[yocto] yocto Digest, Vol 34, Issue 38
Zafrullah Syed
zafrullahmehdi at gmail.com
Tue Jul 16 15:23:08 PDT 2013
Hi,
I added opencv
in /home/yocto/poky/meta-gumstix-extras/recipes-images/gumstix/
gumstix-console-image.bb.
Why do I need to add 'IMAGE_EXTRAS += "opencv-apps opencv-samples" in
local.conf? aren't we supposed to add it in
/home/yocto/poky/meta-gumstix-extras/recipes-images/gumstix/
gumstix-console-image.bb? I am confused here.
I added Gstreamer along with opencv in (gumstix-console-image.bb) and build
was successful. Gstreamer was added to Image but not opencv.
Is it not sufficient if we add just 'opencv' in
/home/yocto/poky/meta-gumstix-extras/recipes-images/gumstix/
gumstix-console-image.bb? what are these 'opencv-apps opencv-samples' files?
Regards,
Zafrullah Syed
On Fri, Jul 12, 2013 at 9:00 PM, <yocto-request at yoctoproject.org> wrote:
> Send yocto mailing list submissions to
> yocto at yoctoproject.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.yoctoproject.org/listinfo/yocto
> or, via email, send a message with subject or body 'help' to
> yocto-request at yoctoproject.org
>
> You can reach the person managing the list at
> yocto-owner at yoctoproject.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of yocto digest..."
>
>
> Today's Topics:
>
> 1. Libraries missing after build is successful (Zafrullah Syed)
> 2. Re: Libraries missing after build is successful (Gary Thomas)
> 3. Re: Fwd: Yocto Layers not getting recognized by bitbake
> (varun bhatnagar)
> 4. meta-security Layer Now Available (Jeff Osier-Mixon)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 12 Jul 2013 17:21:39 +0200
> From: Zafrullah Syed <zafrullahmehdi at gmail.com>
> To: yocto <yocto at yoctoproject.org>
> Subject: [yocto] Libraries missing after build is successful
> Message-ID:
> <CAAGt+t1GaWBqsZAXR9xq0bTeYry_W_xOX38Qz=ZMxzM1=
> ivkbQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I appended OpenCV and Gstreamer plugins to Image and made a build. Build is
> successful without any errors but OpenCV libraries are missing in
> rootfs.tar.bz2
>
> I searched for libs( libopencv_core.so, libhighgui.so, libOpenCV.so ) in
> /usr/bin, /usr/lib and the whole archive but unable to find any libraries.
>
> In /yocto/build/downloads, I can
> see OpenCV-2.4.3.tar.bz2, OpenCV-2.4.3.tar.bz2.done files.
>
> In /yocto/build/tmp/deploy/licenses, I can see OpenCV folder.
>
> In /yocto/build/tmp/deploy/rpm/armv7a_vfp_neon, I can see .rpm packages.
>
> Log file after build says this:
> (Pasted only start and success logs)
>
> NOTE: recipe opencv-2.4.3-r2: task do_compile: Succeeded
> NOTE: recipe opencv-2.4.3-r2: task do_install: Started
> NOTE: recipe opencv-2.4.3-r2: task do_install: Succeeded
> NOTE: recipe opencv-2.4.3-r2: task do_package: Started
> NOTE: recipe opencv-2.4.3-r2: task do_populate_sysroot: Started
> NOTE: recipe opencv-2.4.3-r2: task do_populate_sysroot: Succeeded
> NOTE: recipe opencv-2.4.3-r2: task do_package: Succeeded
> NOTE: recipe opencv-2.4.3-r2: task do_package_write_rpm: Started
> NOTE: recipe opencv-2.4.3-r2: task do_package_write_rpm: Succeeded
> NOTE: recipe opencv-2.4.3-r2: task do_generate_toolchain_file: Started
> NOTE: recipe opencv-2.4.3-r2: task do_generate_toolchain_file: Succeeded
> NOTE: recipe opencv-2.4.3-r2: task do_populate_lic: Started
> NOTE: recipe opencv-2.4.3-r2: task do_populate_lic: Succeeded
>
> Any Idea/hints where these files are and why they are missing?
>
> Regards,
> Zafrullah Syed.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.yoctoproject.org/pipermail/yocto/attachments/20130712/482fc477/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 12 Jul 2013 10:21:54 -0600
> From: Gary Thomas <gary at mlbassoc.com>
> To: yocto at yoctoproject.org
> Subject: Re: [yocto] Libraries missing after build is successful
> Message-ID: <51E02D22.1090200 at mlbassoc.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 2013-07-12 09:21, Zafrullah Syed wrote:
> > I appended OpenCV and Gstreamer plugins to Image and made a build. Build
> is successful without any errors but OpenCV libraries are missing in
> rootfs.tar.bz2
>
> How did you do this?
>
> You should be able to just add them in your local.conf, e.g.
> IMAGE_EXTRAS += "opencv-apps opencv-samples"
> etc.
>
> > I searched for libs( libopencv_core.so, libhighgui.so, libOpenCV.so ) in
> /usr/bin, /usr/lib and the whole archive but unable to find any libraries.
> >
> > In /yocto/build/downloads, I can see OpenCV-2.4.3.tar.bz2,
> OpenCV-2.4.3.tar.bz2.done files.
> >
> > In /yocto/build/tmp/deploy/licenses, I can see OpenCV folder.
> >
> > In /yocto/build/tmp/deploy/rpm/armv7a_vfp_neon, I can see .rpm packages.
> >
> > Log file after build says this:
> > (Pasted only start and success logs)
> >
> > NOTE: recipe opencv-2.4.3-r2: task do_compile: Succeeded
> > NOTE: recipe opencv-2.4.3-r2: task do_install: Started
> > NOTE: recipe opencv-2.4.3-r2: task do_install: Succeeded
> > NOTE: recipe opencv-2.4.3-r2: task do_package: Started
> > NOTE: recipe opencv-2.4.3-r2: task do_populate_sysroot: Started
> > NOTE: recipe opencv-2.4.3-r2: task do_populate_sysroot: Succeeded
> > NOTE: recipe opencv-2.4.3-r2: task do_package: Succeeded
> > NOTE: recipe opencv-2.4.3-r2: task do_package_write_rpm: Started
> > NOTE: recipe opencv-2.4.3-r2: task do_package_write_rpm: Succeeded
> > NOTE: recipe opencv-2.4.3-r2: task do_generate_toolchain_file: Started
> > NOTE: recipe opencv-2.4.3-r2: task do_generate_toolchain_file: Succeeded
> > NOTE: recipe opencv-2.4.3-r2: task do_populate_lic: Started
> > NOTE: recipe opencv-2.4.3-r2: task do_populate_lic: Succeeded
> >
> > Any Idea/hints where these files are and why they are missing?
>
> --
> ------------------------------------------------------------
> Gary Thomas | Consulting for the
> MLB Associates | Embedded world
> ------------------------------------------------------------
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 12 Jul 2013 23:53:32 +0530
> From: varun bhatnagar <varun292006 at gmail.com>
> To: Paul Eggleton <paul.eggleton at linux.intel.com>,
> "yocto at yoctoproject.org" <yocto at yoctoproject.org>
> Subject: Re: [yocto] Fwd: Yocto Layers not getting recognized by
> bitbake
> Message-ID:
> <CAGxOggGH0mpoV=KqgGc=yEpNbdht5=
> L1WAzFvcm0za-TEC-FkQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Paul,
>
> I am pasting the content of my recipe file below, please have a look at it.
>
>
> DESCRIPTION = "bitake file"
> *DEPENDS = "net-snmp fuse"*
> RDEPENDS = "curl rpm openssh openldap procps psmisc sed net-snmp-server"
> LICENSE = "GPLv2+"
> PR = "r0"
> SRC_URI =
> "*file:///home/user/Myapp.tar.gz"*<file:///home/user/Myapp.tar.gz%22>
> ;
> EXTRA_OECMAKE += "-DCMAKE_FIND_ROOT_PATH=${STAGING_DIR_HOST} "
> EXTRA_OECMAKE += "-DTARGET_ARCHITECTURE=${TARGET_ARCH} "
> EXTRA_OECMAKE += "-DCMAKE_SYSTEM_NAME=Linux "
> EXTRA_OECMAKE += "-DCMAKE_SYSTEM_VERSION=1 "
> EXTRA_OECMAKE += "-DRSTATE=${PR} "
> EXTRA_OECMAKE += "-DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM=NEVER "
> EXTRA_OECMAKE += "-DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY "
> EXTRA_OECMAKE += "-DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY "
> EXTRA_OECMAKE += "-DRPM=1 "
>
> inherit cmake
>
> do_configure(){
> cmake ..${EXTRA_OECMAKE}
> }
>
> do_compile(){
> oe_runmake all
> }
>
> //
> Varun
>
>
> On Mon, Jul 1, 2013 at 3:18 PM, Paul Eggleton <
> paul.eggleton at linux.intel.com
> > wrote:
>
> > On Sunday 30 June 2013 00:05:58 varun bhatnagar wrote:
> > > Yes Paul that was the entry was there in CORE_IMAGE_EXTRA_INSTALL. I
> have
> > > removed it from there but I need to add the command provided by these
> > > packages in my image. So I have added one line in my layer.conf file
> > > "IMAGE_INSTALL_append= test-ea ". Now if I try to run bitbake -k
> > > core-image-minimal, it gives me a message saying "Nothing provides
> > > test-ea". What shall I do? (I have build the recipe file of test-ea
> > without
> > > any error.)
> >
> > Can you show me what the test-ea recipe contains?
