[meta-networking][PATCH 1/4] ot-br-posix: add recipe for an OpenThread Border Router

[meta-networking][PATCH 1/4] ot-br-posix: add recipe for an OpenThread Border Router

[Stefan Schmidt]

From: Stefan Schmidt <stefan.schmidt@huawei.com>

The OpenThread project is an open source implementation of the Thread
low-power mesh network protocol. In a Thread network devices can have
different roles, and of of these roles is a Border Router that allows a
Thread network to be connected with other IP networks.

Ot-br-posix runs as a systemd service on a standard Linux system to
handle the connection to a Thread network.

The small musl compile fix has been submitted upstream and is pending
while the systemd unit file change is OE specific and avoids having
service dependencies implemented as pre exec hooks.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
---
 ...ce.in-remove-pre-exec-hook-for-mdns-.patch | 35 +++++++++++
 ...lient-add-needed-header-for-fd_set-c.patch | 27 +++++++++
 .../openthread/ot-br-posix_git.bb             | 59 +++++++++++++++++++
 3 files changed, 121 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch
 create mode 100644 meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-web-service-ot-client-add-needed-header-for-fd_set-c.patch
 create mode 100644 meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb

diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch
new file mode 100644
index 000000000..250de4bdd
--- /dev/null
+++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch
@@ -0,0 +1,35 @@
+From ed60d4605b81c43b9ba9504a37835109c247c6f8 Mon Sep 17 00:00:00 2001
+From: Stefan Schmidt <stefan.schmidt@huawei.com>
+Date: Fri, 1 Apr 2022 21:46:03 +0200
+Subject: [PATCH] otbr-agent.service.in: remove pre exec hook for mdns service
+
+It uses the service command which is not available in all cases under
+Yocto/OE. The upstream project uses this mainly with Ubuntu and Raspian
+as testbeds.
+
+In our case we simply ensure that avahi-daemon is installed on the
+system inside the recipe.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
+---
+ src/agent/otbr-agent.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/agent/otbr-agent.service.in b/src/agent/otbr-agent.service.in
+index 8314121347..4c97869def 100644
+--- a/src/agent/otbr-agent.service.in
++++ b/src/agent/otbr-agent.service.in
+@@ -6,7 +6,7 @@ After=dbus.socket
+ 
+ [Service]
+ EnvironmentFile=-@CMAKE_INSTALL_FULL_SYSCONFDIR@/default/otbr-agent
+-@EXEC_START_PRE@ExecStart=@CMAKE_INSTALL_FULL_SBINDIR@/otbr-agent $OTBR_AGENT_OPTS
++ExecStart=@CMAKE_INSTALL_FULL_SBINDIR@/otbr-agent $OTBR_AGENT_OPTS
+ KillMode=mixed
+ Restart=on-failure
+ RestartSec=5
+-- 
+2.35.1
+
diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-web-service-ot-client-add-needed-header-for-fd_set-c.patch b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-web-service-ot-client-add-needed-header-for-fd_set-c.patch
new file mode 100644
index 000000000..9536dd4e2
--- /dev/null
+++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix/0001-web-service-ot-client-add-needed-header-for-fd_set-c.patch
@@ -0,0 +1,27 @@
+From 596eb2b582609794d87f2dbefa4b2e839faf52c8 Mon Sep 17 00:00:00 2001
+From: Stefan Schmidt <stefan.schmidt@huawei.com>
+Date: Fri, 28 May 2021 14:19:53 +0200
+Subject: [PATCH] web-service/ot-client: add needed header for fd_set() call
+
+The select.h header file is needed for fd_set(). Depending on the
+compiler and settings this will result in an error when not included.
+
+Upstream-Status: Pending [https://github.com/openthread/ot-br-posix/pull/1326]
+
+Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
+---
