org/1090 */ +diff -Naru old/ntpshmwrite.c new/ntpshmwrite.c +--- old/ntpshmwrite.c 2021-03-01 05:18:28.833952716 -0600 ++++ new/ntpshmwrite.c 2021-03-01 05:19:48.361954319 -0600 +@@ -40,11 +40,18 @@ + * in Jun/Dec but may be in March or September + */ (void)gmtime_r( &(td->real.tv_sec), &tm); +/* This code contradicts page 3 section 2.1 of ITU-R RV.460-6 that + * leap second may occur at the last second of a month, with diff --git a/recipes-navigation/gpsd/gpsd-test_1.0.bb b/recipes-navigation/gpsd/gpsd-test_1.0.bb new file mode 100644 index 0000000..7753bcc --- /dev/null +++ b/recipes-navigation/gpsd/gpsd-test_1.0.bb @@ -0,0 +1,37 @@ +DESCRIPTION = "gpsd reboot testing" +SECTION = "base" +PRIORITY = "optional" +LICENSE = "GPLv2+" +PR = "r1" +inherit allarch +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +FILESEXTRAPATHS_prepend = "${THISDIR}/test:" +SRC_URI = " \ + file://gpsd-test-1.0.tar.gz \ + " + +FILES_${PN} = "*" + +RDEPENDS_${PN} = "bash" + +do_install() { + echo "Directory is ${D}" + cp -a * ${D} + cd ${D} + chown -R root:root * + chmod 755 ${prefix}/local/bin/* + chmod 755 ${sysconfdir}/rc5.d/* +} + +pkg_postinst_${PN}() { + if [ -z "$D" ] ; then + touch /var/config/reboot + fi +} + + +pkg_prerm_${PN}() { + if [ -z "$D" ] ; then + rm /var/config/reboot + fi +}
\ No newline at end of file diff --git a/recipes-navigation/gpsd/gpsd/gpsd b/recipes-navigation/gpsd/gpsd/gpsd index b4068c9..36ca387 100755 --- a/recipes-navigation/gpsd/gpsd/gpsd +++ b/recipes-navigation/gpsd/gpsd/gpsd @@ -36,8 +36,25 @@ CAPABILITY=/sys/devices/platform/mts-io/capability/gps # Exit if we have no GPS capability ( [[ -f $CAPABILITY ]] && (($(cat $CAPABILITY) == 1)) ) || exit 0 -# Exit if no gps found -([[ -n $GPS_LINE ]] && [[ -c $GPS_LINE ]]) || exit 0 +([[ -n $GPS_LINE ]]) || exit 0 + +((numtries = 10)) +if [[ $(cat /run/config/gpstype) == u-blox ]] ; then + while ((numtries > 0)) ; do + if [ -c $GPS_LINE ];then + logger -s -t 'gpsd info' -p daemon.info $GPS_LINE" found" + break + fi + sleep 1 + done + if ((numtries == 0));then + logger -s -t 'gpsd info' -p daemon.info $GPS_LINE" not found. gpsd will not start" + exit 0 + fi +else + # Exit if no gps found + ([[ -c $GPS_LINE ]]) || exit 0 +fi # Assemble the GPS devices # PPS device is needed so GPSD finds the PPS. diff --git a/recipes-navigation/gpsd/gpsd/gpsd-default b/recipes-navigation/gpsd/gpsd/gpsd-default index fa67fd1..f6995fc 100644..100755 --- a/recipes-navigation/gpsd/gpsd/gpsd-default +++ b/recipes-navigation/gpsd/gpsd/gpsd-default @@ -52,25 +52,66 @@ GPSFIX="3" # should not need to change the baud rate. # function SET_GPS_SPEED { -if [[ $(mts-io-sysfs show hw-version) =~ ^MTHS- ]] ; then - if gpsctl -t 'u-blox' -D 5 -x '\x06\x41\x00\x00\x03\x1F\x90\x47\x4F\xB1\xFF\xFF\xEA\xFF' $GPS_LINE ; then - logger -s -t 'gpsd info' -p daemon.info "GPS LNA set high" - else - logger -s -t 'gpsd info' -p daemon.alert "ERROR: GPS LNA not set" - fi -fi +((maxtries = 10)) if [[ $(cat /run/config/gpstype) == u-blox ]] ; then - # Set the baud rate. Works better with ntp at a higher baud rate. - if ! gpsctl -T 20 -t 'u-blox' -s $GPS_BAUD -b -f $GPS_LINE ; then - echo 'WARNING: Unable to set GPS serial port speed.' - else - # The next line is needed due to a bug in gpsctl. - # We will go back to the default baud rate if we don't do this step. - echo Expect a timeout error here. Need this error. - gpsctl -T 2 -f $GPS_LINE - stty -F $GPS_LINE $GPS_BAUD - fi -fi # End of U-Blox GPS type + while ((maxtries > 0)) ; do + ((maxtries--)) + if ((maxtries == 5)) ; then + # Not going well, so reset the GPS. + logger -s -t 'gpsd info' -p daemon.alert "u-blox is unresponsive, so reset it" + mts-io-sysfs store gnss-reset 0 + usleep 50 + mts-io-sysfs store gnss-reset 1 + # Reset terminal to defaults + stty -F "$GPS_LINE" '500:5:cbd:8a3b:3:1c:7f:15:4:0:1:0:11:13:1a:0:12:f:17:16:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0' + sleep 5 + fi # Reset at maxtries == 5 + + # Set the baud rate to default speed if having issues + if ((maxtries < 8)) && ((maxtries % 2 == 1)) ; then + stty -F $GPS_LINE 9600 + fi + + # Set the baud rate. Works better with ntp at a higher baud rate. + gpsctlout=$(gpsctl -T 20 -t 'u-blox' -s $GPS_BAUD -b -f $GPS_LINE 2>&1) + result=$? + if [[ $gpsctlout =~ u-blox.*at[[:space:]]115200 ]] ; then + break + fi + + if ((result != 0)) ; then + echo $gpsctlout + echo 'WARNING: Unable to set GPS serial port speed.' + else + # The next line is needed due to a bug in gpsctl. + # We will go back to the default baud rate if we don't do this step. + gpsctlout=$(gpsctl -T 2 -f $GPS_LINE 2>&1) + if [[ $gpsctlout =~ u-blox.*at[[:space:]]115200 ]] ; then + break + fi + stty -F $GPS_LINE $GPS_BAUD + fi + speed=$(stty -F $GPS_LINE speed 2>&1) + if [[ $speed = 115200 ]] ; then + result=$(gpsctl -T 2 -f $GPS_LINE 2>&1) + if [[ $result =~ u-blox[[:space:]]at[[:space:]]115200[[:space:]] ]] ; then + break + fi # gpsctl has a good status + fi # gpsd serial port speed is correct + done # Loop until maxtries + + if ((maxtries == 0)) && [[ -n $result ]] ; then + logger -s -t 'gpsd info' -p daemon.alert "gpsctl -T 2 -f $GPS_LINE" + logger -s -t 'gpsd info' -p daemon.alert "$GPS_LINE: $(stty -F $GPS_LINE speed) baud" + logger -s -t 'gpsd info' -p daemon.alert "$result" + elif [[ $(mts-io-sysfs show hw-version) =~ ^MTHS- ]] ; then + if gpsctl -t 'u-blox' -D 5 -x '\x06\x41\x00\x00\x03\x1F\x90\x47\x4F\xB1\xFF\xFF\xEA\xFF' $GPS_LINE ; then + logger -s -t 'gpsd info' -p daemon.info "GPS LNA set high" + else + logger -s -t 'gpsd info' -p daemon.alert "ERROR: GPS LNA not set" + fi + fi # +fi # If U-Blox GPS type } diff --git a/recipes-navigation/gpsd/gpsd_3.16.bb b/recipes-navigation/gpsd/gpsd_3.16.bb deleted file mode 100644 index 26a8963..0000000 --- a/recipes-navigation/gpsd/gpsd_3.16.bb +++ /dev/null @@ -1,221 +0,0 @@ -SUMMARY = "A TCP/IP Daemon simplifying the communication with GPS devices" -SECTION = "console/network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=d217a23f408e91c94359447735bc1800" -DEPENDS = "dbus dbus-glib ncurses python libusb1 chrpath-replacement-native pps-tools" -PROVIDES = "virtual/gpsd" -PR="m14" - -EXTRANATIVEPATH += "chrpath-native" - -# file://0002-SConstruct-remove-rpath.patch -SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.gz \ - file://0001-SConstruct-prefix-includepy-with-sysroot-and-drop-sy.patch \ - file://0004-SConstruct-disable-html-and-man-docs-building-becaus.patch \ - file://0001-include-sys-ttydefaults.h.patch \ - file://0005-suppress-text-in-binary.patch \ - file://0006-ubxtimelps.patch \ - file://0006-itu_r_tf_460_6.patch \ - file://0006-sysclockcrash.patch \ - file://0008-major_gnu.patch \ - file://gpsd-default \ - file://gpsd \ - file://gpsd_ubx_fixed.sh \ - file://gpsd_ubx_settime.sh \ - file://gpsd_settime.sh \ - file://gpsd_fixed.sh \ - file://gpsd.rules \ - file://gpsd.service \ -" -# Fixed -# file://0001-Check-for-__STDC_NO_ATOMICS__-before-using-stdatomic.patch -# file://0002-Add-a-test-for-C11-and-check-we-have-C11-before-usin.patch -# file://0003-Whoops-check-for-C11-not-for-not-C11-in-stdatomic.h-.patch -# file://0001-Include-stdatomic.h-only-in-C-mode.patch -# file://0001-libgpsd-core-Fix-issue-with-ACTIVATE-hook-not-being-.patch - -SRC_URI[md5sum] = "68691b5de4c94f82ec4062b042b5eb63" -SRC_URI[sha256sum] = "03579af13a4d3fe0c5b79fa44b5f75c9f3cac6749357f1d99ce5d38c09bc2029" - - -inherit scons update-rc.d python-dir pythonnative systemd - -INITSCRIPT_NAME = "gpsd" -INITSCRIPT_PARAMS = "defaults 10" - -SYSTEMD_OESCONS = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false',d)}" - -export STAGING_INCDIR -export STAGING_LIBDIR - -# Necessary for python -export BUILD_SYS -export HOST_SYS - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)}" -PACKAGECONFIG[bluez] = "bluez='false',${BLUEZ}" -PACKAGECONFIG[qt] = "qt='yes',qt='no',qt4-x11-free" -EXTRA_OESCONS = " \ - sysroot=${STAGING_DIR_TARGET} \ - libQgpsmm='false' \ - debug='true' \ - strip='false' \ - chrpath='yes' \ - systemd='${SYSTEMD_OESCONS}' \ - libdir='${libdir}' \ - ashtech='no' \ - earthmate='no' \ - evermore='no' \ - fury='no' \ - fv18='no' \ - garmin='no' \ - garmintxt='no' \ - geostar='no' \ - greis='no' \ - itrax='no' \ - mtk3301='no' \ - navcom='no' \ - nmea0183='yes' \ - nmea2000='no' \ - oncore='no' \ - sirf='no' \ - skytraq='yes' \ - superstar2='no' \ - tnt='no' \ - tripmate='no' \ - tsip='no' \ - ublox='yes' \ - ubloxtimels='yes' \ - aivdm='no' \ - gpsclock='no' \ - oceanserver='no' \ - fixed_stop_bits='1' \ - pps='yes' \ - gpsd_group='gps' \ - ntpshm='yes' \ - ${PACKAGECONFIG_CONFARGS} \ -" -# this cannot be used, because then chrpath is not found and only static lib is built -# target=${HOST_SYS} - -do_compile_prepend() { - export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}" - export PKG_CONFIG="PKG_CONFIG_SYSROOT_DIR=\"${PKG_CONFIG_SYSROOT_DIR}\" pkg-config" - export STAGING_PREFIX="${STAGING_DIR_HOST}/${prefix}" - export LINKFLAGS="${LDFLAGS}" -} - -do_install() { - export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}" - export PKG_CONFIG="PKG_CONFIG_SYSROOT_DIR=\"${PKG_CONFIG_SYSROOT_DIR}\" pkg-config" - export STAGING_PREFIX="${STAGING_DIR_HOST}/${prefix}" - export LINKFLAGS="${LDFLAGS}" - - export DESTDIR="${D}" - # prefix is used for RPATH and DESTDIR/prefix for instalation - ${STAGING_BINDIR_NATIVE}/scons prefix=${prefix} install ${EXTRA_OESCONS}|| \ - bbfatal "scons install execution failed." -} - -do_install_append() { - install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/gpsd ${D}/${sysconfdir}/init.d/ - install -d ${D}/${sysconfdir}/default - install -m 0644 ${WORKDIR}/gpsd-default ${D}/${sysconfdir}/default/gpsd.default - install -d ${D}${sbindir} - install -m 0755 ${WORKDIR}/gpsd_ubx_fixed.sh ${D}${sbindir}/gpsd_ubx_fixed - install -m 0755 ${WORKDIR}/gpsd_ubx_settime.sh ${D}${sbindir}/gpsd_ubx_settime - install -m 0755 ${WORKDIR}/gpsd_fixed.sh ${D}${sbindir}/gpsd_fixed - install -m 0755 ${WORKDIR}/gpsd_settime.sh ${D}${sbindir}/gpsd_settime - - #support for udev - install -d ${D}/${sysconfdir}/udev/rules.d - install -m 0644 ${WORKDIR}/gpsd.rules ${D}/${sysconfdir}/udev/rules.d - install -d ${D}${base_libdir}/udev/ - install -m 0755 ${S}/gpsd.hotplug ${D}${base_libdir}/udev/ - - #support for python - install -d ${D}/${PYTHON_SITEPACKAGES_DIR}/gps - install -m 755 ${S}/gps/*.py ${D}/${PYTHON_SITEPACKAGES_DIR}/gps - - #support for systemd - install -d ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/${BPN}.service ${D}${systemd_unitdir}/system/${BPN}.service - install -m 0644 ${S}/systemd/${BPN}.socket ${D}${systemd_unitdir}/system/${BPN}.socket - - # support for dev (development) - mkdir -p -m 0644 ${D}/${includedir}/gps - install -m 0644 ${S}/gpsd.h ${D}/${includedir}/gps - install -m 0644 ${S}/revision.h ${D}/${includedir}/gps - install -m 0644 ${S}/gpsdclient.h ${D}/${includedir}/gps - install -m 0644 ${S}/gpsd_config.h ${D}/${includedir}/gps - install -m 0644 ${S}/compiler.h ${D}/${includedir}/gps - install -m 0644 ${S}/ppsthread.h ${D}/${includedir}/gps -} - -# Use libgps recipe for sysroot. -do_populate_sysroot() { -} - -RDEPENDS_${PN}-conf += "bash" - -pkg_postinst_${PN}-conf() { - update-alternatives --install ${sysconfdir}/default/gpsd gpsd-defaults ${sysconfdir}/default/gpsd.default 10 -} - -pkg_postrm_${PN}-conf() { - update-alternatives --remove gpsd-defaults ${sysconfdir}/default/gpsd.default -} - -PACKAGES =+ "libgps libgpsd python-pygps-dbg python-pygps gpsd-udev gpsd-conf gpsd-gpsctl gpspipe gps-utils" - -# File does not exist: ${libdir}/libQgpsmm.prl -# FILES_${PN}-dev += "${libdir}/pkgconfdir/libgpsd.pc ${libdir}/pkgconfdir/libgps.pc \ -# ${includedir}/gps.h ${includedir}/libgpsmm.h ${includedir}/gps" - -FILES_${PN} += "${sbindir}/gpsd_*" - -FILES_python-pygps-dbg += " ${libdir}/python*/site-packages/gps/.debug" - -RDEPENDS_${PN} = "gpsd-gpsctl bash" -RRECOMMENDS_${PN} = "gpsd-conf gpsd-machine-conf" - -SUMMARY_${PN}-udev = "udev relevant files to use gpsd hotplugging" -FILES_${PN}-udev = "${base_libdir}/udev ${sysconfdir}/udev/*" -RDEPENDS_${PN}-udev += "udev gpsd-conf" - -SUMMARY_libgpsd = "C service library used for communicating with gpsd" -FILES_libgpsd = "${libdir}/libgpsd.so.*" - -SUMMARY_libgps = "C service library used for communicating with gpsd" -FILES_libgps = "${libdir}/libgps.so.*" - -SUMMARY_${PN}-conf = "gpsd configuration files and init scripts" -FILES_${PN}-conf = "${sysconfdir}" -CONFFILES_${PN}-conf = "${sysconfdir}/default/gpsd.default" - -SUMMARY_${PN}-gpsctl = "Tool for tweaking GPS modes" -FILES_${PN}-gpsctl = "${bindir}/gpsctl" - -SUMMARY_gpspipe = "Tool to connectg to gpsd and retrieve sentences" -FILES_gpspipe = "${bindir}/gpspipe" - -SUMMARY_gps-utils = "Utils used for simulating, monitoring,... a GPS" -FILES_gps-utils = "${bindir}/*" -RDEPENDS_gps-utils = "python-pygps" - -SUMMARY_python-pygps = "Python bindings to gpsd" -FILES_python-pygps = "${PYTHON_SITEPACKAGES_DIR}/*" -RDEPENDS_python-pygps = " \ - python-core \ - python-io \ - python-threading \ - python-terminal \ - python-curses \ - gpsd \ - python-json" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" -SYSTEMD_SERVICE_${PN} = "${PN}.socket" diff --git a/recipes-navigation/gpsd/gpsd_3.16.bb.old b/recipes-navigation/gpsd/gpsd_3.16.bb.old index 1464981..26a8963 100644 --- a/recipes-navigation/gpsd/gpsd_3.16.bb.old +++ b/recipes-navigation/gpsd/gpsd_3.16.bb.old @@ -4,7 +4,7 @@ LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=d217a23f408e91c94359447735bc1800" DEPENDS = "dbus dbus-glib ncurses python libusb1 chrpath-replacement-native pps-tools" PROVIDES = "virtual/gpsd" -PR="m12" +PR="m14" EXTRANATIVEPATH += "chrpath-native" @@ -22,6 +22,8 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://gpsd \ file://gpsd_ubx_fixed.sh \ file://gpsd_ubx_settime.sh \ + file://gpsd_settime.sh \ + file://gpsd_fixed.sh \ file://gpsd.rules \ file://gpsd.service \ " @@ -123,6 +125,8 @@ do_install_append() { install -d ${D}${sbindir} install -m 0755 ${WORKDIR}/gpsd_ubx_fixed.sh ${D}${sbindir}/gpsd_ubx_fixed install -m 0755 ${WORKDIR}/gpsd_ubx_settime.sh ${D}${sbindir}/gpsd_ubx_settime + install -m 0755 ${WORKDIR}/gpsd_fixed.sh ${D}${sbindir}/gpsd_fixed + install -m 0755 ${WORKDIR}/gpsd_settime.sh ${D}${sbindir}/gpsd_settime #support for udev install -d ${D}/${sysconfdir}/udev/rules.d @@ -169,7 +173,7 @@ PACKAGES =+ "libgps libgpsd python-pygps-dbg python-pygps gpsd-udev gpsd-conf gp # FILES_${PN}-dev += "${libdir}/pkgconfdir/libgpsd.pc ${libdir}/pkgconfdir/libgps.pc \ # ${includedir}/gps.h ${includedir}/libgpsmm.h ${includedir}/gps" -FILES_${PN} += "${sbindir}/gpsd_ubx_fixed ${sbindir}/gpsd_ubx_settime" +FILES_${PN} += "${sbindir}/gpsd_*" FILES_python-pygps-dbg += " ${libdir}/python*/site-packages/gps/.debug" diff --git a/recipes-navigation/gpsd/gpsd_3.18.1.bb b/recipes-navigation/gpsd/gpsd_3.18.1.bb.old index 0b0a287..0b0a287 100644 --- a/recipes-navigation/gpsd/gpsd_3.18.1.bb +++ b/recipes-navigation/gpsd/gpsd_3.18.1.bb.old diff --git a/recipes-navigation/gpsd/gpsd_3.19.bb b/recipes-navigation/gpsd/gpsd_3.19.bb.old index da03106..da03106 100644 --- a/recipes-navigation/gpsd/gpsd_3.19.bb +++ b/recipes-navigation/gpsd/gpsd_3.19.bb.old diff --git a/recipes-navigation/gpsd/gpsd_3.20.bb b/recipes-navigation/gpsd/gpsd_3.20.bb index 2cf7b67..ba1b33e 100644 --- a/recipes-navigation/gpsd/gpsd_3.20.bb +++ b/recipes-navigation/gpsd/gpsd_3.20.bb @@ -4,7 +4,11 @@ LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=01764c35ae34d9521944bb6ab312af53" DEPENDS = "dbus dbus-glib ncurses python3 libusb1 chrpath-replacement-native pps-tools" PROVIDES = "virtual/gpsd" -PR="m1" +PR="m6" + +#TODO +#the recipe generates python2 pygps package for Atmel based devices and python3 pygps package for TI based devices. +#later when python2 will be removed the recipe should be returned to previous version EXTRANATIVEPATH += "chrpath-native" @@ -33,6 +37,7 @@ SRC_URI[sha256sum] = "172a7805068eacb815a3c5225436fcb0be46e7e49a5001a94034eac43d inherit scons update-rc.d python3-dir python3native systemd +INITSCRIPT_PACKAGES = "gpsd-conf" INITSCRIPT_NAME = "gpsd" INITSCRIPT_PARAMS = "defaults 10" @@ -49,6 +54,8 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', PACKAGECONFIG[bluez] = "bluez='false',${BLUEZ}" PACKAGECONFIG[qt] = "qt='yes',qt='no',qt4-x11-free" +PYTHON2_SITEPACKAGES_DIR="${libdir}/python2.7/site-packages" + # Remove unneeded features. netfeed is needed by gpsmon EXTRA_OESCONS = " \ sysroot=${STAGING_DIR_TARGET} \ @@ -146,6 +153,8 @@ do_install_append() { #support for python install -d ${D}/${PYTHON_SITEPACKAGES_DIR}/gps install -m 755 ${S}/gps/*.py ${D}/${PYTHON_SITEPACKAGES_DIR}/gps + install -d ${D}/${PYTHON2_SITEPACKAGES_DIR}/gps + install -m 755 ${S}/gps/*.py ${D}/${PYTHON2_SITEPACKAGES_DIR}/gps #support for systemd install -d ${D}${systemd_unitdir}/system/ @@ -165,8 +174,12 @@ do_install_append() { # New ubxtool install -m 0755 ${S}/ubxtool ${D}/${bindir} #install -m 0644 ${S}/ubxtool.1 ${D}/${mandir}/man1 + install -m 0644 ${S}/gps.h ${D}/${includedir} + install -m 0644 ${S}/timespec.h ${D}/${includedir} + install -m 0644 ${S}/libgpsmm.h ${D}/${includedir} } +RDEPENDS_${PN} += "bash" RDEPENDS_${PN}-conf += "bash" pkg_postinst_${PN}-conf() { @@ -177,21 +190,25 @@ pkg_postrm_${PN}-conf() { update-alternatives --remove gpsd-defaults ${sysconfdir}/default/gpsd.default } -PACKAGES =+ "libgps libgpsd python3-pygps-dbg python3-pygps gpsd-udev gpsd-conf gpsd-gpsctl gpspipe gps-utils" + +PACKAGES =+ "libgps libgpsd gpsd-udev gpsd-conf gpsd-gpsctl gpspipe gps-utils python-pygps-dbg python-pygps python3-pygps-dbg python3-pygps" +# PACKAGES =+ "${PN} ${PN}-dbg ${PN}-dev" # File does not exist: ${libdir}/libQgpsmm.prl -FILES_${PN}-dev += "${libdir}/pkgconfdir/libgpsd.pc ${libdir}/pkgconfdir/libgps.pc \ +FILES_${PN}-dev += "${libdir}/pkgconfig/libgpsd.pc ${libdir}/pkgconfig/libgps.pc \ ${libdir}/libQgpsmm.prl \ ${includedir}/gps.h ${includedir}/libgpsmm.h ${includedir}/gps" FILES_${PN} += "${sbindir}/gpsd_*" +FILES_${PN}-doc += "${docdir}" -FILES_python3-pygps-dbg += " ${libdir}/python*/site-packages/gps/.debug" +FILES_${PN}-conf = "${sysconfdir}/default ${sysconfdir}/init.d" -RDEPENDS_${PN} = "gpsd-gpsctl bash" + +RDEPENDS_${PN}-conf = "gpsd-gpsctl bash" # gpsd-udev is for USB, which we are not using -RRECOMMENDS_${PN} = "gpsd-conf gpsd-machine-conf" +# RRECOMMENDS_${PN} = "gpsd-conf gpsd-machine-conf" SUMMARY_${PN}-udev = "udev relevant files to use gpsd hotplugging" FILES_${PN}-udev = "${base_libdir}/udev ${sysconfdir}/udev/*" @@ -215,11 +232,14 @@ FILES_gpspipe = "${bindir}/gpspipe" SUMMARY_gps-utils = "Utils used for simulating, monitoring,... a GPS" FILES_gps-utils = "${bindir}/*" +RDEPENDS_gps-utils_mtbsp-at91 = "python-pygps" RDEPENDS_gps-utils = "python3-pygps" +SUMMARY_python-pygps = "Python bindings to gpsd" SUMMARY_python3-pygps = "Python bindings to gpsd" +FILES_python-pygps = "${PYTHON2_SITEPACKAGES_DIR}/*" FILES_python3-pygps = "${PYTHON_SITEPACKAGES_DIR}/*" -RDEPENDS_python-pygps = " \ +RDEPENDS_python3-pygps = " \ python3-core \ python3-io \ python3-threading \ @@ -228,6 +248,15 @@ RDEPENDS_python-pygps = " \ gpsd \ python3-json" +RDEPENDS_python-pygps = " \ + python-core \ + python-io \ + python-threading \ + python-terminal \ + python-curses \ + gpsd \ + python-json" + RPROVIDES_${PN} += "${PN}-systemd" RREPLACES_${PN} += "${PN}-systemd" RCONFLICTS_${PN} += "${PN}-systemd" @@ -237,3 +266,14 @@ SYSTEMD_SERVICE_${PN} = "${BPN}.socket ${BPN}ctl@.service" ALTERNATIVE_${PN} = "gpsd-defaults" ALTERNATIVE_LINK_NAME[gpsd-defaults] = "${sysconfdir}/default/gpsd" ALTERNATIVE_TARGET[gpsd-defaults] = "${sysconfdir}/default/gpsd.default" + + +FILES_${PN}-dev_append = " ${includedir}/gps.h ${includedir}/timespec.h ${includedir}/libgpsmm.h ${includedir}/gps ${libdir}/libgps.so" +FILES_${PN}-dev_remove = "${includedir} ${FILES_SOLIBSDEV} \ + ${libdir}/*.la ${libdir}/*.o ${libdir}/pkgconfig \ + ${datadir}/pkgconfig ${datadir}/aclocal \ + ${base_libdir}/*.o ${libdir}/${BPN}/*.la ${base_libdir}/*.la" + +SUMMARY_${PN}-dbg = "Debug the C service library used for communicating with gpsd" + +FILES_${PN}-dbg_replace = "${prefix}/src/* ${libdir}/.debug/*" diff --git a/recipes-navigation/gpsd/libgps24_3.18.1.bb b/recipes-navigation/gpsd/libgps24_3.18.1.bb deleted file mode 100644 index 8f1b811..0000000 --- a/recipes-navigation/gpsd/libgps24_3.18.1.bb +++ /dev/null @@ -1,142 +0,0 @@ -SUMMARY = "A TCP/IP Daemon simplifying the communication with GPS devices" -SECTION = "console/network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=d217a23f408e91c94359447735bc1800" -DEPENDS = "dbus dbus-glib ncurses python libusb1 chrpath-replacement-native pps-tools" -PROVIDES = "${PN} ${PN}-dbg ${PN}-dev" -PR="m5" -#BPN="gpsd" -#BP="${BPN}-${PV}" - -EXTRANATIVEPATH += "chrpath-native" -FILESEXTRAPATHS_prepend = "${THISDIR}/gpsd-${PV}:" -# sysclockcrash is fixed for gpsd -# suppress text in binary is fixed for gpsctl - -S = "${WORKDIR}/gpsd-${PV}" - -SRC_URI = "${SAVANNAH_GNU_MIRROR}/gpsd/gpsd-${PV}.tar.gz \ - file://0001-SConstruct-prefix-includepy-with-sysroot-and-drop-sy.patch \ - file://0004-SConstruct-disable-html-and-man-docs-building-becaus.patch \ - file://0001-include-sys-ttydefaults.h.patch \ - file://0006-ubxtimelps.patch \ - file://0006-itu_r_tf_460_6.patch \ -" -SRC_URI[md5sum] = "3b11f26b295010666b1767b308f90bc5" -SRC_URI[sha256sum] = "5cb1e6d880ec9a52c62492dd0e3d77451b7c7ad625895bd652f6354215aec23e" - -inherit scons python-dir pythonnative systemd - -SYSTEMD_OESCONS = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false',d)}" - -export STAGING_INCDIR -export STAGING_LIBDIR - -# Necessary for python -export BUILD_SYS -export HOST_SYS - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)}" -PACKAGECONFIG[bluez] = "bluez='false',${BLUEZ}" -PACKAGECONFIG[qt] = "qt='yes',qt='no',qt4-x11-free" -EXTRA_OESCONS = " \ - sysroot=${STAGING_DIR_TARGET} \ - libQgpsmm='false' \ - debug='true' \ - strip='false' \ - chrpath='yes' \ - systemd='${SYSTEMD_OESCONS}' \ - ashtech='no' \ - earthmate='no' \ - evermore='no' \ - fury='no' \ - fv18='no' \ - garmin='no' \ - garmintxt='no' \ - geostar='no' \ - greis='no' \ - itrax='no' \ - mtk3301='no' \ - navcom='no' \ - nmea0183='yes' \ - nmea2000='no' \ - oncore='no' \ - sirf='no' \ - skytraq='no' \ - superstar2='no' \ - tnt='no' \ - tripmate='no' \ - tsip='no' \ - ublox='yes' \ - ubloxtimels='yes' \ - aivdm='no' \ - gpsclock='no' \ - oceanserver='no' \ - libdir='${libdir}' \ - fixed_stop_bits='1' \ - pps='yes' \ - gpsd_group='gps' \ - ntpshm='yes' \ - prefix='usr' \ - ${PACKAGECONFIG_CONFARGS} \ -" -# this cannot be used, because then chrpath is not found and only static lib is built -# target=${HOST_SYS} - -do_compile_prepend() { - export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}" - export PKG_CONFIG="PKG_CONFIG_SYSROOT_DIR=\"${PKG_CONFIG_SYSROOT_DIR}\" pkg-config" - export STAGING_PREFIX="${STAGING_DIR_HOST}/${prefix}" - export LINKFLAGS="${LDFLAGS}" -} -do_install() { - export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}" - export PKG_CONFIG="PKG_CONFIG_SYSROOT_DIR=\"${PKG_CONFIG_SYSROOT_DIR}\" pkg-config" - export STAGING_PREFIX="${STAGING_DIR_HOST}/${prefix}" - export LINKFLAGS="${LDFLAGS}" - - export DESTDIR="${D}" - install -d 755 ${D}${libdir} - install libgps.so.24.* ${D}${libdir} - cp -a libgps.so.24 ${D}${libdir} - (cd ${D}${libdir};ln -sf libgps.so.24.* libgps.so) - - # support for dev (development) - mkdir -p -m 0644 ${D}/${includedir}/gps - install -m 0644 ${S}/gpsd.h ${D}/${includedir}/gps - install -m 0644 ${S}/os_compat.h ${D}/${includedir}/gps - install -m 0644 ${S}/revision.h ${D}/${includedir}/gps - install -m 0644 ${S}/gpsdclient.h ${D}/${includedir}/gps - install -m 0644 ${S}/gpsd_config.h ${D}/${includedir}/gps - install -m 0644 ${S}/compiler.h ${D}/${includedir}/gps - install -m 0644 ${S}/ppsthread.h ${D}/${includedir}/gps - install -m 0644 ${S}/gps.h ${D}/${includedir} - install -m 0644 ${S}/libgpsmm.h ${D}/${includedir} -} - - -FILES_${PN}-dev_append = " ${includedir}/gps.h ${includedir}/libgpsmm.h ${includedir}/gps ${libdir}/libgps.so" -FILES_${PN}-dev_remove = "${includedir} ${FILES_SOLIBSDEV} \ - ${libdir}/*.la ${libdir}/*.o ${libdir}/pkgconfig \ - ${datadir}/pkgconfig ${datadir}/aclocal \ - ${base_libdir}/*.o ${libdir}/${BPN}/*.la ${base_libdir}/*.la" - -SUMMARY_${PN}-dbg = "Debug the C service library used for communicating with gpsd" -PACKAGES = "${PN} ${PN}-dbg ${PN}-dev" - -FILES_${PN}-dbg_replace = "${prefix}/src/* ${libdir}/.debug/*" - -SUMMARY_${PN} = "C service library used for communicating with gpsd" - -RDEPENDS_${PN} += "dbus-lib" - -FILES_${PN}_append = " ${libdir}/libgps.so.* " -FILES_${PN}_remove = "${bindir}/* ${sbindir}/* ${libexecdir}/* \ - ${libdir}/lib*${SOLIBS} ${sysconfdir} ${sharedstatedir} \ - ${localstatedir} ${base_bindir}/* ${base_sbindir}/* \ - ${base_libdir}/*${SOLIBS} ${base_prefix}/lib/udev \ - ${prefix}/lib/udev ${base_libdir}/udev ${libdir}/udev \ - ${datadir}/${BPN} ${libdir}/${BPN}/* ${datadir}/pixmaps \ - ${datadir}/applications ${datadir}/idl ${datadir}/omf \ - ${datadir}/sounds ${libdir}/bonobo/servers \ -" diff --git a/recipes-navigation/gpsd/libgps25_3.20.bb b/recipes-navigation/gpsd/libgps25_3.20.bb.old index eb40643..eb40643 100644 --- a/recipes-navigation/gpsd/libgps25_3.20.bb +++ b/recipes-navigation/gpsd/libgps25_3.20.bb.old diff --git a/recipes-navigation/gpsd/test/README b/recipes-navigation/gpsd/test/README new file mode 100644 index 0000000..d3f3a60 --- /dev/null +++ b/recipes-navigation/gpsd/test/README @@ -0,0 +1,34 @@ +To run the test: +opkg install gpsd-test_1.0-*_all.ipk + +/etc/rc5.d/S99zzreboot + + +To shutoff the test: + +rm /var/config/reboot + + +To restart the test: + +touch /var/config/reboot + +/etc/rc5.d/S99zzreboot + + + +A log of successful tests is kept in: +/var/config/gpslog.txt. + +It contains the seconds since 1-1-1970, +baud rate, and the ntpq -p output for the +PPS. + +On failure, the test will stop rebooting. + +Failure is defined as: + +No fix (if we lost reception this could happen) + +Bad baud rate (not 115200) + diff --git a/recipes-navigation/gpsd/test/gpsd-test-1.0.tar.gz b/recipes-navigation/gpsd/test/gpsd-test-1.0.tar.gz Binary files differnew file mode 100644 index 0000000..a2eb195 --- /dev/null +++ b/recipes-navigation/gpsd/test/gpsd-test-1.0.tar.gz diff --git a/recipes-support/dnsmasq/dnsmasq.inc b/recipes-support/dnsmasq/dnsmasq.inc deleted file mode 100644 index fdd7ab7..0000000 --- a/recipes-support/dnsmasq/dnsmasq.inc +++ /dev/null @@ -1,86 +0,0 @@ -SUMMARY = "Lightweight, easy to configure DNS forwarder and DHCP server" -HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html" -SECTION = "net" -# GPLv3 was added in version 2.41 as license option -LICENSE = "GPLv2 | GPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ - file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504" - -#at least versions 2.15 and prior are moved to the archive folder on the server -SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV',1).split('.')[1]) > 15]}dnsmasq-${PV}.tar.gz;name=dnsmasq-${PV} \ - file://init \ - file://default \ - file://dnsmasq.conf \ - file://dnsmasq-resolvconf.service \ - file://dnsmasq-noresolvconf.service \ -" - -inherit pkgconfig update-rc.d systemd - -INITSCRIPT_NAME = "dnsmasq" -INITSCRIPT_PARAMS = "defaults" - -PACKAGECONFIG ?= "" -PACKAGECONFIG[dbus] = ",,dbus" -PACKAGECONFIG[idn] = ",,libidn" -PACKAGECONFIG[conntrack] = ",,libnetfilter-conntrack" -PACKAGECONFIG[lua] = ",,lua" -PACKAGECONFIG[resolvconf] = ",,,resolvconf" -EXTRA_OEMAKE = "\ - 'COPTS=${@bb.utils.contains('PACKAGECONFIG', 'dbus', '-DHAVE_DBUS', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'idn', '-DHAVE_IDN', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'conntrack', '-DHAVE_CONNTRACK', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'lua', '-DHAVE_LUASCRIPT', '', d)}' \ - 'CFLAGS=${CFLAGS}' \ - 'LDFLAGS=${LDFLAGS}' \ -" - -SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'file://dnsmasq.resolvconf file://99_dnsmasq file://dnsmasq-resolvconf-helper', '', d)}" - -do_compile_append() { - # build dhcp_release - cd ${S}/contrib/lease-tools - oe_runmake -} - -do_install () { - oe_runmake "PREFIX=${D}${prefix}" \ - "BINDIR=${D}${bindir}" \ - "MANDIR=${D}${mandir}" \ - install - install -d ${D}${sysconfdir}/ ${D}${sysconfdir}/init.d ${D}${sysconfdir}/dnsmasq.d ${D}${sysconfdir}/default - install -m 644 ${WORKDIR}/dnsmasq.conf ${D}${sysconfdir}/ - install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/dnsmasq - install -m 755 ${WORKDIR}/default ${D}${sysconfdir}/default/dnsmasq - - install -d ${D}${systemd_unitdir}/system - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'resolvconf', '', d)}" != "" ]; then - install -m 0644 ${WORKDIR}/dnsmasq-resolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service - else - install -m 0644 ${WORKDIR}/dnsmasq-noresolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service - fi - - install -m 0755 ${S}/contrib/lease-tools/dhcp_release ${D}${bindir} - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'dbus', 'dbus', '', d)}" != "" ]; then - install -d ${D}${sysconfdir}/dbus-1/system.d - install -m 644 dbus/dnsmasq.conf ${D}${sysconfdir}/dbus-1/system.d/ - fi - if [ "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'resolvconf', '', d)}" != "" ]; then - install -d ${D}${sysconfdir}/resolvconf/update.d/ - install -m 0755 ${WORKDIR}/dnsmasq.resolvconf ${D}${sysconfdir}/resolvconf/update.d/dnsmasq - - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/99_dnsmasq ${D}${sysconfdir}/default/volatiles - install -m 0755 ${WORKDIR}/dnsmasq-resolvconf-helper ${D}${bindir} - fi -} - -# init.d/dnsmasq conflicts with AEP. -CONFFILES_${PN} = "${sysconfdir}/dnsmasq.conf ${sysconfdir}/init.d/dnsmasq" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" -SYSTEMD_SERVICE_${PN} = "dnsmasq.service" diff --git a/recipes-support/dnsmasq/dnsmasq_%.bbappend b/recipes-support/dnsmasq/dnsmasq_%.bbappend new file mode 100644 index 0000000..6aa39f8 --- /dev/null +++ b/recipes-support/dnsmasq/dnsmasq_%.bbappend @@ -0,0 +1,14 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI += "\ + file://init.patch;patchdir=.. \ + file://default \ + " + +do_install_append () { + install -d ${D}${sysconfdir}/ ${D}${sysconfdir}/default + install -m 755 ${WORKDIR}/default ${D}${sysconfdir}/default/dnsmasq +} + +# init.d/dnsmasq conflicts with AEP. +CONFFILES_${PN} += "${sysconfdir}/init.d/dnsmasq" diff --git a/recipes-support/dnsmasq/dnsmasq_2.78.bb b/recipes-support/dnsmasq/dnsmasq_2.78.bb deleted file mode 100644 index a2641f1..0000000 --- a/recipes-support/dnsmasq/dnsmasq_2.78.bb +++ /dev/null @@ -1,5 +0,0 @@ -require dnsmasq.inc - -SRC_URI[dnsmasq-2.78.md5sum] = "3bb97f264c73853f802bf70610150788" -SRC_URI[dnsmasq-2.78.sha256sum] = "c92e5d78aa6353354d02aabf74590d08980bb1385d8a00b80ef9bc80430aa1dc" - diff --git a/recipes-support/dnsmasq/files/99_dnsmasq b/recipes-support/dnsmasq/files/99_dnsmasq deleted file mode 100644 index f52ce4e..0000000 --- a/recipes-support/dnsmasq/files/99_dnsmasq +++ /dev/null @@ -1 +0,0 @@ -d root root 0755 /run/dnsmasq none diff --git a/recipes-support/dnsmasq/files/dnsmasq-noresolvconf.service b/recipes-support/dnsmasq/files/dnsmasq-noresolvconf.service deleted file mode 100644 index 0c64fab..0000000 --- a/recipes-support/dnsmasq/files/dnsmasq-noresolvconf.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=DNS forwarder and DHCP server -After=network.target - -[Service] -Type=forking -PIDFile=/run/dnsmasq.pid -ExecStartPre=/usr/bin/dnsmasq --test -ExecStart=/usr/bin/dnsmasq -x /run/dnsmasq.pid -7 /etc/dnsmasq.d --local-service -ExecStop=/bin/kill $MAINPID -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target - diff --git a/recipes-support/dnsmasq/files/dnsmasq-resolvconf-helper b/recipes-support/dnsmasq/files/dnsmasq-resolvconf-helper deleted file mode 100644 index db54d46..0000000 --- a/recipes-support/dnsmasq/files/dnsmasq-resolvconf-helper +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# -# Borrowing heavily from the dnsmasq initscript's version of support for -# resolvconf, intended for use in systemd-only configurations. -# -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/dnsmasq -NAME=dnsmasq - -# Most configuration options in /etc/default/dnsmasq are deprecated -# but still honoured. -if [ -r /etc/default/$NAME ]; then - . /etc/default/$NAME -fi - -start_resolvconf() -{ - # If interface "lo" is explicitly disabled in /etc/default/dnsmasq - # Then dnsmasq won't be providing local DNS, so don't add it to - # the resolvconf server set. - for interface in $DNSMASQ_EXCEPT - do - [ $interface = lo ] && return - done - - if [ -x /sbin/resolvconf ] ; then - echo "nameserver 127.0.0.1" | - /sbin/resolvconf -a lo.$NAME - fi - return 0 -} - -stop_resolvconf() -{ - if [ -x /sbin/resolvconf ] ; then - /sbin/resolvconf -d lo.$NAME - fi - return 0 -} - -case "$1" in - start) - start_resolvconf - exit 0 - ;; - stop) - stop_resolvconf - exit 0 - ;; - restart) - stop_resolvconf - start_resolvconf - exit 0 - ;; - *) - echo "Usage: /etc/init.d/$NAME {start|stop|restart}" >&2 - exit 3 - ;; -esac - -exit 0 - diff --git a/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service b/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service deleted file mode 100644 index 2980f7d..0000000 --- a/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=DNS forwarder and DHCP server -After=network.target - -[Service] -Type=forking -PIDFile=/run/dnsmasq.pid -ExecStartPre=/usr/bin/dnsmasq --test -ExecStart=/usr/bin/dnsmasq -x /run/dnsmasq.pid -7 /etc/dnsmasq.d --local-service -ExecStartPost=/usr/bin/dnsmasq-resolvconf-helper start -ExecStopPre=/usr/bin/dnsmasq-resolvconf-helper stop -ExecStop=/bin/kill $MAINPID -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target - diff --git a/recipes-support/dnsmasq/files/dnsmasq.conf b/recipes-support/dnsmasq/files/dnsmasq.conf deleted file mode 100755 index 34d5135..0000000 --- a/recipes-support/dnsmasq/files/dnsmasq.conf +++ /dev/null @@ -1,293 +0,0 @@ -# Configuration file for dnsmasq. -# -# Format is one option per line, legal options are the same -# as the long options legal on the command line. See -# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. - -# Change these lines if you want dnsmasq to serve MX records. -# Only one of mx-host and mx-target need be set, the other defaults -# to the name of the host running dnsmasq. -#mx-host= -#mx-target= -#selfmx -#localmx - -# The following two options make you a better netizen, since they -# tell dnsmasq to filter out queries which the public DNS cannot -# answer, and which load the servers (especially the root servers) -# uneccessarily. If you have a dial-on-demand link they also stop -# these requests from bringing up the link uneccessarily. - -# Never forward plain names (with a dot or domain part) -domain-needed -# Never forward addresses in the non-routed address spaces. -bogus-priv - - -# Uncomment this to filter useless windows-originated DNS requests -# which can trigger dial-on-demand links needlessly. -# Note that (amongst other things) this blocks all SRV requests, -# so don't use it if you use eg Kerberos. -#filterwin2k - -# Change this line if you want dns to get its upstream servers from -# somewhere other that /etc/resolv.conf -#resolv-file= - -# By default, dnsmasq will send queries to any of the upstream -# servers it knows about and tries to favour servers to are known -# to be up. Uncommenting this forces dnsmasq to try each query -# with each server strictly in the order they appear in -# /etc/resolv.conf -#strict-order - -# If you don't want dnsmasq to read /etc/resolv.conf or any other -# file, getting its servers for this file instead (see below), then -# uncomment this -#no-resolv - -# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv -# files for changes and re-read them then uncomment this. -#no-poll - -# Add other name servers here, with domain specs if they are for -# non-public domains. -#server=/localnet/192.168.0.1 - -# Add local-only domains here, queries in these domains are answered -# from /etc/hosts or DHCP only. -#local=/localnet/ - -# Add domains which you want to force to an IP address here. -# The example below send any host in doubleclick.net to a local -# webserver. -#address=/doubleclick.net/127.0.0.1 - -# You no longer (as of version 1.7) need to set these to enable -# dnsmasq to read /etc/ppp/resolv.conf since dnsmasq now uses the -# "dip" group to achieve this. -#user= -#group= - -# If you want dnsmasq to listen for requests only on specified interfaces -# (and the loopback) give the name of the interface (eg eth0) here. -# Repeat the line for more than one interface. -#interface= -# Or you can specify which interface _not_ to listen on -#except-interface= -# Or which to listen on by address (remember to include 127.0.0.1 if -# you use this.) -#listen-address=127.0.0.1 - -# On systems which support it, dnsmasq binds the wildcard address, -# even when it is listening on only some interfaces. It then discards -# requests that it shouldn't reply to. This has the advantage of -# working even when interfaces come and go and change address. If you -# want dnsmasq to really bind only the interfaces it is listening on, -# uncomment this option. About the only time you may need this is when -# running another nameserver on the same machine. -#bind-interfaces - -# If you don't want dnsmasq to read /etc/hosts, uncomment the -# following line. -#no-hosts -# or if you want it to read another file, as well as /etc/hosts, use -# this. -#addn-hosts=/etc/banner_add_hosts - -# Set this (and domain: see below) if you want to have a domain -# automatically added to simple names in a hosts-file. -#expand-hosts - -# Set the domain for dnsmasq. this is optional, but if it is set, it -# does the following things. -# 1) Allows DHCP hosts to have fully qualified domain names, as long -# as the domain part matches this setting. -# 2) Sets the "domain" DHCP option thereby potentially setting the -# domain of all systems configured by DHCP -# 3) Provides the domain part for "expand-hosts" -#domain=thekelleys.org.uk - -# Uncomment this to enable the integrated DHCP server, you need -# to supply the range of addresses available for lease and optionally -# a lease time. If you have more than one network, you will need to -# repeat this for each network on which you want to supply DHCP -# service. -#dhcp-range=192.168.0.50,192.168.0.150,12h -#dhcp-range=10.0.0.10,10.0.0.200,2h - -# This is an example of a DHCP range where the netmask is given. This -# is needed for networks we reach the dnsmasq DHCP server via a relay -# agent. If you don't know what a DHCP relay agent is, you probably -# don't need to worry about this. -#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h - -# This is an example of a DHCP range with a network-id, so that -# some DHCP options may be set only for this network. -#dhcp-range=red,192.168.0.50,192.168.0.150 - -# Supply parameters for specified hosts using DHCP. There are lots -# of valid alternatives, so we will give examples of each. Note that -# IP addresses DO NOT have to be in the range given above, they just -# need to be on the same network. The order of the parameters in these -# do not matter, it's permissble to give name,adddress and MAC in any order - -# Always allocate the host with ethernet address 11:22:33:44:55:66 -# The IP address 192.168.0.60 -#dhcp-host=11:22:33:44:55:66,192.168.0.60 - -# Always set the name of the host with hardware address -# 11:22:33:44:55:66 to be "fred" -#dhcp-host=11:22:33:44:55:66,fred - -# Always give the host with ethernet address 11:22:33:44:55:66 -# the name fred and IP address 192.168.0.60 and lease time 45 minutes -#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m - -# Give the machine which says it's name is "bert" IP address -# 192.168.0.70 and an infinite lease -#dhcp-host=bert,192.168.0.70,infinite - -# Always give the host with client identifier 01:02:02:04 -# the IP address 192.168.0.60 -#dhcp-host=id:01:02:02:04,192.168.0.60 - -# Always give the host with client identifier "marjorie" -# the IP address 192.168.0.60 -#dhcp-host=id:marjorie,192.168.0.60 - -# Enable the address given for "judge" in /etc/hosts -# to be given to a machine presenting the name "judge" when -# it asks for a DHCP lease. -#dhcp-host=judge - -# Never offer DHCP service to a machine whose ethernet -# address is 11:22:33:44:55:66 -#dhcp-host=11:22:33:44:55:66,ignore - -# Ignore any client-id presented by the machine with ethernet -# address 11:22:33:44:55:66. This is useful to prevent a machine -# being treated differently when running under different OS's or -# between PXE boot and OS boot. -#dhcp-host=11:22:33:44:55:66,id:* - -# Send extra options which are tagged as "red" to -# the machine with ethernet address 11:22:33:44:55:66 -#dhcp-host=11:22:33:44:55:66,net:red - -# Send extra options which are tagged as "red" to any machine whose -# DHCP vendorclass string includes the substring "Linux" -#dhcp-vendorclass=red,Linux - -# Send extra options which are tagged as "red" to any machine one -# of whose DHCP userclass strings includes the substring "accounts" -#dhcp-userclass=red,accounts - -# If this line is uncommented, dnsmasq will read /etc/ethers and act -# on the ethernet-address/IP pairs found there just as if they had -# been given as --dhcp-host options. Useful if you keep -# MAC-address/host mappings there for other purposes. -#read-ethers - -# Send options to hosts which ask for a DHCP lease. -# See RFC 2132 for details of available options. -# Note that all the common settings, such as netmask and -# broadcast address, DNS server and default route, are given -# sane defaults by dnsmasq. You very likely will not need any -# any dhcp-options. If you use Windows clients and Samba, there -# are some options which are recommended, they are detailed at the -# end of this section. -# For reference, the common options are: -# subnet mask - 1 -# default router - 3 -# DNS server - 6 -# broadcast address - 28 - -# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 -#dhcp-option=42,192.168.0.4,10.10.0.5 - -# Set the NTP time server address to be the same machine as -# is running dnsmasq -#dhcp-option=42,0.0.0.0 - -# Set the NIS domain name to "welly" -#dhcp-option=40,welly - -# Set the default time-to-live to 50 -#dhcp-option=23,50 - -# Set the "all subnets are local" flag -#dhcp-option=27,1 - -# Send the etherboot magic flag and then etherboot options (a string). -#dhcp-option=128,e4:45:74:68:00:00 -#dhcp-option=129,NIC=eepro100 - -# Specify an option which will only be sent to the "red" network -# (see dhcp-range for the declaration of the "red" network) -#dhcp-option=red,42,192.168.1.1 - -# The following DHCP options set up dnsmasq in the same way as is specified -# for the ISC dhcpcd in -# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt -# adapted for a typical dnsmasq installation where the host running -# dnsmasq is also the host running samba. -# you may want to uncomment them if you use Windows clients and Samba. -#dhcp-option=19,0 # option ip-forwarding off -#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) -#dhcp-option=45,0.0.0.0 # netbios datagram distribution server -#dhcp-option=46,8 # netbios node type -#dhcp-option=47 # empty netbios scope. - - -# Set the boot filename and tftpd server name and address -# for BOOTP. You will only need this is you want to -# boot machines over the network. -#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 - -# Set the limit on DHCP leases, the default is 150 -#dhcp-lease-max=150 - -# The DHCP server needs somewhere on disk to keep its lease database. -# This defaults to a sane location, but if you want to change it, use -# the line below. -#dhcp-leasefile=/var/lib/misc/dnsmasq.leases - -# Set the cachesize here. -#cache-size=150 - -# If you want to disable negative caching, uncomment this. -#no-negcache - -# Normally responses which come form /etc/hosts and the DHCP lease -# file have Time-To-Live set as zero, which conventionally means -# do not cache further. If you are happy to trade lower load on the -# server for potentially stale date, you can set a time-to-live (in -# seconds) here. -#local-ttl= - -# If you want dnsmasq to detect attempts by Verisign to send queries -# to unregistered .com and .net hosts to its sitefinder service and -# have dnsmasq instead return the correct NXDOMAIN response, uncomment -# this line. You can add similar lines to do the same for other -# registries which have implemented wildcard A records. -#bogus-nxdomain=64.94.110.11 - -# If you want to fix up DNS results from upstream servers, use the -# alias option. This only works for IPv4. -# This alias makes a result of 1.2.3.4 appear as 5.6.7.8 -#alias=1.2.3.4,5.6.7.8 -# and this maps 1.2.3.x to 5.6.7.x -#alias=1.2.3.0,5.6.7.0,255.255.255.0 - -# For debugging purposes, log each DNS query as it passes through -# dnsmasq. -#log-queries - -# Include a another lot of configuration options. -#conf-file=/etc/dnsmasq.more.conf - - - - - diff --git a/recipes-support/dnsmasq/files/dnsmasq.resolvconf b/recipes-support/dnsmasq/files/dnsmasq.resolvconf deleted file mode 100755 index 06cd25c..0000000 --- a/recipes-support/dnsmasq/files/dnsmasq.resolvconf +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh -# -# Script to update the resolver list for dnsmasq -# -# N.B. Resolvconf may run us even if dnsmasq is not (yet) running. -# If dnsmasq is installed then we go ahead and update the resolver list -# in case dnsmasq is started later. -# -# Assumption: On entry, PWD contains the resolv.conf-type files. -# -# This file is part of the dnsmasq package. -# - -set -e - -RUN_DIR="/run/dnsmasq" -RSLVRLIST_FILE="${RUN_DIR}/resolv.conf" -TMP_FILE="${RSLVRLIST_FILE}_new.$$" -MY_NAME_FOR_RESOLVCONF="dnsmasq" - -[ -x /usr/bin/dnsmasq ] || exit 0 -[ -x /lib/resolvconf/list-records ] || exit 1 - -PATH=/bin:/sbin - -report_err() { echo "$0: Error: $*" >&2 ; } - -# Stores arguments (minus duplicates) in RSLT, separated by spaces -# Doesn't work properly if an argument itself contains whitespace -uniquify() -{ - RSLT="" - while [ "$1" ] ; do - for E in $RSLT ; do - [ "$1" = "$E" ] && { shift ; continue 2 ; } - done - RSLT="${RSLT:+$RSLT }$1" - shift - done -} - -if [ ! -d "$RUN_DIR" ] && ! mkdir --parents --mode=0755 "$RUN_DIR" ; then - report_err "Failed trying to create directory $RUN_DIR" - exit 1 -fi - -RSLVCNFFILES="" -for F in $(/lib/resolvconf/list-records --after "lo.$MY_NAME_FOR_RESOLVCONF") ; do - case "$F" in - "lo.$MY_NAME_FOR_RESOLVCONF") - # Omit own record - ;; - lo.*) - # Include no more records after one for a local nameserver - RSLVCNFFILES="${RSLVCNFFILES:+$RSLVCNFFILES }$F" - break - ;; - *) - RSLVCNFFILES="${RSLVCNFFILES:+$RSLVCNFFILES }$F" - ;; - esac -done - -NMSRVRS="" -if [ "$RSLVCNFFILES" ] ; then - uniquify $(sed -n -e 's/^[[:space:]]*nameserver[[:space:]]\+//p' $RSLVCNFFILES) - NMSRVRS="$RSLT" -fi - -# Dnsmasq uses the mtime of $RSLVRLIST_FILE, with a resolution of one second, -# to detect changes in the file. This means that if a resolvconf update occurs -# within one second of the previous one then dnsmasq may fail to notice the -# more recent change. To work around this problem we sleep one second here -# if necessary in order to ensure that the new mtime is different. -if [ -f "$RSLVRLIST_FILE" ] && [ "$(stat -c %X "$RSLVRLIST_FILE")" = "$(date +%s)" ] ; then - sleep 1 -fi - -clean_up() { rm -f "$TMP_FILE" ; } -trap clean_up EXIT -: >| "$TMP_FILE" -for N in $NMSRVRS ; do echo "nameserver $N" >> "$TMP_FILE" ; done -mv -f "$TMP_FILE" "$RSLVRLIST_FILE" - diff --git a/recipes-support/dnsmasq/files/init b/recipes-support/dnsmasq/files/init deleted file mode 100644 index 5f457f8..0000000 --- a/recipes-support/dnsmasq/files/init +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh -DAEMON=/usr/bin/dnsmasq -NAME=dnsmasq -DESC="DNS forwarder and DHCP server" -ARGS="-7 /etc/dnsmasq.d" - -test -f $DAEMON || exit 0 - -set -e - -if [ -r /etc/default/$NAME ] -then - . /etc/default/$NAME -fi - -[[ "$ENABLED" = "yes" ]] || exit - -DNSMASQ_CONF="/etc/dnsmasq.conf" -test "/etc/dnsmasq.d/*" != '/etc/dnsmasq.d/*' && DNSMASQ_CONF="${DNSMASQ_CONF} /etc/dnsmasq.d/*" - -test -z "${PIDFILE}" && PIFILE="/run/dnsmasq.pid" - -if [ -z "$IGNORE_RESOLVCONF" ] -then - egrep -h -q '^no-resolv' ${DNSMASQ_CONF} && IGNORE_RESOLVCONF="yes" -fi - -# RESOLV_CONF: -# If the resolvconf package is installed then use the resolv conf file -# that it provides as the default. Otherwise use /etc/resolv.conf as -# the default. -# -# If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit -# filename is set there then this inhibits the use of the resolvconf-provided -# information. -# -# Note that if the resolvconf package is installed it is not possible to -# override it just by configuration in /etc/dnsmasq.conf, it is necessary -# to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq. - -test -z "$RESOLV_CONF" -a "$IGNORE_RESOLVCONF" != "yes" -a -x /sbin/resolvconf && \ - RESOLV_CONF=/run/dnsmasq/resolv.conf - -start_resolvconf() -{ - if [ "$IGNORE_RESOLVCONF" != "yes" -a -x /sbin/resolvconf ] - then - echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME - fi - : -} - -stop_resolvconf() -{ - if [ "$IGNORE_RESOLVCONF" != "yes" -a -x /sbin/resolvconf ] - then - /sbin/resolvconf -d lo.$NAME - fi - : -} - -case "$1" in - start) - echo -n "starting $DESC: $NAME... " - test -d /var/lib/misc/ || mkdir /var/lib/misc/ - start-stop-daemon -S -x $DAEMON -- $ARGS \ - ${RESOLV_CONF:+ -r $RESOLV_CONF} \ - ${PIDFILE:+ -x $PIDFILE} - test $? -eq 0 && start_resolvconf - echo "done." - ;; - stop) - echo -n "stopping $DESC: $NAME... " - stop_resolvconf - start-stop-daemon -K -x $DAEMON - echo "done." - ;; - status) - echo -n "dnsmasq " - start-stop-daemon -q -K -t -x $DAEMON - RET=$? - if [ "$RET" = "0" ]; then - PID=`cat ${PIDFILE}` - echo "($PID) is running" - else - echo "is not running" - exit $RET - fi - ;; - restart) - echo "restarting $DESC: $NAME... " - $0 stop - $0 start - echo "done." - ;; - reload) - echo -n "reloading $DESC: $NAME... " - killall -HUP $(basename ${DAEMON}) - echo "done." - ;; - systemd-start-resolvconf) - start_resolvconf - ;; - systemd-stop-resolvconf) - stop_resolvconf - ;; - systemd-exec) - test -d /var/lib/misc/ || mkdir /var/lib/misc/ - exec $DAEMON --keep-in-foreground $ARGS \ - ${RESOLV_CONF:+ -r $RESOLV_CONF} \ - ${PIDFILE:+ -x $PIDFILE} - ;; - *) - echo "Usage: $0 {start|stop|status|restart|reload}" - exit 1 - ;; -esac - -exit 0 diff --git a/recipes-support/dnsmasq/files/init.patch b/recipes-support/dnsmasq/files/init.patch new file mode 100644 index 0000000..b6045d2 --- /dev/null +++ b/recipes-support/dnsmasq/files/init.patch @@ -0,0 +1,12 @@ +diff -uprN orig/init new/init +--- orig/init 2019-10-08 20:19:12.000000000 +0300 ++++ new/init 2021-02-04 14:06:17.000000000 +0200 +@@ -13,6 +13,8 @@ then + . /etc/default/$NAME + fi + ++[[ "$ENABLED" = "yes" ]] || exit ++ + DNSMASQ_CONF="/etc/dnsmasq.conf" + test "/etc/dnsmasq.d/*" != '/etc/dnsmasq.d/*' && DNSMASQ_CONF="${DNSMASQ_CONF} /etc/dnsmasq.d/*" + diff --git a/recipes-support/jsoncpp/jsoncpp-1.6.0/Makefile b/recipes-support/jsoncpp/jsoncpp-1.6.0/Makefile deleted file mode 100644 index 7df3d63..0000000 --- a/recipes-support/jsoncpp/jsoncpp-1.6.0/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -includedir ?= /usr/include -libdir ?= /usr/lib - -CPP_SRCS += \ -src/lib_json/json_reader.cpp \ -src/lib_json/json_value.cpp \ -src/lib_json/json_writer.cpp - -OBJS += \ -json_reader.o \ -json_value.o \ -json_writer.o - -CPP_DEPS += \ -json_reader.d \ -json_value.d \ -json_writer.d - -TARGET = libjsoncpp.so - -all: $(TARGET) - -libjsoncpp.so: $(OBJS) - @echo 'Building target: $@' - #$(AR) -r libjsoncpp.a $(OBJS) - $(CXX) ${LDFLAGS} -shared -o $@ $^ - @echo 'Finished building target: $@' - @echo ' ' - -%.o: src/lib_json/%.cpp - @echo 'Building file: $<' - $(CXX) $(CFLAGS) -Iinclude -Wall -c -fmessage-length=0 -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -fPIC -o "$@" "$<" - @echo 'Finished building: $<' - @echo ' ' - -install: - install -d $(DESTDIR)/usr/include/json - install -m 644 include/json/*.h $(DESTDIR)/usr/include/json - mkdir -p $(DESTDIR)/usr/lib - cp libjsoncpp.so $(DESTDIR)/usr/lib - -# Other Targets -clean: - -$(RM) $(OBJS)$(CPP_DEPS) libjsoncpp.so - -@echo ' ' - -.PHONY: all clean dependents -.SECONDARY: - diff --git a/recipes-support/jsoncpp/jsoncpp16-1.6.0/0001-Install-headers-to-jsoncpp-json.patch b/recipes-support/jsoncpp/jsoncpp16-1.6.0/0001-Install-headers-to-jsoncpp-json.patch new file mode 100644 index 0000000..52b4345 --- /dev/null +++ b/recipes-support/jsoncpp/jsoncpp16-1.6.0/0001-Install-headers-to-jsoncpp-json.patch @@ -0,0 +1,25 @@ +From 059823efcd18398dea638ab6e81af3eda1194e34 Mon Sep 17 00:00:00 2001 +From: Mykyta Dorokhin <mykyta.dorokhin@globallogic.com> +Date: Tue, 2 Mar 2021 22:18:16 +0200 +Subject: [PATCH] Install headers to jsoncpp/json + +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 5fba09d..7657dfa 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -27,7 +27,7 @@ SET(ARCHIVE_INSTALL_DIR lib${LIB_SUFFIX} + CACHE PATH "Install dir for static libraries") + SET(LIBRARY_INSTALL_DIR lib${LIB_SUFFIX} + CACHE PATH "Install dir for shared libraries") +-SET(INCLUDE_INSTALL_DIR include ++SET(INCLUDE_INSTALL_DIR include/jsoncpp + CACHE PATH "Install dir for headers") + SET(PACKAGE_INSTALL_DIR lib${LIB_SUFFIX}/cmake + CACHE PATH "Install dir for cmake package config files") +-- +1.9.1 + diff --git a/recipes-support/jsoncpp/jsoncpp16_1.6.0.bb b/recipes-support/jsoncpp/jsoncpp16_1.6.0.bb new file mode 100644 index 0000000..4a0d538 --- /dev/null +++ b/recipes-support/jsoncpp/jsoncpp16_1.6.0.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "Json C++ Library" +HOMEPAGE = "https://github.com/open-source-parsers/jsoncpp" +# Public Domain +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c56ee55c03a55f8105b969d8270632ce" +DEPENDS = "" + +#tag 1.6.0 +SRCREV="cbe7e7c9cbd39d864588c5cf2436690634562d3f" + +SRC_URI = " git://github.com/open-source-parsers/jsoncpp.git;protocol=git \ + file://0001-Install-headers-to-jsoncpp-json.patch \ + " + +PR = "r8" + +S = "${WORKDIR}/git" + +inherit cmake + +EXTRA_OECMAKE += "-DBUILD_SHARED_LIBS=ON -DJSONCPP_WITH_TESTS=OFF" + +BBCLASSEXTEND = "native"
\ No newline at end of file diff --git a/recipes-support/jsoncpp/jsoncpp_1.6.0.bb b/recipes-support/jsoncpp/jsoncpp_1.6.0.bb deleted file mode 100644 index 8c8454d..0000000 --- a/recipes-support/jsoncpp/jsoncpp_1.6.0.bb +++ /dev/null @@ -1,33 +0,0 @@ -DESCRIPTION = "Json C++ Library" -HOMEPAGE = "https://github.com/open-source-parsers/jsoncpp" -# Public Domain -LICENSE = "PD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c56ee55c03a55f8105b969d8270632ce" -DEPENDS = "" - -#tag 1.6.0 -SRCREV="cbe7e7c9cbd39d864588c5cf2436690634562d3f" - -SRC_URI = " git://github.com/open-source-parsers/jsoncpp.git;protocol=git \ - file://Makefile \ - " - -PR = "r6" - -S = "${WORKDIR}/git" - -do_compile() { - cp ${WORKDIR}/Makefile . - oe_runmake -} - -do_install () { - install -d ${D}/usr/lib - install -m 0755 ${S}/libjsoncpp.so ${D}/usr/lib - install -d ${D}${includedir}/jsoncpp/json - install -m 0755 ${S}/include/json/*.h ${D}${includedir}/jsoncpp/json -} - -FILES_SOLIBSDEV = "" -FILES_${PN} += "${libdir}/*.so" -FILES_{PN}-dev += "${libdir}/*.so" diff --git a/recipes-support/libpwquality/files/pwquality_conf.patch b/recipes-support/libpwquality/files/pwquality_conf.patch index 12074ce..c84383b 100644 --- a/recipes-support/libpwquality/files/pwquality_conf.patch +++ b/recipes-support/libpwquality/files/pwquality_conf.patch @@ -1,6 +1,6 @@ diff -Naru orig/src/pwquality.conf new/src/pwquality.conf ---- orig/src/pwquality.conf 2018-04-25 09:22:11.713803238 -0500 -+++ new/src/pwquality.conf 2018-04-25 09:37:00.997776911 -0500 +--- orig/src/pwquality.conf 2021-02-24 19:02:56.475452913 -0600 ++++ new/src/pwquality.conf 2021-02-24 19:02:24.371454075 -0600 @@ -1,41 +1,51 @@ +# Original values are commented out. Minimum password length can be six +# characters with this configuration if there is enough complexity. @@ -61,5 +61,5 @@ diff -Naru orig/src/pwquality.conf new/src/pwquality.conf # gecoscheck = 0 +gecoscheck = 1 # - # Path to the cracklib dictionaries. Default is to use the cracklib default. - # dictpath = + # Whether to check for the words from the cracklib dictionary. + # The check is enabled if the value is not 0. diff --git a/recipes-support/libpwquality/libpwquality_%.bbappend b/recipes-support/libpwquality/libpwquality_%.bbappend new file mode 100644 index 0000000..910929e --- /dev/null +++ b/recipes-support/libpwquality/libpwquality_%.bbappend @@ -0,0 +1,60 @@ +SUMMARY = "Library for password quality checking and generating random passwords" +HOMEPAGE = "https://launchpad.net/libpwquality" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=6bd2f1386df813a459a0c34fde676fc2" +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI += "\ + file://pwquality_conf.patch \ + file://pam.configure \ + " + +do_install_append() { + install -d -m755 ${D}/${datadir_native}/${PN} + install ${WORKDIR}/pam.configure ${D}/${datadir_native}/${PN} +} + +# The postinstall installs libpwquality into PAM. +# The prerm removes libpwquatlity from PAM. +# The file we change is /etc/pam.d/common-password, +# which is a configuration file for libpam-runtime. +# We ignore failures in the post-install and pre-remove. +# so if the patch does not apply, pam will not use us. +pkg_postinst_${PN}() { + PAM_CONFIGURE="/${datadir_native}/${PN}/pam.configure" + if [[ -n $D ]] ; then + LOG='printf %s\n' + PAM_CONFIGURE="$D${PAM_CONFIGURE}" + cd $D + else + LOG="logger -s -p user.info -t opkg\ libpwquality" + cd / + fi + # -N busybox option for patch is broken + if patch --dry-run -p1 < "$PAM_CONFIGURE" ; then + logsave=$(patch -p1 < "$PAM_CONFIGURE" 2>&1 || true) + if [[ -n ${logsave} ]] ; then + ${LOG} "In directory $(pwd)" + ${LOG} "patch -p1 < $PAM_CONFIGURE" + ${LOG} "${PN} patch: ${logsave}" + fi + fi +} + +pkg_prerm_${PN}() { + PAM_CONFIGURE="/${datadir_native}/${PN}/pam.configure" + if [[ -n $D ]] ; then + LOG='printf %s\n' + PAM_CONFIGURE="$D${PAM_CONFIGURE}" + cd $D + else + LOG="logger -s -p user.info -t opkg\ libpwquality" + cd / + fi + logsave=$(patch -p1 -R < "$PAM_CONFIGURE" 2>&1 || true) + if [[ -n ${logsave} ]] ; then + ${LOG} "In directory $(pwd)" + ${LOG} "patch -p1 -R < "$PAM_CONFIGURE"" + ${LOG} "${PN} remove patch: ${logsave}" + fi +} diff --git a/recipes-support/libpwquality/libpwquality_1.3.0.bb b/recipes-support/libpwquality/libpwquality_1.3.0.bb.old index d7b04d4..d7b04d4 100644 --- a/recipes-support/libpwquality/libpwquality_1.3.0.bb +++ b/recipes-support/libpwquality/libpwquality_1.3.0.bb.old diff --git a/recipes-support/libpwquality/libpwquality_1.4.0.bb.new b/recipes-support/libpwquality/libpwquality_1.4.0.bb.new deleted file mode 100644 index 2c96063..0000000 --- a/recipes-support/libpwquality/libpwquality_1.4.0.bb.new +++ /dev/null @@ -1,45 +0,0 @@ -DESCRIPTION = "Library for password quality checking and generating random passwords" -HOMEPAGE = "https://github.com/libpwquality/libpwquality" -SECTION = "devel/lib" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=6bd2f1386df813a459a0c34fde676fc2" - -SRCNAME = "libpwquality" -SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/${SRCNAME}-${PV}/${SRCNAME}-${PV}.tar.bz2 \ - file://add-missing-python-include-dir-for-cross.patch \ -" - -SRC_URI[md5sum] = "b8defcc7280a90e9400d6689c93a279c" -SRC_URI[sha256sum] = "1de6ff046cf2172d265a2cb6f8da439d894f3e4e8157b056c515515232fade6b" - -S = "${WORKDIR}/${SRCNAME}-${PV}" - -DEPENDS = "cracklib virtual/gettext python3" -RDEPENDS_python3-libpwquality = "${PN}" - -inherit autotools python3native gettext - -B = "${S}" - -export PYTHON_DIR -export BUILD_SYS -export HOST_SYS -export STAGING_LIBDIR -export STAGING_INCDIR - -EXTRA_OECONF += "--with-python-rev=${PYTHON_BASEVERSION} \ - --with-python-binary=${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} \ - --with-pythonsitedir=${PYTHON_SITEPACKAGES_DIR} \ - --libdir=${libdir} \ -" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" -PACKAGECONFIG[pam] = "--enable-pam, --disable-pam, libpam" - -PACKAGES += "python3-libpwquality python3-libpwquality-dbg" -FILES_${PN} += "${libdir}/security/pam_pwquality.so" -FILES_${PN}-dbg += "${libdir}/security/.debug" -FILES_${PN}-staticdev += "${libdir}/security/pam_pwquality.a" -FILES_${PN}-dev += "${libdir}/security/pam_pwquality.la" -FILES_python3-${PN} = "${PYTHON_SITEPACKAGES_DIR}/*" -FILES_python3-${PN}-dbg = "${PYTHON_SITEPACKAGES_DIR}/.debug" diff --git a/recipes-support/lxfp/lxfp-src_23a2843.bb b/recipes-support/lxfp/lxfp-src_23a2843.bb deleted file mode 100644 index b2258b7..0000000 --- a/recipes-support/lxfp/lxfp-src_23a2843.bb +++ /dev/null @@ -1,33 +0,0 @@ -# This recipe needs a manual download of -# the proprietary Telit firmware flashing -# program into build/downloads -# Then it will be able to compile an -# ipk. The current lxfp recipe requires -# a tar file of bin/lxfp object module. -# This is here is an example only. -DESCRIPTION = "Telit LXFP modem flashing tools" -LICENSE = "" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Proprietary;md5=0557f9d92cf58f2ccdd50f62f8ac0b28" - -PR = "r1" - -SRC_URI = " \ - file://lxfp-${PV}.tar.gz;md5=b4dc2f536658b3f82c91b68af1bf3dc3 \ -" - -S = "${WORKDIR}/lxfp-${PV}" - -do_compile() { - CC="${CC} --sysroot=${STAGING_DIR_HOST}" - LD="${LD} --sysroot=${STAGING_DIR_HOST}" - CXX="${CXX} --sysroot=${STAGING_DIR_HOST}" - echo "CXX is ${CXX}" - oe_runmake CC="${CC}" LD="${LD}" CXX="${CXX}" -} - -do_install() { - install -d ${D}${sbindir} - install -m 0755 bin/lxfp ${D}${sbindir} -} - -FILES_${PN} = "${sbindir}/lxfp" diff --git a/recipes-support/lxfp/lxfp_23a2843.bb b/recipes-support/lxfp/lxfp_23a2843.bb deleted file mode 100644 index 2bf4958..0000000 --- a/recipes-support/lxfp/lxfp_23a2843.bb +++ /dev/null @@ -1,17 +0,0 @@ -DESCRIPTION = "Telit LXFP modem flashing tool" -LICENSE = "Proprietary" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Proprietary;md5=0557f9d92cf58f2ccdd50f62f8ac0b28" - -PR = "r1" - -SRC_URI = "http://www.multitech.net/downloads/lxfp-arm926ejste-23a2843.tar.gz" -SRC_URI[md5sum] = "4ef5d0907a880f9acdc345d57e08c53b" -SRC_URI[sha256sum] = "09d3fd2d7102343d727fe36c818854183eaa7cdeced1af810786a9d1509541cf" - -do_install() { - install -d ${D}${sbindir} - echo "do_install: directory is $(pwd)" - install -m 0755 ${WORKDIR}/bin/lxfp ${D}${sbindir} -} - -FILES_${PN} = "${sbindir}/lxfp" diff --git a/recipes-support/multitech/jsparser_0.3.bb b/recipes-support/multitech/jsparser_0.4.bb index cd419c6..cd419c6 100644 --- a/recipes-support/multitech/jsparser_0.3.bb +++ b/recipes-support/multitech/jsparser_0.4.bb diff --git a/recipes-support/multitech/libmts-io_1.0.22.bb b/recipes-support/multitech/libmts-io_1.0.23.bb index 34115be..9863237 100644 --- a/recipes-support/multitech/libmts-io_1.0.22.bb +++ b/recipes-support/multitech/libmts-io_1.0.23.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4fbd65380cdd255951079008b364516c" DEPENDS = "libmts jsoncpp cmake-native cppunit" BBCLASSEXTEND = "native" -PR = "r0" +PR = "r1" SRCREV = "${PV}" SRC_URI = "git://git.multitech.net/libmts-io;branch=master" diff --git a/recipes-support/multitech/radio-cmd_0.7.bb b/recipes-support/multitech/radio-cmd_0.7.bb index d81fe83..a910d8a 100644 --- a/recipes-support/multitech/radio-cmd_0.7.bb +++ b/recipes-support/multitech/radio-cmd_0.7.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=94d55d512a9ba36caa9b7df079bae19f" DEPENDS = "jsoncpp libmts libmts-io" RDEPENDS_${PN} = "jsoncpp libmts libmts-io" -PR = "r1" +PR = "r2" SRCREV = "${PV}" SRC_URI = "git://git.multitech.net/radio-cmd;branch=master" diff --git a/recipes-support/multitech/radio-query_1.0.bb b/recipes-support/multitech/radio-query_1.0.bb index 7ce0976..87950ba 100644 --- a/recipes-support/multitech/radio-query_1.0.bb +++ b/recipes-support/multitech/radio-query_1.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=94d55d512a9ba36caa9b7df079bae19f" RDEPENDS_${PN} += "jsoncpp" DEPENDS = "jsoncpp libmts libmts-io" -PR = "r0" +PR = "r1" SRCREV = "${PV}" SRC_URI = "git://git.multitech.net/radio-query;branch=master" diff --git a/recipes-support/multitech/softdog-mon/default b/recipes-support/multitech/softdog-mon/default new file mode 100755 index 0000000..d507357 --- /dev/null +++ b/recipes-support/multitech/softdog-mon/default @@ -0,0 +1,52 @@ +# Monitor program will have 1 second granularity. Fixed. +# All times are in seconds. + +ENABLED="YES" + +# Hardware watchdog is found first, which is watchdog0. +WATCHDOGDEV=/dev/watchdog1 + +# Nice value -20, is highest priority for a user program, 19 is lowest. +NICE="-20" + +# Watchdog timeout in seconds +TIMEOUT=60 + + +# Environment + +PIDFILE="/run/softdog-mon.pid" + +# How often to feed in seconds +FEED=10 + +# File is synchonously open/read/written/closed every 300 seconds +FILESAMPLERATE=300 + +# File to be read/written +# If I/O hangs, the TIMEOUT value is the maximum seconds until we +# reset the device. +MONITORFILE=/media/card/.softdog_monitor + +# Minimum available system memory in bytes +MINIMUM_AVAILABLE_MEM=3000000 +MINIMUM_FREEHIGH=0 + +# Rate at which we sample available memory +MEMSAMPLERATE=3 + +# last samples saved +MEMSAMPLES=100 + +# maximum number of samples failed in last samples saved +MEMFAILEDSAMPLES=20 + +# Allow time for flash upgrade during shudown +SHUTDOWNTIMEOUT=600 + +export PIDFILE +export FEED FILESAMPLERATE MONITORFILE +export MINIMUM_AVAILABLE_MEM MINIMUM_FREEHIGH +export MEMSAMPLERATE MEMSAMPLES MEMFAILEDSAMPLES +export SHUTDOWNTIMEOUT + diff --git a/recipes-support/multitech/softdog-mon/init b/recipes-support/multitech/softdog-mon/init new file mode 100755 index 0000000..a02ab1a --- /dev/null +++ b/recipes-support/multitech/softdog-mon/init @@ -0,0 +1,69 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: softdog-mon +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Advanced Power Management daemon +### END INIT INFO + +# Source function library. +. /etc/init.d/functions +if [ -r /etc/default/softdog-mon ] ; then + . /etc/default/softdog-mon +fi + +LOG="logger -s -t 'softdog-mon' -p" +PATH=/bin:/usr/bin:/sbin:/usr/sbin + +[ -f /etc/default/rcS ] && . /etc/default/rcS +[ -f /etc/default/softdog-mon ] && . /etc/default/softdog-mon + +if ! [[ -c $WATCHDOGDEV ]] ; then + $LOG daemon.err "ERROR: device \"$WATCHDOGDEV\" was not found" + exit 1 +fi + +if [[ -z $TIMEOUT ]] ; then + $LOG daemon.err "ERROR: timeout \"$TIMEOUT\" was not found" + exit 1 +fi + +# Use NICE of zero if not set. +: ${NICE:=0} + + +case "$1" in + start) + echo -n "Starting softdog monitor daemon: " + /usr/sbin/start-stop-daemon -N $NICE \ + -S -x /usr/sbin/softdog-mon -- $WATCHDOGDEV $TIMEOUT + if [ $? = 0 ]; then + echo "softdog-mon." + else + echo "(failed.)" + fi + ;; + stop) + echo -n "Stopping softdog monitor daemon: " + /usr/sbin/start-stop-daemon -K \ + -x /usr/sbin/softdog-mon + echo "softdog-mon." + ;; + status) + status /usr/sbin/softdog-mon; + exit $? + ;; + restart|force-reload) + $0 stop + $0 start + exit + ;; + *) + echo "Usage: /etc/init.d/softdog-mon {start|stop|status|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/recipes-support/multitech/softdog-mon_0.1.bb b/recipes-support/multitech/softdog-mon_0.1.bb new file mode 100644 index 0000000..5ddcf7c --- /dev/null +++ b/recipes-support/multitech/softdog-mon_0.1.bb @@ -0,0 +1,33 @@ +DESCRIPTION = "MultiTech Softdog monitor" +LICENSE = "MIT" +RDEPENDS_${PN} += "kernel-module-softdog bash" + +inherit autotools + +inherit update-rc.d systemd + +INITSCRIPT_NAME = "${PN}" +# should we ever stop? +INITSCRIPT_PARAMS = "start 99 3 5 . stop 20 0 1 2 6 ." + +LIC_FILES_CHKSUM = "file://COPYING;md5=30e3dd411ec20099cbf782f420ae7ec2" +PR = "r0" +SRCREV="${PV}" +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +PACKAGES =+ "${PN}-test" +FILES_${PN}-test = "${sbindir}/hog" + +SRC_URI = "git://git.multitech.net/softdog-mon.git;protocol=git \ + file://init \ + file://default \ +" + +S = "${WORKDIR}/git" + +do_install_append() { + echo $(pwd) + install -d ${D}/${sysconfdir}/init.d + install -d ${D}/${sysconfdir}/default + install -m 0755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/${PN} + install ${WORKDIR}/default ${D}/${sysconfdir}/default/${PN} +} diff --git a/recipes-support/uxfp/uxfp-from-source/0001-Fixed-unrecognized-command-line-option.patch b/recipes-support/uxfp/uxfp-from-source/0001-Fixed-unrecognized-command-line-option.patch new file mode 100644 index 0000000..86faf07 --- /dev/null +++ b/recipes-support/uxfp/uxfp-from-source/0001-Fixed-unrecognized-command-line-option.patch @@ -0,0 +1,26 @@ +From 5f8fef39aa5c3fd5894f7dbaa579d50f6e78c08a Mon Sep 17 00:00:00 2001 +From: "mykola.salomatin" <mykola.salomatin@globallogic.com> +Date: Thu, 18 Feb 2021 21:57:25 +0200 +Subject: [PATCH] Fixed unrecognized command line option + '-Wno-deprecated-declaration' + +--- + telit_os_abstraction_layer/linux/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/telit_os_abstraction_layer/linux/Makefile b/telit_os_abstraction_layer/linux/Makefile +index 6c54e71..5d847c8 100644 +--- a/telit_os_abstraction_layer/linux/Makefile ++++ b/telit_os_abstraction_layer/linux/Makefile +@@ -32,7 +32,7 @@ ifeq ($(LIBUDEV), enable) + endif + + +-CFLAGS := -g -Wno-deprecated-declaration -Wall -Werror -fPIC $(INCLUDES) $(LIBUSB_CFLAG) $(LIBUDEV_CFLAG) -DVER_MAJOR=$(MAJOR) -DVER_MINOR=$(MINOR) -DVER_ALPHA=$(ALPHA) -DVER_CUSTOM=$(CUSTOM) ++CFLAGS := -g -Wno-deprecated-declarations -Wall -Werror -fPIC $(INCLUDES) $(LIBUSB_CFLAG) $(LIBUDEV_CFLAG) -DVER_MAJOR=$(MAJOR) -DVER_MINOR=$(MINOR) -DVER_ALPHA=$(ALPHA) -DVER_CUSTOM=$(CUSTOM) + LDFLAGS := $(LIBUDEV_LDFLAG) $(LIBUSB_LDFLAG) + + +-- +2.7.4 + diff --git a/recipes-support/uxfp/uxfp-from-source/0002-uxfp-add-param-syslog.patch b/recipes-support/uxfp/uxfp-from-source/0002-uxfp-add-param-syslog.patch new file mode 100644 index 0000000..8dedc1b --- /dev/null +++ b/recipes-support/uxfp/uxfp-from-source/0002-uxfp-add-param-syslog.patch @@ -0,0 +1,33 @@ + +The patch allows to redirect all log messages from stdout to syslog. + +diff -ruN git/uxfp/main.c git/uxfp/main.c +--- git/uxfp/main.c 2020-07-28 19:06:02.236397898 +0300 ++++ git/uxfp/main.c 2020-07-28 17:55:38.000000000 +0300 +@@ -20,6 +20,7 @@ + uint64_t speed; + bool debug; + bool recovery; ++ bool syslog; + } options = {0}; + + flag_t flags [] = { +@@ -30,6 +31,7 @@ + {"--class", "-c", VALUE_TYPE_ULONG, &options.class, OPT, "modem class"}, + {"--debug", "-d", VALUE_TYPE_BOOLEAN, &options.debug, OPT, "enable debug logging"}, + {"--lossrecovery", "-l", VALUE_TYPE_BOOLEAN, &options.recovery, OPT, "device in recovery mode"}, ++ {"--syslog", "-n", VALUE_TYPE_BOOLEAN, &options.syslog, OPT, "all the logs redirected to syslog"}, + {NULL, NULL, VALUE_TYPE_UNKNOWN, NULL, OPT, NULL}, + }; + +@@ -60,6 +62,10 @@ + goto end; + } + ++ if (options.syslog) { ++ core_log_set_native(true); ++ } ++ + if (options.debug) { + core_log_set_level(LOG_LEVEL_DBG); + } diff --git a/recipes-support/uxfp/uxfp-from-source_1.0.2.1.bb b/recipes-support/uxfp/uxfp-from-source_1.0.2.1.bb new file mode 100644 index 0000000..ceb089d --- /dev/null +++ b/recipes-support/uxfp/uxfp-from-source_1.0.2.1.bb @@ -0,0 +1,27 @@ +DESCRIPTION = "Telit utility for upgrading CAT4 radio firmware" +HOMEPAGE = "https://contact.telit.com/" +LICENSE = "Proprietary" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Proprietary;md5=0557f9d92cf58f2ccdd50f62f8ac0b28" + +DEPENDS = "libusb1 udev" + +PR = "r2" +SRCREV = "${PV}" + +SRC_URI = " \ + git://git@${MTS_INTERNAL_GIT}/vendor-code/uxfp.git;protocol=ssh;branch=master \ + file://0001-Fixed-unrecognized-command-line-option.patch \ + file://0002-uxfp-add-param-syslog.patch \ +" + +S = "${WORKDIR}/git" + +do_compile() { + oe_runmake +} + +do_install() { + install -d ${D}${sbindir} + install -m 0755 uxfp/linux/uxfp ${D}${sbindir} +} + diff --git a/recipes-support/uxfp/uxfp_1.0.2.1.bb b/recipes-support/uxfp/uxfp_1.0.2.1.bb index 726eb5b..669ad2a 100644 --- a/recipes-support/uxfp/uxfp_1.0.2.1.bb +++ b/recipes-support/uxfp/uxfp_1.0.2.1.bb @@ -3,9 +3,9 @@ LICENSE = "Proprietary" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Proprietary;md5=0557f9d92cf58f2ccdd50f62f8ac0b28" RDEPENDS_${PN} += "libudev libusb1" -PR = "r0" +PR = "r2" -SRC_URI = "http://www.multitech.net/downloads/uxfp-${PACKAGE_ARCH}-${PV}.tar.gz" +SRC_URI = "http://www.multitech.net/downloads/uxfp-${PACKAGE_ARCH}-${PV}-${PR}.tar.gz" SRC_URI[md5sum] = "920efaa12bff3a8315e7fca0aa06f1ec" SRC_URI[sha256sum] = "3d44db0b1f927f9dc628ee8413248c6c3966fdee43e2e8bf67d7a3f018fc3fd1" |