| Message ID | 20240611140607.2719-1-twoerner@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-rockchip] linux-yocto-dev: fix build | expand |
Hi Trevor, On 6/11/24 4:06 PM, Trevor Woerner via lists.yoctoproject.org wrote: > The linux-yocto-dev build was failing with: > | ERROR: modpost: vmlinux: local symbol 'security_path_rmdir' was exported > > Disabling some filesystem-related security options fixes the build. > Is this the case for every board, including non-Rockchip ones? Is Bruce aware of those issues? Shouldn't this rather be fixed in oe-core instead? > Signed-off-by: Trevor Woerner <twoerner@gmail.com> > --- > recipes-kernel/linux/linux-yocto-dev.bbappend | 1 + > .../linux/linux-yocto-dev/disable-some-fs-security.cfg | 5 +++++ > 2 files changed, 6 insertions(+) > create mode 100644 recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg > > diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend > index b6a63d7b7b29..94bf737c63bd 100644 > --- a/recipes-kernel/linux/linux-yocto-dev.bbappend > +++ b/recipes-kernel/linux/linux-yocto-dev.bbappend > @@ -2,4 +2,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" > > COMPATIBLE_MACHINE:orangepi-5-plus = "orangepi-5-plus" > > +SRC_URI:append = " file://disable-some-fs-security.cfg" If it is Rockchip-specific, I would suggest using SRC_URI:append:rockchip here, to make sure we do not modify other machines from other layers whenever meta-rockchip is included? Cheers, Quentin
On Tue 2024-06-11 @ 04:29:35 PM, Quentin Schulz via lists.yoctoproject.org wrote: > Hi Trevor, > > On 6/11/24 4:06 PM, Trevor Woerner via lists.yoctoproject.org wrote: > > The linux-yocto-dev build was failing with: > > | ERROR: modpost: vmlinux: local symbol 'security_path_rmdir' was exported > > > > Disabling some filesystem-related security options fixes the build. > > > > Is this the case for every board, including non-Rockchip ones? This builds fine with qemuarm64, for example. Comparing the .config from the qemuarm64 build vs the rockchip build is what led me to the patch that I've presented. The qemuarm64 build doesn't try to build the file that causes the error since its .config doesn't ask it to. We're using the in-kernel defconfig for the rockchip build so: 1) it's strange nobody else has seen/fixed this 2) why doesn't the qemuarm64 build use the in-kernel defconfig (or if it does, why are these options not set in its .config)? > Is Bruce aware of those issues? Shouldn't this rather be fixed in oe-core > instead? I guess I could give him a poke. > > Signed-off-by: Trevor Woerner <twoerner@gmail.com> > > --- > > recipes-kernel/linux/linux-yocto-dev.bbappend | 1 + > > .../linux/linux-yocto-dev/disable-some-fs-security.cfg | 5 +++++ > > 2 files changed, 6 insertions(+) > > create mode 100644 recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg > > > > diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend > > index b6a63d7b7b29..94bf737c63bd 100644 > > --- a/recipes-kernel/linux/linux-yocto-dev.bbappend > > +++ b/recipes-kernel/linux/linux-yocto-dev.bbappend > > @@ -2,4 +2,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" > > COMPATIBLE_MACHINE:orangepi-5-plus = "orangepi-5-plus" > > +SRC_URI:append = " file://disable-some-fs-security.cfg" > > If it is Rockchip-specific, I would suggest using SRC_URI:append:rockchip > here, to make sure we do not modify other machines from other layers > whenever meta-rockchip is included? Oh right, thanks. I don't think of that use-case often enough.
On Tue, Jun 11, 2024 at 10:29 AM Quentin Schulz via lists.yoctoproject.org <quentin.schulz=cherry.de@lists.yoctoproject.org> wrote: > > Hi Trevor, > > On 6/11/24 4:06 PM, Trevor Woerner via lists.yoctoproject.org wrote: > > The linux-yocto-dev build was failing with: > > | ERROR: modpost: vmlinux: local symbol 'security_path_rmdir' was exported > > > > Disabling some filesystem-related security options fixes the build. > > > > Is this the case for every board, including non-Rockchip ones? > > Is Bruce aware of those issues? Shouldn't this rather be fixed in > oe-core instead? Ross had mentioned something like this a week or so ago, but I haven't seen it locally yet. It's an aufs6 export that is causing the issue, I'm looking into it now. Preferably I need to reproduce it on the qemuarm machines, so I can be sure of the fix. Bruce > > > Signed-off-by: Trevor Woerner <twoerner@gmail.com> > > --- > > recipes-kernel/linux/linux-yocto-dev.bbappend | 1 + > > .../linux/linux-yocto-dev/disable-some-fs-security.cfg | 5 +++++ > > 2 files changed, 6 insertions(+) > > create mode 100644 recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg > > > > diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend > > index b6a63d7b7b29..94bf737c63bd 100644 > > --- a/recipes-kernel/linux/linux-yocto-dev.bbappend > > +++ b/recipes-kernel/linux/linux-yocto-dev.bbappend > > @@ -2,4 +2,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" > > > > COMPATIBLE_MACHINE:orangepi-5-plus = "orangepi-5-plus" > > > > +SRC_URI:append = " file://disable-some-fs-security.cfg" > > If it is Rockchip-specific, I would suggest using > SRC_URI:append:rockchip here, to make sure we do not modify other > machines from other layers whenever meta-rockchip is included? > > Cheers, > Quentin > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#300): https://lists.yoctoproject.org/g/yocto-patches/message/300 > Mute This Topic: https://lists.yoctoproject.org/mt/106613842/1050810 > Group Owner: yocto-patches+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto-patches/leave/13171493/1050810/607820704/xyzzy [bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On Tue, Jun 11, 2024 at 10:57 AM Trevor Woerner <twoerner@gmail.com> wrote: > > On Tue 2024-06-11 @ 04:29:35 PM, Quentin Schulz via lists.yoctoproject.org wrote: > > Hi Trevor, > > > > On 6/11/24 4:06 PM, Trevor Woerner via lists.yoctoproject.org wrote: > > > The linux-yocto-dev build was failing with: > > > | ERROR: modpost: vmlinux: local symbol 'security_path_rmdir' was exported > > > > > > Disabling some filesystem-related security options fixes the build. > > > > > > > Is this the case for every board, including non-Rockchip ones? > > This builds fine with qemuarm64, for example. Comparing the .config from the > qemuarm64 build vs the rockchip build is what led me to the patch that I've > presented. The qemuarm64 build doesn't try to build the file that causes the > error since its .config doesn't ask it to. We're using the in-kernel > defconfig for the rockchip build so: > 1) it's strange nobody else has seen/fixed this > 2) why doesn't the qemuarm64 build use the in-kernel defconfig (or if it does, > why are these options not set in its .config)? Hah. Let's not start the in-tree defconfig bikeshed debate. There's a yocto reference configuration, it will not, and does not strictly follow anything in-tree. If someone does see things in a defconfig they want represented in the machine or base configuration, they are free to propose them as patches and they'll be considered on individual merit. > > > Is Bruce aware of those issues? Shouldn't this rather be fixed in oe-core > > instead? > > I guess I could give him a poke. See my reply from just a few minutes ago. Bruce > > > > Signed-off-by: Trevor Woerner <twoerner@gmail.com> > > > --- > > > recipes-kernel/linux/linux-yocto-dev.bbappend | 1 + > > > .../linux/linux-yocto-dev/disable-some-fs-security.cfg | 5 +++++ > > > 2 files changed, 6 insertions(+) > > > create mode 100644 recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg > > > > > > diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend > > > index b6a63d7b7b29..94bf737c63bd 100644 > > > --- a/recipes-kernel/linux/linux-yocto-dev.bbappend > > > +++ b/recipes-kernel/linux/linux-yocto-dev.bbappend > > > @@ -2,4 +2,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" > > > COMPATIBLE_MACHINE:orangepi-5-plus = "orangepi-5-plus" > > > +SRC_URI:append = " file://disable-some-fs-security.cfg" > > > > If it is Rockchip-specific, I would suggest using SRC_URI:append:rockchip > > here, to make sure we do not modify other machines from other layers > > whenever meta-rockchip is included? > > Oh right, thanks. I don't think of that use-case often enough.
On Tue, Jun 11, 2024 at 11:01 AM Bruce Ashfield <bruce.ashfield@gmail.com> wrote: > > On Tue, Jun 11, 2024 at 10:29 AM Quentin Schulz via > lists.yoctoproject.org > <quentin.schulz=cherry.de@lists.yoctoproject.org> wrote: > > > > Hi Trevor, > > > > On 6/11/24 4:06 PM, Trevor Woerner via lists.yoctoproject.org wrote: > > > The linux-yocto-dev build was failing with: > > > | ERROR: modpost: vmlinux: local symbol 'security_path_rmdir' was exported > > > > > > Disabling some filesystem-related security options fixes the build. > > > > > > > Is this the case for every board, including non-Rockchip ones? > > > > Is Bruce aware of those issues? Shouldn't this rather be fixed in > > oe-core instead? > > Ross had mentioned something like this a week or so ago, > but I haven't seen it locally yet. > > It's an aufs6 export that is causing the issue, I'm looking into > it now. I see the issue with the exports. One slipped outside of an ifdef and is causing issues. It should all be fixed shortly. Bruce > > Preferably I need to reproduce it on the qemuarm machines, > so I can be sure of the fix. > > Bruce > > > > > > Signed-off-by: Trevor Woerner <twoerner@gmail.com> > > > --- > > > recipes-kernel/linux/linux-yocto-dev.bbappend | 1 + > > > .../linux/linux-yocto-dev/disable-some-fs-security.cfg | 5 +++++ > > > 2 files changed, 6 insertions(+) > > > create mode 100644 recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg > > > > > > diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend > > > index b6a63d7b7b29..94bf737c63bd 100644 > > > --- a/recipes-kernel/linux/linux-yocto-dev.bbappend > > > +++ b/recipes-kernel/linux/linux-yocto-dev.bbappend > > > @@ -2,4 +2,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" > > > > > > COMPATIBLE_MACHINE:orangepi-5-plus = "orangepi-5-plus" > > > > > > +SRC_URI:append = " file://disable-some-fs-security.cfg" > > > > If it is Rockchip-specific, I would suggest using > > SRC_URI:append:rockchip here, to make sure we do not modify other > > machines from other layers whenever meta-rockchip is included? > > > > Cheers, > > Quentin > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#300): https://lists.yoctoproject.org/g/yocto-patches/message/300 > > Mute This Topic: https://lists.yoctoproject.org/mt/106613842/1050810 > > Group Owner: yocto-patches+owner@lists.yoctoproject.org > > Unsubscribe: https://lists.yoctoproject.org/g/yocto-patches/leave/13171493/1050810/607820704/xyzzy [bruce.ashfield@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II
On Tue 2024-06-11 @ 11:17:31 AM, Bruce Ashfield via lists.yoctoproject.org wrote: > On Tue, Jun 11, 2024 at 11:01 AM Bruce Ashfield > <bruce.ashfield@gmail.com> wrote: > > > > On Tue, Jun 11, 2024 at 10:29 AM Quentin Schulz via > > lists.yoctoproject.org > > <quentin.schulz=cherry.de@lists.yoctoproject.org> wrote: > > > > > > Hi Trevor, > > > > > > On 6/11/24 4:06 PM, Trevor Woerner via lists.yoctoproject.org wrote: > > > > The linux-yocto-dev build was failing with: > > > > | ERROR: modpost: vmlinux: local symbol 'security_path_rmdir' was exported > > > > > > > > Disabling some filesystem-related security options fixes the build. > > > > > > > > > > Is this the case for every board, including non-Rockchip ones? > > > > > > Is Bruce aware of those issues? Shouldn't this rather be fixed in > > > oe-core instead? > > > > Ross had mentioned something like this a week or so ago, > > but I haven't seen it locally yet. > > > > It's an aufs6 export that is causing the issue, I'm looking into > > it now. > > I see the issue with the exports. One slipped outside of an ifdef > and is causing issues. > > It should all be fixed shortly. w00t! Thanks :-)
diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend index b6a63d7b7b29..94bf737c63bd 100644 --- a/recipes-kernel/linux/linux-yocto-dev.bbappend +++ b/recipes-kernel/linux/linux-yocto-dev.bbappend @@ -2,4 +2,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" COMPATIBLE_MACHINE:orangepi-5-plus = "orangepi-5-plus" +SRC_URI:append = " file://disable-some-fs-security.cfg" SRC_URI:append:orangepi-5-plus = " file://rockchip-kmeta;type=kmeta;name=rockchip-kmeta;destsuffix=rockchip-kmeta" diff --git a/recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg b/recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg new file mode 100644 index 000000000000..dd2e894eed76 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg @@ -0,0 +1,5 @@ +CONFIG_SECURITYFS=n +CONFIG_SECURITY_NETWORK=y +CONFIG_SECURITY_NETWORK_XFRM=n +CONFIG_SECURITY_PATH=y +CONFIG_SECURITY_LANDLOCK=y
The linux-yocto-dev build was failing with: | ERROR: modpost: vmlinux: local symbol 'security_path_rmdir' was exported Disabling some filesystem-related security options fixes the build. Signed-off-by: Trevor Woerner <twoerner@gmail.com> --- recipes-kernel/linux/linux-yocto-dev.bbappend | 1 + .../linux/linux-yocto-dev/disable-some-fs-security.cfg | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 recipes-kernel/linux/linux-yocto-dev/disable-some-fs-security.cfg