> >
> > Cheers,
> > Paul
> >
> > --
> >
> > Paul Eggleton
> > Intel Open Source Technology Centre
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.yoctoproject.org/pipermail/yocto/attachments/20130712/8f089776/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Fri, 12 Jul 2013 11:43:41 -0700
> From: Jeff Osier-Mixon <jefro at jefro.net>
> To: Yocto Project <yocto at yoctoproject.org>,
> yocto-announce at yoctoproject.org
> Subject: [yocto] meta-security Layer Now Available
> Message-ID:
> <CA+YB3rYaryy71L3b8Ou=1+wgCU8tR=bKxapAuqYkB4C=
> wCAhmA at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> [thanks to Andrei Dinu for writing this]
>
> _______________________________________________________________
> meta-security Layer Now Available
>
>
> Can embedded devices have the same type of security that normal
> desktops run? Can the security be enhanced in some way? The answer is
> yes! With the new meta-security-layer which can be used with the Yocto
> Project. Now it's very simple to build a Linux distribution with the
> Yocto Project and use all the security tools to harden, protect, and
> detect vulnerabilities on embedded devices.
>
>
> Why the security layer?
>
> As embedded devices keep getting more and more powerful, there must be
> some concern regarding the security of that device. Maybe some devices
> are in a closed environment, with no access from outside, but that is
> not the case for all of them. If someone is running a webserver on a
> router for example, or uses a device that is permanently connected to
> the internet, it can be susceptible to hijacking. With this security
> layer we wanted to give the users the chance to enhance the security
> on every device that uses the Yocto Project.
>
>
> What does it contain?
>
> After searching the internet looking for open source security packages
> that can be used on embedded devices, we came down to a list that
> covers a wide range of functionalities useful for the user. At the
> moment the security layer contains hardening tools, security checking
> tools, a library for syscall filtering, webserver security, port
> scanners, and other features that are targeted to different levels of
> system security, from low-level to high level.
>
> The packages included in this layer are described below, along with
> some usage examples.
>
> We are going to start with Bastille, which is a hardening program used
> to secure the system and environment in order to make it
> non-penetrable and non-exploitable. It is an easy to use, rule-based
> hardening tool, which has an interactive way of configuring it. On the
> first run with "bastille -c", the user must go through a list of
> questions. After all questions are answered, a config file is created
> and run. After running the config file, the system is hardened based
> on the answers to the questions. Also, if a config file is already
> present on the system, it can be run by simply writing "bastille -b".
>
> Next in line are the redhat-security tools. This is a collection of
> scripts that analyzes security problems ranging from file permissions
> to correctness of code. Here are some items from that list:
>
> - find-chroot.sh - This script scans the whole file system looking for
> ELF files that calls chroot(2) that also do not include a call to
> chdir. Programs that fail to do this do not have the cwd inside the
> chroot. This means the app can escape the protection that was
> intended.
>
> - find-nodrop-groups.sh - This script scans a whole file system to see
> if a program makes calls to change UID and GID without also calling
> setgroups or initgroups.
>
> - find-hidden-exec.sh - This script scans the whole file system
> looking for excutables that are hidden. Anything found must be
> investigated since its highly unusual for executables to be hidden.
>
> Another tool that is included is pax-utils. This package also includes
> a list of scripts that scan ELF files for consistency and not only.
> One of the most popular ones is scanelf. With this script you can
> print out the information specific to the ELF structure of a binary.
> Also, very useful for developers is dumpelf. This is a user space
> utility that dumps all of the internal ELF structures into the
> equivalent C structures for debugging or reference purposes.
>
> Buck-security is a security scanner that checks and reports any
> vulnerabilities. Unlike bastille which also hardens your system,
> buck-security runs a series of scripts present in the configuration
> file. The user can add or remove some checks if they are not
> necessary.
>
> Libseccomp is a library that provides a platform independent, easy to
> use, interface to the Linux Kernel's syscall filtering mechanism. The
> libseccomp API is designed to abstract away the underlying BPF based
> syscall filter language and present a more conventional function-call
> based filtering interface that should be familiar to, and easily
> adopted by application developers.
>
> Checksecurity - check for changes to setuid programs - command scans
> the mounted files systems (subject to the filter defined in
> /etc/checksecurity.conf) and compares the list of setuid programs to
> the list created on the previous run. Any changes are printed to
> standard output. Also, it generates a list of nfs and afs
> filesystems that are mounted insecurely (i.e. they are missing the
> nodev and either the noexec or nosuid flags).
>
> Nikto - This tool is very useful if you have a web server running on
> your device. Nikto is a scanner which performs comprehensive tests
> against web servers for potentially dangerous files or CGI's, checks
> for outdated versions of over 1250 servers and version specific
> problems.
>
> And last but not least : Nmap - This famous tool used for network
> discovery and security auditing is very useful for system and network
> administrators. Now, you can monitor anything on the network via your
> embedded device with the usage of this tool.
>
>
> Conclusion
>
> The best way to have a secure embedded device is to "keep it simple".
> That means, if you want to be bulletproof, don't include tools that
> can bring security holes to your device. But when you really need
> those programs, it is best to bring them along with a security
> checking tool that assures you the security you need.
>
> [
> https://www.yoctoproject.org/blogs/andrei-dinu/2013/meta-security-layer-now-available
> ]
>
> --
> Jeff Osier-Mixon http://jefro.net/blog
> Yocto Project Community Manager @Intel http://yoctoproject.org
>
>
> ------------------------------
>
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
>
> End of yocto Digest, Vol 34, Issue 38
> *************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20130717/7a9cf535/attachment.html>
More information about the yocto
mailing list