[yocto] [meta-security] buck-security not found in STAGING_BINDIR_NATIVE

Jon Szymaniak jon.szymaniak.foss at gmail.com
Thu May 31 21:38:02 PDT 2018 

I'm working with the rocko branch of the meta-security layer [1], with the
latest poky rocko branch HEAD on an Ubuntu 17.04 machine (technically an
"untested" distro but otherwise fine in the past).

>From my understanding, all that should be required to run the buck-security
after an image build is adding INHERIT += "check_security" to local.conf. I
see that check_security.bbclass [2] already takes care of appending itself
to EXTRA_IMAGEDEPENDS.

However, when building an image (e.g. core-image-minimal),
check_security.bbclass is failing to find buck-security in
${STAGING_BINDIR_NATIVE}, as indicated by the following error message:

${TMPDIR}/work/raspberrypi0_wifi-poky-linux-gnueabi/core-ima
ge-minimal/1.0-r0/temp/run.check_security.24976:
  112: ${TMPDIR}/work/raspberrypi0_wifi-poky-linux-gnueabi/core-ima
ge-minimal/1.0-r0/temp/run.check_security.24976:
     ${TMPDIR}/work/raspberrypi0_wifi-poky-linux-gnueabi/core-im
age-minimal/1.0-r0/recipe-sysroot-native/usr/bin/buck-security: not found

The above makes it clear what ${STAGING_BINDIR_NATIVE} expands to;
buck-security is indeed not present in this location.

My logs indicate that when buck-security-native recipe's do_install() is
executed [3], ${D} and ${bindir} are defined as follows:

D: ${TMPDIR}/work/x86_64-linux/buck-security-native/0.7-r0/image
bindir: ${TMPDIR}/work/x86_64-linux/buck-security-native/0.7-r0/recipe-sysroot-native/usr/bin

buck-security also appears to be present in the  following location:
${TMPDIR}/sysroots-components/x86_64/buck-security-native/usr/bin/buck-security


After going through the manuals, I'm still a little unclear about when
exactly buck-security-native's files should be copied or linked into the
image's respective sysroot (presumably, during do_populate_sysroot?), and
where the breakdown is happening here.

If anyone else is able to reproduce this or provide some assistance in
resolving or just debugging it, I'd greatly appreciate it.

Thank you,
Jon Szymaniak



References:
[1] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/
[2] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security
/tree/classes/check_security.bbclass
[3] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/recipes-
security/buck-security/buck-security_0.7.bb#n51
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20180531/37c850ed/attachment-0001.html>

More information about the yocto mailing list