| Message ID | 20250206055222.3319167-1-zboszor@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v8,1/5] rpm-sequoia-crypto-policy: New recipe | expand |
On Thu Feb 6, 2025 at 6:52 AM CET, Zoltán Böszörményi wrote: > This ships a crypto policy file for rpm-sequoia. > > Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> > --- Hi Zoltán, Thanks for the patch update. I believe there is a regression introduced by this version of your series, several builds are failing with: ERROR: rpm-sequoia-crypto-policy-native-20250124-r0 do_compile: Execution of '/srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/temp/run.do_compile.537997' failed with exit code 2 Log data follows: | DEBUG: Executing shell function do_compile | asciidoc -v -d manpage -b docbook crypto-policies.7.txt | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/sources-unpack/git/crypto-policies.7.txt | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/latex/latex-filter.conf | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/music/music-filter.conf | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf | asciidoc: writing: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/sources-unpack/git/crypto-policies.7.xml | xsltproc --nonet -o crypto-policies.7 /usr/share/asciidoc/docbook-xsl/manpage.xsl crypto-policies.7.xml | warning: failed to load external entity "/usr/share/asciidoc/docbook-xsl/manpage.xsl" | cannot parse /usr/share/asciidoc/docbook-xsl/manpage.xsl | make: *** [Makefile:137: crypto-policies.7] Error 4 | WARNING: exit code 2 from a shell command. https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/870/steps/14/logs/stdio Might this be a missing dependency ?
2025. 02. 06. 11:16 keltezéssel, Mathieu Dubois-Briand írta: > On Thu Feb 6, 2025 at 6:52 AM CET, Zoltán Böszörményi wrote: >> This ships a crypto policy file for rpm-sequoia. >> >> Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> >> --- > Hi Zoltán, > > Thanks for the patch update. > > I believe there is a regression introduced by this version of your > series, several builds are failing with: > > ERROR: rpm-sequoia-crypto-policy-native-20250124-r0 do_compile: Execution of '/srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/temp/run.do_compile.537997' failed with exit code 2 > Log data follows: > | DEBUG: Executing shell function do_compile > | asciidoc -v -d manpage -b docbook crypto-policies.7.txt > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/sources-unpack/git/crypto-policies.7.txt > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/latex/latex-filter.conf > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/filters/music/music-filter.conf > | asciidoc: reading: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/recipe-sysroot-native/usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf > | asciidoc: writing: /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/x86_64-linux/rpm-sequoia-crypto-policy-native/20250124/sources-unpack/git/crypto-policies.7.xml > | xsltproc --nonet -o crypto-policies.7 /usr/share/asciidoc/docbook-xsl/manpage.xsl crypto-policies.7.xml > | warning: failed to load external entity "/usr/share/asciidoc/docbook-xsl/manpage.xsl" > | cannot parse /usr/share/asciidoc/docbook-xsl/manpage.xsl > | make: *** [Makefile:137: crypto-policies.7] Error 4 > | WARNING: exit code 2 from a shell command. > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/870/steps/14/logs/stdio > > Might this be a missing dependency ? Sigh. That's what you get when your regular dev laptop is also the buildbox, with a lot of things already installed. I will try to patch and reduce the dependencies instead, as there's no need for building the documentation for the crypto policies.
On Thu, 6 Feb 2025 at 06:52, Zoltán Böszörményi <zboszor@gmail.com> wrote: > +SRC_URI = "git://gitlab.com/redhat-crypto/fedora-crypto-policies.git;protocol=https;branch=master" > + > +# Commit ID for crypto-policies 20250124-1.git4d262e7.fc41 > +SRCREV = "4d262e79be1cd15c84cad55ad88c53a2d7712e85" > +PV = "20250124" Do not set PV at all here. Git repo doesn't contain these tags, or any useful tags actually. Set UPSTREAM_CHECK_COMMITS instead so we just update to latest commit from time to time. > +do_compile () { > + make > +} To fix an error reported below, use MANPAGEXSL=.. prefix to make invocation that points to this file in the sysroot, check the upstream Makefile. Alex
On Thu, 6 Feb 2025 at 11:42, Böszörményi Zoltán <zboszor@gmail.com> wrote: > I will try to patch and reduce the dependencies instead, as there's no > need for building the documentation for the crypto policies. This would work too. Those aren't trivial dependencies to fulfill, and they're unnecessary for us at the same time. Alex
> This would work too. Those aren't trivial dependencies to fulfill, and > they're unnecessary for us at the same time. If you're making a patch, don't just patch out the documentation lines in Makefile. Make it conditional to a variable, so we can set that in the recipe, and offer the patch upstream. Alex
2025. 02. 06. 11:53 keltezéssel, Alexander Kanavin írta: >> This would work too. Those aren't trivial dependencies to fulfill, and >> they're unnecessary for us at the same time. > If you're making a patch, don't just patch out the documentation lines > in Makefile. Make it conditional to a variable, so we can set that in > the recipe, and offer the patch upstream. I patched the Makefile in a way that's already in its mindset. asciidoc can already be overridden, I just made the same with xlstproc. The PR against the upstream sources was created, it's referenced in the patches in the recipe. I just sent the v9 series with the two patches, hopefully it will work now.
On Thu, 6 Feb 2025 at 12:49, Böszörményi Zoltán <zboszor@gmail.com> wrote: > I patched the Makefile in a way that's already in its mindset. > asciidoc can already be overridden, I just made the same with xlstproc. > The PR against the upstream sources was created, it's referenced > in the patches in the recipe. > > I just sent the v9 series with the two patches, hopefully it will work now. Thanks, if there are no further autobuilder fails, then the patchset is fine. Alex
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index bec55a7c1c..648c8fceb8 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -744,6 +744,7 @@ RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>" RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-rpm = "Robert Yang <liezhi.yang@windriver.com>" +RECIPE_MAINTAINER:pn-rpm-sequoia-crypto-policy = "Zoltán Böszörményi <zboszor@gmail.com>" RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>" RECIPE_MAINTAINER:pn-rt-tests = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-ruby = "Ross Burton <ross.burton@arm.com>" diff --git a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb new file mode 100644 index 0000000000..47ca7ca6a4 --- /dev/null +++ b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb @@ -0,0 +1,27 @@ +SUMMARY = "Crypto policy for rpm-sequoia" +HOMEPAGE = "https://gitlab.com/redhat-crypto/fedora-crypto-policies/" + +LICENSE = "LGPL-2.1-or-later" + +LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" + +DEPENDS = "openssl-native asciidoc-native libxslt-native make-native" + +SRC_URI = "git://gitlab.com/redhat-crypto/fedora-crypto-policies.git;protocol=https;branch=master" + +# Commit ID for crypto-policies 20250124-1.git4d262e7.fc41 +SRCREV = "4d262e79be1cd15c84cad55ad88c53a2d7712e85" +PV = "20250124" + +S = "${UNPACKDIR}/git" + +do_compile () { + make +} + +do_install () { + mkdir -p ${D}${datadir}/crypto-policies/back-ends + install -m644 ${S}/output/DEFAULT/rpm-sequoia.txt ${D}${datadir}/crypto-policies/back-ends/rpm-sequoia.config +} + +BBCLASSEXTEND = "native"
This ships a crypto policy file for rpm-sequoia. Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> --- meta/conf/distro/include/maintainers.inc | 1 + .../rpm-sequoia-crypto-policy_git.bb | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb