| Message ID | 730ebbddc121016151a72d3e0bce61351a0ad365.1758138771.git.scott.murray@konsulko.com |
|---|---|
| State | New |
| Headers | show |
| Series | Assorted fixes | expand |
On Wed, Sep 17, 2025 at 10:43 PM Scott Murray via lists.yoctoproject.org <scott.murray=konsulko.com@lists.yoctoproject.org> wrote: > From: Michael Opdenacker <michael.opdenacker@rootcommit.com> > > Tested on master (whinlatter) with beaglebone-yocto > > New in version 3.1.5 (2025-07-29): > https://cisofy.com/changelog/lynis/#315 > > Added: > - Support for OpenWrt > - Bitdefender detection on Linux > - Detection of openSUSE Tumbleweed-Slowroll > > Changed: > - Corrected detection of service manager SMF > - Extended GetHostID function to allow HostID and HostID2 creation on > OpenWrt > - Check modules also under /usr/lib/modules.d > > Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com> > --- > recipes-compliance/lynis/{lynis_3.1.4.bb => lynis_3.1.5.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename recipes-compliance/lynis/{lynis_3.1.4.bb => lynis_3.1.5.bb} (93%) > > diff --git a/recipes-compliance/lynis/lynis_3.1.4.bb > b/recipes-compliance/lynis/lynis_3.1.5.bb > similarity index 93% > rename from recipes-compliance/lynis/lynis_3.1.4.bb > rename to recipes-compliance/lynis/lynis_3.1.5.bb > index 3546a9e..3d1e8b7 100644 > --- a/recipes-compliance/lynis/lynis_3.1.4.bb > +++ b/recipes-compliance/lynis/lynis_3.1.5.bb > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = > "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" > > SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz" > > -SRC_URI[sha256sum] = > "c4dbcddd429624d5b2319cd3b19728e18a7885b70b8eb0a9fdd3ca5f0ae28eb6" > +SRC_URI[sha256sum] = > "8d2c6652ba60116a82514522b666ca77293f4bfc69f1e581028769f7ebb52ba4" > > #UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis" > > Hello, I was thinking about this one, as lynis is causing issues for each new version. The last version is indeed ${BPN}-${PV}.tar.gz <https://downloads.cisofy.com/lynis/$%7BBPN%7D-$%7BPV%7D.tar.gz>, but when they release, they move the previous one. Existing recipes do not work anymore. I think the solution would be to use their GitHub releases like https://github.com/CISOfy/lynis/archive/refs/tags/3.1.5.tar.gz That would avoid the need to update the link every time they release. What do you think? Kind regards, Marta
On Thu, 18 Sep 2025, Marta Rybczynska via lists.yoctoproject.org wrote: > On Wed, Sep 17, 2025 at 10:43 PM Scott Murray via lists.yoctoproject.org > <scott.murray=konsulko.com@lists.yoctoproject.org> wrote: > > > From: Michael Opdenacker <michael.opdenacker@rootcommit.com> > > > > Tested on master (whinlatter) with beaglebone-yocto > > > > New in version 3.1.5 (2025-07-29): > > https://cisofy.com/changelog/lynis/#315 > > > > Added: > > - Support for OpenWrt > > - Bitdefender detection on Linux > > - Detection of openSUSE Tumbleweed-Slowroll > > > > Changed: > > - Corrected detection of service manager SMF > > - Extended GetHostID function to allow HostID and HostID2 creation on > > OpenWrt > > - Check modules also under /usr/lib/modules.d > > > > Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com> > > --- > > recipes-compliance/lynis/{lynis_3.1.4.bb => lynis_3.1.5.bb} | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > rename recipes-compliance/lynis/{lynis_3.1.4.bb => lynis_3.1.5.bb} (93%) > > > > diff --git a/recipes-compliance/lynis/lynis_3.1.4.bb > > b/recipes-compliance/lynis/lynis_3.1.5.bb > > similarity index 93% > > rename from recipes-compliance/lynis/lynis_3.1.4.bb > > rename to recipes-compliance/lynis/lynis_3.1.5.bb > > index 3546a9e..3d1e8b7 100644 > > --- a/recipes-compliance/lynis/lynis_3.1.4.bb > > +++ b/recipes-compliance/lynis/lynis_3.1.5.bb > > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = > > "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" > > > > SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz" > > > > -SRC_URI[sha256sum] = > > "c4dbcddd429624d5b2319cd3b19728e18a7885b70b8eb0a9fdd3ca5f0ae28eb6" > > +SRC_URI[sha256sum] = > > "8d2c6652ba60116a82514522b666ca77293f4bfc69f1e581028769f7ebb52ba4" > > > > #UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis" > > > > Hello, > I was thinking about this one, as lynis is causing issues for each new > version. The last version is indeed ${BPN}-${PV}.tar.gz > <https://downloads.cisofy.com/lynis/$%7BBPN%7D-$%7BPV%7D.tar.gz>, but when > they release, they move the previous one. Existing recipes do not work > anymore. > > I think the solution would be to use their GitHub releases like > https://github.com/CISOfy/lynis/archive/refs/tags/3.1.5.tar.gz > > That would avoid the need to update the link every time they release. > > What do you think? Those are not reliable, as Github may regenerate them randomly. There's actually a QA check in oe-core (src-uri-bad) that explicitly flags such URIs. It may be worth asking upstream to always also put the new releases into their archive directory on downloads.cisofy.com right away so that the URI can stay stable. I can imagine them not going for that, though, based on the recommendation to always use the latest version on their download site. Scott
On Thu, 18 Sep 2025, Marta Rybczynska (Ygreky) wrote: > > On 18/09/2025 2:42 PM, Scott Murray wrote: > > On Thu, 18 Sep 2025, Marta Rybczynska via lists.yoctoproject.org wrote: > > > >> On Wed, Sep 17, 2025 at 10:43 PM Scott Murray via lists.yoctoproject.org > >> <scott.murray=konsulko.com@lists.yoctoproject.org> wrote: > >> > >>> From: Michael Opdenacker <michael.opdenacker@rootcommit.com> > >>> > >>> Tested on master (whinlatter) with beaglebone-yocto > >>> > >>> New in version 3.1.5 (2025-07-29): > >>> https://cisofy.com/changelog/lynis/#315 > >>> > >>> Added: > >>> - Support for OpenWrt > >>> - Bitdefender detection on Linux > >>> - Detection of openSUSE Tumbleweed-Slowroll > >>> > >>> Changed: > >>> - Corrected detection of service manager SMF > >>> - Extended GetHostID function to allow HostID and HostID2 creation on > >>> OpenWrt > >>> - Check modules also under /usr/lib/modules.d > >>> > >>> Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com> > >>> --- > >>> recipes-compliance/lynis/{lynis_3.1.4.bb => lynis_3.1.5.bb} | 2 +- > >>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>> rename recipes-compliance/lynis/{lynis_3.1.4.bb => lynis_3.1.5.bb} (93%) > >>> > >>> diff --git a/recipes-compliance/lynis/lynis_3.1.4.bb > >>> b/recipes-compliance/lynis/lynis_3.1.5.bb > >>> similarity index 93% > >>> rename from recipes-compliance/lynis/lynis_3.1.4.bb > >>> rename to recipes-compliance/lynis/lynis_3.1.5.bb > >>> index 3546a9e..3d1e8b7 100644 > >>> --- a/recipes-compliance/lynis/lynis_3.1.4.bb > >>> +++ b/recipes-compliance/lynis/lynis_3.1.5.bb > >>> @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = > >>> "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" > >>> > >>> SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz" > >>> > >>> -SRC_URI[sha256sum] = > >>> "c4dbcddd429624d5b2319cd3b19728e18a7885b70b8eb0a9fdd3ca5f0ae28eb6" > >>> +SRC_URI[sha256sum] = > >>> "8d2c6652ba60116a82514522b666ca77293f4bfc69f1e581028769f7ebb52ba4" > >>> > >>> #UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis" > >>> > >> Hello, > >> I was thinking about this one, as lynis is causing issues for each new > >> version. The last version is indeed ${BPN}-${PV}.tar.gz > >> <https://downloads.cisofy.com/lynis/$%7BBPN%7D-$%7BPV%7D.tar.gz>, but when > >> they release, they move the previous one. Existing recipes do not work > >> anymore. > >> > >> I think the solution would be to use their GitHub releases like > >> https://github.com/CISOfy/lynis/archive/refs/tags/3.1.5.tar.gz > >> > >> That would avoid the need to update the link every time they release. > >> > >> What do you think? > > Those are not reliable, as Github may regenerate them randomly. There's > > actually a QA check in oe-core (src-uri-bad) that explicitly flags such > > URIs. It may be worth asking upstream to always also put the new > > releases into their archive directory on downloads.cisofy.com right away > > so that the URI can stay stable. I can imagine them not going for that, > > though, based on the recommendation to always use the latest version on > > their download site. > > We can download the source code with the given hash of the release, as many > for many other projects. Lynis doesn't have any build process, it is a shell > script. Yes, switching to git fetcher with the tagged SRCREV seems like a reasonable approach (perhaps also using the new tag <-> SRCREV checking in the fetcher). I'd say perhaps submit that as a change on top of this version bump from Michael, as I assume the real target is the older branches that are going to be more likely to break. Scott
diff --git a/recipes-compliance/lynis/lynis_3.1.4.bb b/recipes-compliance/lynis/lynis_3.1.5.bb similarity index 93% rename from recipes-compliance/lynis/lynis_3.1.4.bb rename to recipes-compliance/lynis/lynis_3.1.5.bb index 3546a9e..3d1e8b7 100644 --- a/recipes-compliance/lynis/lynis_3.1.4.bb +++ b/recipes-compliance/lynis/lynis_3.1.5.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "c4dbcddd429624d5b2319cd3b19728e18a7885b70b8eb0a9fdd3ca5f0ae28eb6" +SRC_URI[sha256sum] = "8d2c6652ba60116a82514522b666ca77293f4bfc69f1e581028769f7ebb52ba4" #UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis"