markus.lehr/yoctor-layers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added my Recipes

Browse Source
This commit is contained in:
Markus Lehr
2024-07-11 14:16:35 +02:00
parent 38bc4f53ac
commit 09b621d929
7118 changed files with 525762 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
meta-openembedded/meta-oe/classes/breakpad.bbclass Normal file
View File

@@ -0,0 +1,36 @@
# Class to inherit when you want to build against Breakpad.
# Apart from inheriting this class, you need to set BREAKPAD_BIN in
# your recipe, and make sure that you link against libbreakpad_client.a.
DEPENDS += "breakpad breakpad-native"
CFLAGS += "-I${STAGING_DIR_TARGET}${includedir}/breakpad "
CXXFLAGS += "-I${STAGING_DIR_TARGET}${includedir}/breakpad "
BREAKPAD_BIN ?= ""
python () {
breakpad_bin = d.getVar("BREAKPAD_BIN")
if not breakpad_bin:
PN = d.getVar("PN")
FILE = os.path.basename(d.getVar("FILE"))
bb.error("To build %s, see breakpad.bbclass for instructions on \
setting up your Breakpad configuration" % PN)
raise ValueError('BREAKPAD_BIN not defined in %s' % PN)
}
# Add creation of symbols here
PACKAGE_PREPROCESS_FUNCS += "breakpad_package_preprocess"
breakpad_package_preprocess () {
mkdir -p ${PKGD}/usr/share/breakpad-syms
find ${D} -name ${BREAKPAD_BIN} -exec sh -c "dump_syms {} > ${PKGD}/usr/share/breakpad-syms/${BREAKPAD_BIN}.sym" \;
HASH=$(head -n1 ${PKGD}/usr/share/breakpad-syms/${BREAKPAD_BIN}.sym | rev | cut -d ' ' -f2 | rev)
mkdir -p ${PKGD}/usr/share/breakpad-syms/${BREAKPAD_BIN}/${HASH}
mv ${PKGD}/usr/share/breakpad-syms/${BREAKPAD_BIN}.sym ${PKGD}/usr/share/breakpad-syms/${BREAKPAD_BIN}/${HASH}
}
PACKAGES =+ "${PN}-breakpad"
FILES:${PN}-breakpad = "/usr/share/breakpad-syms"

125
meta-openembedded/meta-oe/classes/gitpkgv.bbclass Normal file
View File

@@ -0,0 +1,125 @@
# gitpkgv.bbclass provides a GITPKGV and GITPKGVTAG variables to be
# used in PKGV, as described bellow:
#
# - GITPKGV which is a sortable version with the format NN+GITHASH, to
# be used in PKGV, where
#
# NN equals the total number of revs up to SRCREV
# GITHASH is SRCREV's (full) hash
#
# - GITPKGVTAG which is the output of 'git describe --tags --exact-match'
# allowing for automatic versioning
#
# gitpkgv.bbclass assumes the git repository has been cloned, and
# contains SRCREV. So ${GITPKGV} and ${GITPKGVTAG} should never be
# used in PV, only in PKGV. It can handle SRCREV = ${AUTOREV}, as
# well as SRCREV = "<some fixed git hash>".
#
# WARNING: if upstream repository is always using consistent and
# sortable tag name scheme you can get sortable version including tag
# name with ${GITPKGVTAG}, but be aware that ie tag sequence "v1.0,
# v1.2, xtest, v2.0" will force you to increment PE to get upgradeable
# path to v2.0 revisions
#
# use example:
#
# inherit gitpkgv
#
# PV = "1.0+gitr${SRCPV}" # expands to something like 1.0+gitr3+4c1c21d7dbbf93b0df336994524313dfe0d4963b
# PKGV = "1.0+gitr${GITPKGV}" # expands also to something like 1.0+gitr31337+4c1c21d7d
#
# or
#
# inherit gitpkgv
#
# PV = "1.0+gitr${SRCPV}" # expands to something like 1.0+gitr3+4c1c21d7dbbf93b0df336994524313dfe0d4963b
# PKGV = "${GITPKGVTAG}" # expands to something like 1.0-31337+g4c1c21d
# if there is tag v1.0 before this revision or
# ver1.0-31337+g4c1c21d if there is tag ver1.0
GITPKGV = "${@get_git_pkgv(d, False)}"
GITPKGVTAG = "${@get_git_pkgv(d, True)}"
# This regexp is used to drop unwanted parts of the found tags. Any matching
# groups will be concatenated to yield the final version.
GITPKGV_TAG_REGEXP ??= "v(\d.*)"
def gitpkgv_drop_tag_prefix(d, version):
import re
m = re.match(d.getVar('GITPKGV_TAG_REGEXP'), version)
if m:
return ''.join(group for group in m.groups() if group)
else:
return version
def get_git_pkgv(d, use_tags):
import os
import bb
from pipes import quote
src_uri = d.getVar('SRC_URI').split()
fetcher = bb.fetch2.Fetch(src_uri, d)
ud = fetcher.ud
#
# If SRCREV_FORMAT is set respect it for tags
#
format = d.getVar('SRCREV_FORMAT')
if not format:
names = []
for url in ud.values():
if url.type == 'git' or url.type == 'gitsm':
names.extend(url.revisions.keys())
if len(names) > 0:
format = '_'.join(names)
else:
format = 'default'
found = False
for url in ud.values():
if url.type == 'git' or url.type == 'gitsm':
for name, rev in url.revisions.items():
if not os.path.exists(url.localpath):
return None
found = True
vars = { 'repodir' : quote(url.localpath),
'rev' : quote(rev) }
rev = bb.fetch2.get_srcrev(d).split('+')[1]
rev_file = os.path.join(url.localpath, "oe-gitpkgv_" + rev)
if not os.path.exists(rev_file) or os.path.getsize(rev_file)==0:
commits = bb.fetch2.runfetchcmd(
"git --git-dir=%(repodir)s rev-list %(rev)s -- 2>/dev/null | wc -l"
% vars, d, quiet=True).strip().lstrip('0')
if commits != "":
oe.path.remove(rev_file, recurse=False)
with open(rev_file, "w") as f:
f.write("%d\n" % int(commits))
else:
commits = "0"
else:
with open(rev_file, "r") as f:
commits = f.readline(128).strip()
if use_tags:
try:
output = bb.fetch2.runfetchcmd(
"git --git-dir=%(repodir)s describe %(rev)s --tags --exact-match 2>/dev/null"
% vars, d, quiet=True).strip()
ver = gitpkgv_drop_tag_prefix(d, output)
except Exception:
ver = "0.0-%s-g%s" % (commits, vars['rev'][:7])
else:
ver = "%s+%s" % (commits, vars['rev'][:7])
format = format.replace(name, ver)
if found:
return format
return '0+0'

84
meta-openembedded/meta-oe/classes/gitver.bbclass Normal file
View File

@@ -0,0 +1,84 @@
# Copyright (C) 2009 Chris Larson <clarson@kergoth.com>
# Released under the MIT license (see COPYING.MIT for the terms)
#
# gitver.bbclass provides a GITVER variable which is a (fairly) sane version,
# for use in ${PV}, extracted from the ${S} git checkout, assuming it is one.
# This is most useful in concert with srctree.bbclass.
def git_drop_tag_prefix(version):
import re
if re.match("v\d", version):
return version[1:]
else:
return version
GIT_TAGADJUST = "git_drop_tag_prefix(version)"
GITVER = "${@get_git_pv(d, tagadjust=lambda version:${GIT_TAGADJUST})}"
GITSHA = "${@get_git_hash(d)}"
def gitrev_run(cmd, path):
(output, error) = bb.process.run(cmd, cwd=path)
return output.rstrip()
def get_git_pv(d, tagadjust=None):
import os
srcdir = d.getVar("EXTERNALSRC") or d.getVar("S")
gitdir = os.path.abspath(os.path.join(srcdir, ".git"))
try:
ver = gitrev_run("git describe --tags", gitdir)
except:
try:
ver = gitrev_run("git rev-parse --short HEAD", gitdir)
if ver:
return "0.0+%s" % ver
else:
return "0.0"
except Exception as exc:
raise bb.parse.SkipRecipe(str(exc))
if ver and tagadjust:
ver = tagadjust(ver)
return ver
def get_git_hash(d):
import os
srcdir = d.getVar("EXTERNALSRC") or d.getVar("S")
gitdir = os.path.abspath(os.path.join(srcdir, ".git"))
try:
rev = gitrev_run("git rev-list HEAD -1", gitdir)
return rev[:7]
except Exception as exc:
bb.fatal(str(exc))
def mark_recipe_dependencies(path, d):
from bb.parse import mark_dependency
gitdir = os.path.join(path, ".git")
# Force the recipe to be reparsed so the version gets bumped
# if the active branch is switched, or if the branch changes.
mark_dependency(d, os.path.join(gitdir, "HEAD"))
# Force a reparse if anything in the index changes.
mark_dependency(d, os.path.join(gitdir, "index"))
try:
ref = gitrev_run("git symbolic-ref -q HEAD", gitdir)
except bb.process.CmdError:
pass
else:
if ref:
mark_dependency(d, os.path.join(gitdir, ref))
# Catch new tags.
tagdir = os.path.join(gitdir, "refs", "tags")
if os.path.exists(tagdir):
mark_dependency(d, tagdir)
python () {
srcdir = d.getVar("EXTERNALSRC") or d.getVar("S")
mark_recipe_dependencies(srcdir, d)
}

17
meta-openembedded/meta-oe/classes/gpe.bbclass Normal file
View File

@@ -0,0 +1,17 @@
DEPENDS:prepend = "virtual/libintl intltool-native "
GPE_TARBALL_SUFFIX ?= "gz"
SRC_URI = "${GPE_MIRROR}/${BP}.tar.${GPE_TARBALL_SUFFIX}"
FILES:${PN} += "${datadir}/gpe ${datadir}/application-registry"
SECTION ?= "gpe"
inherit gettext
gpe_do_compile() {
oe_runmake PREFIX=${prefix}
}
gpe_do_install() {
oe_runmake PREFIX=${prefix} DESTDIR=${D} install
}
EXPORT_FUNCTIONS do_compile do_install

16
meta-openembedded/meta-oe/classes/image_types_sparse.bbclass Normal file
View File

@@ -0,0 +1,16 @@
inherit image_types
# This sets the granularity of the sparse image conversion. Chunk sizes will be
# specified in units of this value. Setting this value smaller than the
# underlying image's block size will not result in any further space saving.
# However, there is no loss in correctness if this value is larger or smaller
# than optimal. This value should be a power of two.
SPARSE_BLOCK_SIZE ??= "4096"
CONVERSIONTYPES += "sparse"
CONVERSION_CMD:sparse() {
INPUT="${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
truncate --no-create --size=%${SPARSE_BLOCK_SIZE} "$INPUT"
img2simg -s "$INPUT" "$INPUT.sparse" ${SPARSE_BLOCK_SIZE}
}
CONVERSION_DEPENDS_sparse = "android-tools-native"

5
meta-openembedded/meta-oe/classes/itstool.bbclass Normal file
View File

@@ -0,0 +1,5 @@
# helper class to prepare correct environment for native itstool
inherit python3native
DEPENDS:append = " itstool-native"

8
meta-openembedded/meta-oe/classes/machine_kernel_pr.bbclass Normal file
View File

@@ -0,0 +1,8 @@
python __anonymous () {
machine_kernel_pr = d.getVar('MACHINE_KERNEL_PR')
if machine_kernel_pr:
d.setVar('PR', machine_kernel_pr)
}

35
meta-openembedded/meta-oe/classes/scancode.bbclass Normal file
View File

@@ -0,0 +1,35 @@
# We use scancode utlity for extacting licence information.
# scancode itself is an OSS Utlitity.
# For more informaiton https://github.com/nexB/scancode-toolkit
SCANCODE_FORMAT ?= "html-app"
EXT = "${@'html' if d.getVar('SCANCODE_FORMAT') == 'html-app' else 'json'}"
SCANCODE_TOOLKIT = "${@get_scancode_toolkit(d)}"
SCANCODE_TAG = "v2.2.1"
SCANCODE_GIT_LOCATION ?= "https://github.com/nexB/scancode-toolkit.git"
SCANCODE_SRC_LOCATION ?= "${DL_DIR}/scancode"
def get_scancode_toolkit(d):
lf = bb.utils.lockfile(d.getVar('SCANCODE_SRC_LOCATION') + ".lock")
if (not os.path.exists(d.getVar('SCANCODE_SRC_LOCATION'))):
os.system("git clone %s %s -b %s" % (d.getVar('SCANCODE_GIT_LOCATION'), d.getVar('SCANCODE_SRC_LOCATION'), d.getVar('SCANCODE_TAG')))
bb.utils.unlockfile(lf)
return (d.getVar('SCANCODE_SRC_LOCATION'))
do_scancode() {
mkdir -p ${DEPLOY_DIR_IMAGE}/scancode
cd ${SCANCODE_TOOLKIT}
if [ -d "${S}" ]; then
./scancode ${S} --format ${SCANCODE_FORMAT} ${DEPLOY_DIR_IMAGE}/scancode/${PN}.${EXT}
fi
}
addtask scancode after do_patch
do_scancode_oss() {
echo "We are done running scancode"
}
do_scancode_oss[recrdeptask] = "do_scancode_oss do_scancode"
do_scancode_oss[nostamp] = "1"
addtask do_scancode_oss after do_scancode

316
meta-openembedded/meta-oe/classes/signing.bbclass Normal file
View File

@@ -0,0 +1,316 @@
#
# Copyright Jan Luebbe <jlu@pengutronix.de>
#
# SPDX-License-Identifier: MIT
#
# This class provides a common workflow to use asymmetric (i.e. RSA) keys to
# sign artifacts. Usually, the keys are either stored as simple files in the
# file system or on a HSM (Hardware Security Module). While files are easy to
# use, it's hard to verify that no copies of the private have been made and
# only authorized persons are able to use the key. Use of an HSM addresses
# these risks by only allowing use of the key via an API (often PKCS #11). The
# standard way of referring to a specific key in an HSM are PKCS #11 URIs (RFC
# 7512).
#
# Many software projects support signing using PKCS #11 keys, but configuring
# this is very project specific. Furthermore, as physical HSMs are not very
# widespread, testing code signing in CI is not simple. To solve this at the
# build system level, this class takes the approach of always using PKCS #11 at
# the recipe level. For cases where the keys are available as files (i.e. test
# keys in CI), they are imported into SoftHSM (a HSM emulation library).
#
# Recipes access the available keys via a specific role. So, depending on
# whether we're building during development or for release, a given role can
# refer to different keys.
# Each key recipe PROVIDES a virtual package corresponding to the role, allowing
# the user to select one of multiple keys for a role when needed.
#
# For use with a real HSM, a PKCS #11 URI can be set (i.e. in local.conf) to
# override the SoftHSM key with the real one:
#
# SIGNING_PKCS11_URI[fit] = "pkcs11:serial=DENK0200554;object=ptx-dev-rauc&pin-value=123456"
# SIGNING_PKCS11_MODULE[fit] = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
#
# Examples for defining roles and importing keys:
#
# meta-code-signing/recipes-security/signing-keys/dummy-rsa-key-native.bb
# meta-code-signing-demo/recipes-security/ptx-dev-keys/ptx-dev-keys-native_git.bb
#
# Examples for using keys for signing:
#
# meta-code-signing-demo/recipes-security/fit-image/linux-fit-image.bb
# meta-code-signing-demo/recipes-core/bundles/update-bundle.bb
#
# Examples for using keys for authentication:
#
# meta-code-signing-demo/recipes-security/fit-image/barebox_%.bbappend
# meta-code-signing-demo/recipes-core/rauc/rauc_%.bbappend
#
# Examples for using keys for both signing and authentication:
#
# meta-code-signing-demo/recipes-kernel/linux/linux-yocto_6.1.bbappend
SIGNING_PKCS11_URI ?= ""
SIGNING_PKCS11_MODULE ?= ""
DEPENDS += "softhsm-native libp11-native opensc-native openssl-native"
def signing_class_prepare(d):
import os.path
def export(role, k, v):
k = k % (role, )
d.setVar(k, v)
d.setVarFlag(k, "export", "1")
roles = set()
roles |= (d.getVarFlags("SIGNING_PKCS11_URI") or {}).keys()
roles |= (d.getVarFlags("SIGNING_PKCS11_MODULE") or {}).keys()
for role in roles:
if not set(role).issubset("abcdefghijklmnopqrstuvwxyz0123456789_"):
bb.fatal("key role name '%s' must consist of only [a-z0-9_]" % (role,))
pkcs11_uri = d.getVarFlag("SIGNING_PKCS11_URI", role) or d.getVar("SIGNING_PKCS11_URI")
if not pkcs11_uri.startswith("pkcs11:"):
bb.fatal("URI for key role '%s' must start with 'pkcs11:'" % (role,))
pkcs11_module = d.getVarFlag("SIGNING_PKCS11_MODULE", role) or d.getVar("SIGNING_PKCS11_MODULE")
if not os.path.isfile(pkcs11_module):
bb.fatal("module path for key role '%s' must be an existing file" % (role,))
if pkcs11_uri and not pkcs11_module:
bb.warn("SIGNING_PKCS11_URI[%s] is set without SIGNING_PKCS11_MODULE[%s]" % (role, role))
if pkcs11_module and not pkcs11_uri:
bb.warn("SIGNING_PKCS11_MODULE[%s] is set without SIGNING_PKCS11_URI[%s]" % (role, role))
export(role, "SIGNING_PKCS11_URI_%s_", pkcs11_uri)
export(role, "SIGNING_PKCS11_MODULE_%s_", pkcs11_module)
signing_pkcs11_tool() {
pkcs11-tool --module "${STAGING_LIBDIR_NATIVE}/softhsm/libsofthsm2.so" --login --pin 1111 $*
}
signing_import_prepare() {
export _SIGNING_ENV_FILE_="${B}/meta-signing.env"
rm -f "$_SIGNING_ENV_FILE_"
export SOFTHSM2_CONF="${B}/softhsm2.conf"
export SOFTHSM2_DIR="${B}/softhsm2.tokens"
export SOFTHSM2_MOD="${STAGING_LIBDIR_NATIVE}/softhsm/libsofthsm2.so"
echo "directories.tokendir = $SOFTHSM2_DIR" > "$SOFTHSM2_CONF"
echo "objectstore.backend = db" >> "$SOFTHSM2_CONF"
rm -rf "$SOFTHSM2_DIR"
mkdir -p "$SOFTHSM2_DIR"
softhsm2-util --module $SOFTHSM2_MOD --init-token --free --label ${PN} --pin 1111 --so-pin 222222
}
signing_import_define_role() {
local role="${1}"
case "${1}" in
(*[!a-z0-9_]*) false;;
(*) true;;
esac || bbfatal "invalid role name '${1}', must consist of [a-z0-9_]"
echo "_SIGNING_PKCS11_URI_${role}_=\"pkcs11:token=${PN};object=$role;pin-value=1111\"" >> $_SIGNING_ENV_FILE_
echo "_SIGNING_PKCS11_MODULE_${role}_=\"softhsm\"" >> $_SIGNING_ENV_FILE_
}
# signing_import_cert_from_der <role> <der>
#
# Import a certificate from DER file to a role. To be used
# with SoftHSM.
signing_import_cert_from_der() {
local role="${1}"
local der="${2}"
signing_pkcs11_tool --type cert --write-object "${der}" --label "${role}"
}
# signing_import_cert_from_pem <role> <pem>
#
# Import a certificate from PEM file to a role. To be used
# with SoftHSM.
signing_import_cert_from_pem() {
local role="${1}"
local pem="${2}"
openssl x509 \
-in "${pem}" -inform pem -outform der |
signing_pkcs11_tool --type cert --write-object /proc/self/fd/0 --label "${role}"
}
# signing_import_pubkey_from_der <role> <pem>
#
# Import a public key from DER file to a role. To be used with SoftHSM.
signing_import_pubkey_from_pem() {
local role="${1}"
local der="${2}"
signing_pkcs11_tool --type pubkey --write-object "${der}" --label "${role}"
}
# signing_import_pubkey_from_pem <role> <pem>
#
# Import a public key from PEM file to a role. To be used with SoftHSM.
signing_import_pubkey_from_pem() {
local openssl_keyopt
local role="${1}"
local pem="${2}"
if [ -n "${IMPORT_PASS_FILE}" ]; then
openssl rsa \
-passin "file:${IMPORT_PASS_FILE}" \
-in "${pem}" -inform pem -pubout -outform der
else
openssl rsa \
-in "${pem}" -inform pem -pubout -outform der
fi |
signing_pkcs11_tool --type pubkey --write-object /proc/self/fd/0 --label "${role}"
}
# signing_import_privkey_from_der <role> <pem>
#
# Import a private key from DER file to a role. To be used with SoftHSM.
signing_import_privkey_from_der() {
local role="${1}"
local der="${2}"
signing_pkcs11_tool --type privkey --write-object "${der}" --label "${role}"
}
# signing_import_privkey_from_pem <role> <pem>
#
# Import a private key from PEM file to a role. To be used with SoftHSM.
signing_import_privkey_from_pem() {
local openssl_keyopt
local role="${1}"
local pem="${2}"
if [ -n "${IMPORT_PASS_FILE}" ]; then
openssl rsa \
-passin "file:${IMPORT_PASS_FILE}" \
-in "${pem}" -inform pem -outform der
else
openssl rsa \
-in "${pem}" -inform pem -outform der
fi |
signing_pkcs11_tool --type privkey --write-object /proc/self/fd/0 --label "${role}"
}
# signing_import_key_from_pem <role> <pem>
#
# Import a private and public key from PEM file to a role. To be used
# with SoftHSM.
signing_import_key_from_pem() {
local role="${1}"
local pem="${2}"
signing_import_pubkey_from_pem "${role}" "${pem}"
signing_import_privkey_from_pem "${role}" "${pem}"
}
signing_import_finish() {
echo "loaded objects:"
signing_pkcs11_tool --list-objects
}
signing_import_install() {
install -d ${D}${localstatedir}/lib/softhsm/tokens/${PN}
install -m 600 -t ${D}${localstatedir}/lib/softhsm/tokens/${PN} ${B}/softhsm2.tokens/*/*
install -d ${D}${localstatedir}/lib/meta-signing.env.d
install -m 644 "${B}/meta-signing.env" ${D}${localstatedir}/lib/meta-signing.env.d/${PN}
}
signing_prepare() {
if [ -f ${OPENSSL_CONF} ]; then
echo "Using '${OPENSSL_CONF}' for OpenSSL configuration"
else
echo "Missing 'openssl.cnf' at '${STAGING_ETCDIR_NATIVE}/ssl'"
return 1
fi
if [ -d ${OPENSSL_MODULES} ]; then
echo "Using '${OPENSSL_MODULES}' for OpenSSL run-time modules"
else
echo "Missing OpenSSL module directory at '${OPENSSL_MODULES}'"
return 1
fi
if [ -d ${OPENSSL_ENGINES} ]; then
echo "Using '${OPENSSL_ENGINES}' for OpenSSL run-time PKCS#11 modules"
else
echo "Missing OpenSSL PKCS11 engine directory at '${OPENSSL_ENGINES}'"
return 1
fi
export SOFTHSM2_CONF="${WORKDIR}/softhsm2.conf"
export SOFTHSM2_DIR="${STAGING_DIR_NATIVE}/var/lib/softhsm/tokens"
echo "directories.tokendir = $SOFTHSM2_DIR" > "$SOFTHSM2_CONF"
echo "objectstore.backend = db" >> "$SOFTHSM2_CONF"
for env in $(ls "${STAGING_DIR_NATIVE}/var/lib/meta-signing.env.d"); do
. "${STAGING_DIR_NATIVE}/var/lib/meta-signing.env.d/$env"
done
}
# make sure these functions are exported
signing_prepare[vardeps] += "signing_get_uri signing_get_module"
signing_use_role() {
local role="${1}"
export PKCS11_MODULE_PATH="$(signing_get_module $role)"
export PKCS11_URI="$(signing_get_uri $role)"
if [ -z "$PKCS11_MODULE_PATH" ]; then
echo "No PKCS11_MODULE_PATH found for role '${role}'"
exit 1
fi
if [ -z "$PKCS11_URI" ]; then
echo "No PKCS11_URI found for role '${role}'"
exit 1
fi
}
signing_get_uri() {
local role="${1}"
# prefer local configuration
eval local uri="\$SIGNING_PKCS11_URI_${role}_"
if [ -n "$uri" ]; then
echo "$uri"
return
fi
# fall back to softhsm
eval echo "\$_SIGNING_PKCS11_URI_${role}_"
}
signing_get_module() {
local role="${1}"
# prefer local configuration
eval local module="\$SIGNING_PKCS11_MODULE_${role}_"
if [ -n "$module" ]; then
echo "$module"
return
fi
# fall back to softhsm
eval local module="\$_SIGNING_PKCS11_MODULE_${role}_"
if [ "$module" = "softhsm" ]; then
echo "${STAGING_LIBDIR_NATIVE}/softhsm/libsofthsm2.so"
else
echo "$module"
fi
}
python () {
signing_class_prepare(d)
}
export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"

231
meta-openembedded/meta-oe/classes/socorro-syms.bbclass Normal file
View File

@@ -0,0 +1,231 @@
# Inherit this class when you want to allow Mozilla Socorro to link Breakpad's
# stack trace information to the correct source code revision.
# This class creates a new version of the symbol file (.sym) created by
# Breakpad. The absolute file paths in the symbol file will be replaced by VCS,
# branch, file and revision of the source file. That information facilitates the
# lookup of a particular source code line in the stack trace.
#
# Use example:
#
# BREAKPAD_BIN = "YourBinary"
# inherit socorro-syms
#
# We depend on Breakpad creating the original symbol file.
inherit breakpad
PACKAGE_PREPROCESS_FUNCS += "symbol_file_preprocess"
PACKAGES =+ "${PN}-socorro-syms"
FILES:${PN}-socorro-syms = "/usr/share/socorro-syms"
python symbol_file_preprocess() {
package_dir = d.getVar("PKGD")
breakpad_bin = d.getVar("BREAKPAD_BIN")
if not breakpad_bin:
package_name = d.getVar("PN")
bb.error("Package %s depends on Breakpad via socorro-syms. See "
"breakpad.bbclass for instructions on setting up the Breakpad "
"configuration." % package_name)
raise ValueError("BREAKPAD_BIN not defined in %s." % package_name)
sym_file_name = breakpad_bin + ".sym"
breakpad_syms_dir = os.path.join(
package_dir, "usr", "share", "breakpad-syms")
socorro_syms_dir = os.path.join(
package_dir, "usr", "share", "socorro-syms")
if not os.path.exists(socorro_syms_dir):
os.makedirs(socorro_syms_dir)
breakpad_sym_file_path = os.path.join(breakpad_syms_dir, sym_file_name)
socorro_sym_file_path = os.path.join(socorro_syms_dir, sym_file_name)
create_socorro_sym_file(d, breakpad_sym_file_path, socorro_sym_file_path)
arrange_socorro_sym_file(socorro_sym_file_path, socorro_syms_dir)
return
}
def run_command(command, directory):
(output, error) = bb.process.run(command, cwd=directory)
if error:
raise bb.process.ExecutionError(command, error)
return output.rstrip()
def create_socorro_sym_file(d, breakpad_sym_file_path, socorro_sym_file_path):
# In the symbol file, all source files are referenced like the following.
# FILE 123 /path/to/some/File.cpp
# Go through all references and replace the file paths with repository
# paths.
with open(breakpad_sym_file_path, 'r') as breakpad_sym_file, \
open(socorro_sym_file_path, 'w') as socorro_sym_file:
for line in breakpad_sym_file:
if line.startswith("FILE "):
socorro_sym_file.write(socorro_file_reference(d, line))
else:
socorro_sym_file.write(line)
return
def socorro_file_reference(d, line):
# The 3rd position is the file path. See example above.
source_file_path = line.split()[2]
source_file_repo_path = repository_path(
d, os.path.normpath(source_file_path))
# If the file could be found in any repository then replace it with the
# repository's path.
if source_file_repo_path:
return line.replace(source_file_path, source_file_repo_path)
return line
def repository_path(d, source_file_path):
if not os.path.isfile(source_file_path):
return None
# Check which VCS is used and use that to extract repository information.
(output, error) = bb.process.run("git status",
cwd=os.path.dirname(source_file_path))
if not error:
# Make sure the git repository we just found wasn't the yocto repository
# itself, i.e. the root of the repository we're looking for must be a
# child of the build directory TOPDIR.
git_root_dir = run_command(
"git rev-parse --show-toplevel", os.path.dirname(source_file_path))
if not git_root_dir.startswith(d.getVar("TOPDIR")):
return None
return git_repository_path(source_file_path)
# Here we can add support for other VCSs like hg, svn, cvs, etc.
# The source file isn't under any VCS so we leave it be.
return None
def is_local_url(url):
return \
url.startswith("file:") or url.startswith("/") or url.startswith("./")
def git_repository_path(source_file_path):
import re
# We need to extract the following.
# (1): VCS URL, (2): branch, (3): repo root directory name, (4): repo file,
# (5): revision.
source_file_dir = os.path.dirname(source_file_path)
# (1) Get the VCS URL and extract the server part, i.e. change the URL from
# gitolite@git.someserver.com:SomeRepo.git to just git.someserver.com.
source_long_url = run_command(
"git config --get remote.origin.url", source_file_dir)
# The URL could be a local download directory. If so, get the URL again
# using the local directory's config file.
if is_local_url(source_long_url):
git_config_file = os.path.join(source_long_url, "config")
source_long_url = run_command(
"git config --file %s --get remote.origin.url" % git_config_file,
source_file_dir)
# If also the download directory redirects to a local git directory,
# then we're probably using source code from a local debug branch which
# won't be accessible by Socorro.
if is_local_url(source_long_url):
return None
# The URL can have several formats. A full list can be found using
# git help clone. Extract the server part with a regex.
url_match = re.search(".*(://|@)([^:/]*).*", source_long_url)
source_server = url_match.group(2)
# (2) Get the branch for this file.
source_branch_list = run_command("git show-branch --list", source_file_dir)
source_branch_match = re.search(".*?\[(.*?)\].*", source_branch_list)
source_branch = source_branch_match.group(1)
# (3) Since the repo root directory name can be changed without affecting
# git, we need to extract the name from something more reliable.
# The git URL has a repo name that we could use. We just need to strip off
# everything around it - from gitolite@git.someserver.com:SomeRepo.git/ to
# SomeRepo.
source_repo_dir = re.sub("/$", "", source_long_url)
source_repo_dir = re.sub("\.git$", "", source_repo_dir)
source_repo_dir = re.sub(".*[:/]", "", source_repo_dir)
# (4) We know the file but want to remove all of the build system dependent
# path up to and including the repository's root directory, e.g. remove
# /home/someuser/dev/repo/projectx/
source_toplevel = run_command(
"git rev-parse --show-toplevel", source_file_dir)
source_toplevel = source_toplevel + os.path.sep
source_file = source_file_path.replace(source_toplevel, "")
# (5) Get the source revision this file is part of.
source_revision = run_command("git rev-parse HEAD", source_file_dir)
# Assemble the repository path according to the Socorro format.
socorro_reference = "git:%s/%s:%s/%s:%s" % \
(source_server, source_branch,
source_repo_dir, source_file,
source_revision)
return socorro_reference
def arrange_socorro_sym_file(socorro_sym_file_path, socorro_syms_dir):
import re
# Breakpad's minidump_stackwalk needs a certain directory structure in order
# to find correct symbols when extracting a stack trace out of a minidump.
# The directory structure must look like the following.
# YourBinary/<hash>/YourBinary.sym
# YourLibrary.so/<hash>/YourLibrary.so.sym
# To be able to create such structure we need to extract the hash value that
# is found in each symbol file. The header of the symbol file looks
# something like this:
# MODULE Linux x86 A079E473106CE51C74C1C25AF536CCD30 YourBinary
# See
# http://code.google.com/p/google-breakpad/wiki/LinuxStarterGuide
# Create the directory with the same name as the binary.
binary_dir = re.sub("\.sym$", "", socorro_sym_file_path)
if not os.path.exists(binary_dir):
os.makedirs(binary_dir)
# Get the hash from the header of the symbol file.
with open(socorro_sym_file_path, 'r') as socorro_sym_file:
# The hash is the 4th argument of the first line.
sym_file_hash = socorro_sym_file.readline().split()[3]
# Create the hash directory.
hash_dir = os.path.join(binary_dir, sym_file_hash)
if not os.path.exists(hash_dir):
os.makedirs(hash_dir)
# Move the symbol file to the hash directory.
sym_file_name = os.path.basename(socorro_sym_file_path)
os.rename(socorro_sym_file_path, os.path.join(hash_dir, sym_file_name))
return