The Linux Foundation Projects
Skip to main content


Yocto Project and CVEs – Yocto Project Summit 2019

By Blog


The Yocto Project community is doing a lot of work around CVEs, but that work is not always visible to our members. This presentation covers how CVEs are processed and the tools to help support this work, in particular the Security Response Tool contributed last year and the various CVE build check tools.

We will also discuss ways to better engage the community in tracking, communicating, and fixing CVEs.



David Reyna, SMTS, Wind River

Creating Friendly Layers – Yocto Project Summit 2019

By Blog


Recent years have seen a proliferation in Yocto Project layers from hardware manufacturers, software companies and hobbyist developers. The typical Yocto Project workflow involves pulling several of these layers together from different sources and crossing your fingers to hope that they all play nicely with each other. However, many layers are in practice mutually exclusive, force the selection of particular machine or distro, or make unwanted changes to recipes defined in other layers. This can result in broken builds (often with confusing error messages) or subtle runtime errors and crashes which may be difficult to debug.

When developing a layer it is important to avoid these potential problems so that it can be used as widely as possible. While it is not possible to test every combination of different layers, there are straightforward design principles that can be followed to maximise the likelihood of things working. Applying these principles effectively does however require a good understanding of how variables, tasks, distro features and overrides work within the Yocto Project.

This talk will cover both the design strategies and the implementation details needed to produce high quality Yocto Project layers which maximises compatibility with the work of others.

Speaker: Paul Barker

Paul Barker has been an active member of the Yocto Project community since 2013. He has contributed to the project in many ways, including maintaining the opkg package manager during 2013-2015. More recent contributions have focused on improving support for the Raspberry Pi and other single board computers. He is currently the technical lead on the Oryx Project which integrates lightweight container support into a production-ready Embedded Linux distribution and is built on top of Yocto Project technologies.

Paul’s technical role within Beta Five Ltd is to maintain board support packages (BSPs) and customised Embedded Linux distributions for clients. He also provides more general open source consulting and system administration services to selected clients. His previous role was the development and maintenance of Linux support at CommAgility Ltd, a manufacturer of telecomms test equipment.

Paul has previously spoke at FOSDEM 2014 on the subject of opkg maintenance and Embedded Linux based underwater noise monitoring equipment. He has also spoken at several academic conferences on the subjects of underwater acoustics, noise monitoring equipment and data analysis.