+ src/web/web-service/ot_client.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/web/web-service/ot_client.cpp b/src/web/web-service/ot_client.cpp
+index f151a0126..173cc48e1 100644
+--- a/src/web/web-service/ot_client.cpp
++++ b/src/web/web-service/ot_client.cpp
+@@ -39,6 +39,7 @@
+ #include <string.h>
+ #include <sys/socket.h>
+ #include <sys/un.h>
++#include <sys/select.h>
+ #include <unistd.h>
+ 
+ #include "common/code_utils.hpp"
diff --git a/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb
new file mode 100644
index 000000000..5247ad4db
--- /dev/null
+++ b/meta-networking/recipes-connectivity/openthread/ot-br-posix_git.bb
@@ -0,0 +1,59 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+SUMMARY = "OpenThread Border Router"
+SECTION = "net"
+LICENSE = "BSD-3-Clause & MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=87109e44b2fda96a8991f27684a7349c \
+                    file://third_party/Simple-web-server/repo/LICENSE;md5=852b3f7f320b19f6431487b8b2fb1d74 \
+                    file://third_party/cJSON/repo/LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0 \
+                    file://third_party/http-parser/repo/LICENSE-MIT;md5=9bfa835d048c194ab30487af8d7b3778 \
+                    file://third_party/openthread/repo/LICENSE;md5=543b6fe90ec5901a683320a36390c65f \
+                    "
+DEPENDS = "autoconf-archive dbus readline avahi jsoncpp boost libnetfilter-queue"
+SRCREV = "9ef4e310b05ca0dbecb549e92ce7caa9d7461f19"
+PV = "0.3.0+git${SRCPV}"
+
+SRC_URI = "gitsm://github.com/openthread/ot-br-posix.git;protocol=https;branch=main \
+           file://0001-web-service-ot-client-add-needed-header-for-fd_set-c.patch \
+           file://0001-otbr-agent.service.in-remove-pre-exec-hook-for-mdns-.patch \
+           "
+
+S = "${WORKDIR}/git"
+SYSTEMD_SERVICE:${PN} = "otbr-agent.service"
+
+inherit pkgconfig cmake systemd
+
+EXTRA_OECMAKE = "-DBUILD_TESTING=OFF \
+                 -DOTBR_DBUS=ON \
+                 -DOTBR_REST=ON \
+                 -DOTBR_WEB=OFF \
+                 -DCMAKE_LIBRARY_PATH=${libdir} \
+                 -DOTBR_MDNS=avahi \
+                 -DOTBR_BACKBONE_ROUTER=ON \
+                 -DOTBR_BORDER_ROUTING=ON \
+                 -DOTBR_SRP_ADVERTISING_PROXY=ON \
+                 -DOTBR_BORDER_AGENT=ON \
+                 -DOT_SPINEL_RESET_CONNECTION=ON \
+                 -DOT_TREL=ON \
+                 -DOT_MLR=ON \
+                 -DOT_SRP_SERVER=ON \
+                 -DOT_ECDSA=ON \
+                 -DOT_SERVICE=ON \
+                 -DOTBR_DUA_ROUTING=ON \
+                 -DOT_DUA=ON \
+                 -DOT_BORDER_ROUTING_NAT64=ON \
+                 -DOTBR_DNSSD_DISCOVERY_PROXY=ON \
+                 -DOTBR_INFRA_IF_NAME=eth0 \
+                 -DOTBR_NO_AUTO_ATTACH=1 \
+                 -DOT_REFERENCE_DEVICE=ON \
+                 -DOT_DHCP6_CLIENT=ON \
+                 -DOT_DHCP6_SERVER=ON \
+                 "
+
+RDEPENDS:${PN} = "iproute2 avahi-daemon"
+
+RCONFLICTS:${PN} = "ot-daemon"
+
+FILES:${PN} += "${systemd_unitdir}/*"
+FILES:${PN} += "${datadir}/*"
-- 
2.35.1

[meta-networking][PATCH 2/4] ot-daemon: add recipe for OpenThread daemon

[Stefan Schmidt]

From: Stefan Schmidt <stefan.schmidt@huawei.com>

The OpenThread daemon allows Linuxes devices to participate in a Thread
mesh network without acting as a full border router. The device
participates like any other child or router devices within the network.

This same repo is used for range of different modes to run the
OpenThread code. From bare metal over vendor SDKs to posix platforms.
For this recipe the focus is on the Linux posix implementation and we do
not pull in all the git submodules on purpose.

There are openthread enabled recipes in meta-zephyr for people who want
to also use OpenThread on MCU based platforms on top of Zephyr.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
---
 .../openthread/ot-daemon_git.bb               | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb

diff --git a/meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb b/meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb
new file mode 100644
index 000000000..7bce46e22
--- /dev/null
+++ b/meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb
@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+SUMMARY = "OpenThread Daemon is an OpenThread POSIX build mode that runs OpenThread as a service."
+SECTION = "net"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=543b6fe90ec5901a683320a36390c65f"
+DEPENDS = "readline"
+SRCREV = "7dfde1f12923f03c9680be4d838b94b7a2320324"
+PV = "0.1+git${SRCPV}"
+
+# We are not using the git submodules fetch on purpose. None the third_party
+# components are needed for the plain posix build and we can avoid all the
+# differently licensed code.
+SRC_URI = "git://github.com/openthread/openthread.git;protocol=https;branch=main \
+           "
+
+S = "${WORKDIR}/git"
+
+inherit cmake
+
+EXTRA_OECMAKE = "-DOT_DAEMON=ON \
+                 -DOT_SPINEL_RESET_CONNECTION=ON \
+                 -DOT_THREAD_VERSION=1.2 \
+                 -DOT_COVERAGE=OFF \
+                 -DOT_PLATFORM=posix \
+                 "
-- 
2.35.1

[meta-networking][PATCH 3/4] wpantund: add new recipe

[Stefan Schmidt]

From: Stefan Schmidt <stefan.schmidt@huawei.com>

Wpantund is part of the OpenThread project. It is used in a scenario
where the Thread radio operates as a network co-processor (NCP) that is
connected over SPI/UART/USB to the host.

The project itself is in maintenance-only mode right now as the NCP
architecture has been replaced with radio co-processor (RCP) which is
implemented directly in openthread and ot-br-posix. None the less there
might still be project and products out there using it.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
---
 .../openthread/wpantund_git.bb                | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/openthread/wpantund_git.bb

diff --git a/meta-networking/recipes-connectivity/openthread/wpantund_git.bb b/meta-networking/recipes-connectivity/openthread/wpantund_git.bb
new file mode 100644
index 000000000..d8baacbb3
--- /dev/null
+++ b/meta-networking/recipes-connectivity/openthread/wpantund_git.bb
@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+SUMMARY = "wpantund, Userspace WPAN Network Daemon"
+SECTION = "net"
+LICENSE = "Apache-2.0 & MIT & BSL-1.0 & BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e7820bc7f7d1638a6b54fc2e8d7fb103 \
+                    file://third_party/assert-macros/LICENSE;md5=cbf35ecdc8161026afe4da2906fab204 \
+                    file://third_party/boost/LICENSE;md5=e4224ccaecb14d942c71d31bef20d78c \
+                    file://third_party/fgetln/LICENSE;md5=389e03d2254ecad45d0d9bbdefef7129 \
+                    file://third_party/openthread/LICENSE;md5=543b6fe90ec5901a683320a36390c65f \
+                    file://third_party/pt/LICENSE;md5=dcd598b69cad786beea33da7b1ae14b7 \
+                    "
+DEPENDS = "autoconf-archive dbus readline"
+SRCREV = "0fb1f57e4224e2df3e630e146702bfcf63fbf07a"
+PV = "0.07.01+git${SRCPV}"
+
+SRC_URI = "gitsm://github.com/openthread/wpantund.git;protocol=https;branch=master \
+           "
+
+S = "${WORKDIR}/git"
+
+inherit pkgconfig perlnative autotools
+
+# CVE-2020-8916 has been fixed in commit
+# 3f108441e23e033b936e85be5b6877dd0a1fbf1c which is included in the SRCREV
+CVE_CHECK_IGNORE = "CVE-2020-8916"
-- 
2.35.1

[meta-networking][PATCH 4/4] MAINTAINERS: add entry for OpenThread

[Stefan Schmidt]

From: Stefan Schmidt <stefan.schmidt@huawei.com>

No need to put the pressure of this also on Khem. I am actively working
on this for Oniro and will support this work also upstream here.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
---
 meta-networking/MAINTAINERS | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-networking/MAINTAINERS b/meta-networking/MAINTAINERS
index 77e90668c..ce53ec471 100644
--- a/meta-networking/MAINTAINERS
+++ b/meta-networking/MAINTAINERS
@@ -37,3 +37,7 @@ F:      recipes-*
 NETKIT
 M:      Armin Kuster <akuster808@gmail.com>
 F:      recipes-netkit
+
+OPENTHREAD
+M:      Stefan Schmidt <stefan@datenfreihafen.org>
+F:      recipes-connectivity/openthread/
-- 
2.35.1

Re: [oe] [meta-networking][PATCH 2/4] ot-daemon: add recipe for OpenThread daemon

[Khem Raj]

fails on x86_64/glibc see
https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610

On Mon, Apr 4, 2022 at 9:04 AM Stefan Schmidt <stefan@datenfreihafen.org> wrote:
>
> From: Stefan Schmidt <stefan.schmidt@huawei.com>
>
> The OpenThread daemon allows Linuxes devices to participate in a Thread
> mesh network without acting as a full border router. The device
> participates like any other child or router devices within the network.
>
> This same repo is used for range of different modes to run the
> OpenThread code. From bare metal over vendor SDKs to posix platforms.
> For this recipe the focus is on the Linux posix implementation and we do
> not pull in all the git submodules on purpose.
>
> There are openthread enabled recipes in meta-zephyr for people who want
> to also use OpenThread on MCU based platforms on top of Zephyr.
>
> Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
> ---
>  .../openthread/ot-daemon_git.bb               | 27 +++++++++++++++++++
>  1 file changed, 27 insertions(+)
>  create mode 100644 meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb
>
> diff --git a/meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb b/meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb
> new file mode 100644
> index 000000000..7bce46e22
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/openthread/ot-daemon_git.bb
> @@ -0,0 +1,27 @@
> +# SPDX-FileCopyrightText: Huawei Inc.
> +#
> +# SPDX-License-Identifier: Apache-2.0
> +SUMMARY = "OpenThread Daemon is an OpenThread POSIX build mode that runs OpenThread as a service."
> +SECTION = "net"
> +LICENSE = "BSD-3-Clause"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=543b6fe90ec5901a683320a36390c65f"
> +DEPENDS = "readline"
> +SRCREV = "7dfde1f12923f03c9680be4d838b94b7a2320324"
> +PV = "0.1+git${SRCPV}"
> +
> +# We are not using the git submodules fetch on purpose. None the third_party
> +# components are needed for the plain posix build and we can avoid all the
> +# differently licensed code.
> +SRC_URI = "git://github.com/openthread/openthread.git;protocol=https;branch=main \
> +           "
> +
> +S = "${WORKDIR}/git"
> +
> +inherit cmake
> +
> +EXTRA_OECMAKE = "-DOT_DAEMON=ON \
> +                 -DOT_SPINEL_RESET_CONNECTION=ON \
> +                 -DOT_THREAD_VERSION=1.2 \
> +                 -DOT_COVERAGE=OFF \
> +                 -DOT_PLATFORM=posix \
> +                 "
> --
> 2.35.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#96379): https://lists.openembedded.org/g/openembedded-devel/message/96379
> Mute This Topic: https://lists.openembedded.org/mt/90240938/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [oe] [meta-networking][PATCH 2/4] ot-daemon: add recipe for OpenThread daemon

[Stefan Schmidt]

Hello Khem.

On 05.04.22 05:16, Khem Raj wrote:
> fails on x86_64/glibc see
> https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610

Ah, its not x86_64/glibc (I tested this) but the fact that the 
autobuilder uses poky and I tested here without DISTRO in openembedded core.

Seems the code base it not happy about the gcc changes to warn on the 
combination of _FORTIFY_SOURCE and non-optimized code:

error: #warning _FORTIFY_SOURCE requires compiling with optimization 
(-O) [-Werror=cpp]

Will fix and resend.

regards
Stefan Schmidt

Re: [oe] [meta-networking][PATCH 2/4] ot-daemon: add recipe for OpenThread daemon

[Khem Raj]

[-- Attachment #1: Type: text/plain, Size: 802 bytes --]

On Tue, Apr 5, 2022 at 4:39 AM Stefan Schmidt <stefan@datenfreihafen.org>
wrote:

>
> Hello Khem.
>
> On 05.04.22 05:16, Khem Raj wrote:
> > fails on x86_64/glibc see
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610
>
> Ah, its not x86_64/glibc (I tested this) but the fact that the
> autobuilder uses poky and I tested here without DISTRO in openembedded
> core.
>
> Seems the code base it not happy about the gcc changes to warn on the
> combination of _FORTIFY_SOURCE and non-optimized code:
>
> error: #warning _FORTIFY_SOURCE requires compiling with optimization
> (-O) [-Werror=cpp]


Hmm so you are not using security flags ?
That’s not good :) you should inherit good defaults


>
> Will fix and resend.
>
> regards
> Stefan Schmidt
>

[-- Attachment #2: Type: text/html, Size: 1454 bytes --]

Re: [oe] [meta-networking][PATCH 2/4] ot-daemon: add recipe for OpenThread daemon

[Stefan Schmidt]

Hello Khem.

On 05.04.22 20:08, Khem Raj wrote:
> 
> 
> On Tue, Apr 5, 2022 at 4:39 AM Stefan Schmidt <stefan@datenfreihafen.org 
> <mailto:stefan@datenfreihafen.org>> wrote:
> 
> 
>     Hello Khem.
> 
>     On 05.04.22 05:16, Khem Raj wrote:
>      > fails on x86_64/glibc see
>      >
>     https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610
>     <https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610>
> 
>     Ah, its not x86_64/glibc (I tested this) but the fact that the
>     autobuilder uses poky and I tested here without DISTRO in
>     openembedded core.
> 
>     Seems the code base it not happy about the gcc changes to warn on the
>     combination of _FORTIFY_SOURCE and non-optimized code:
> 
>     error: #warning _FORTIFY_SOURCE requires compiling with optimization
>     (-O) [-Werror=cpp]
> 
> 
> Hmm so you are not using security flags ?

You mean Oniro is not using them? Not sure I can follow you train of 
thoughts here. :-)

> That’s not good :) you should inherit good defaults

The problem above was from the autobuilder error you pointed me to, 
building with Poky not Oniro.

-O2 -D_FORTIFY_SOURCE=2 itself works on the upstream code base, but it 
needs optimization enabled (as the error message states). No idea why 
that went wrong on the autobuilder.

regards
Stefan Schmidt

Re: [oe] [meta-networking][PATCH 2/4] ot-daemon: add recipe for OpenThread daemon

[Khem Raj]

On Thu, Apr 7, 2022 at 3:28 PM Stefan Schmidt <stefan@datenfreihafen.org> wrote:
>
>
> Hello Khem.
>
> On 05.04.22 20:08, Khem Raj wrote:
> >
> >
> > On Tue, Apr 5, 2022 at 4:39 AM Stefan Schmidt <stefan@datenfreihafen.org
> > <mailto:stefan@datenfreihafen.org>> wrote:
> >
> >
> >     Hello Khem.
> >
> >     On 05.04.22 05:16, Khem Raj wrote:
> >      > fails on x86_64/glibc see
> >      >
> >     https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610
> >     <https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610>
> >
> >     Ah, its not x86_64/glibc (I tested this) but the fact that the
> >     autobuilder uses poky and I tested here without DISTRO in
> >     openembedded core.
> >
> >     Seems the code base it not happy about the gcc changes to warn on the
> >     combination of _FORTIFY_SOURCE and non-optimized code:
> >
> >     error: #warning _FORTIFY_SOURCE requires compiling with optimization
> >     (-O) [-Werror=cpp]
> >
> >
> > Hmm so you are not using security flags ?
>
> You mean Oniro is not using them? Not sure I can follow you train of
> thoughts here. :-)

poky defaults now a days include security_flags.inc which enables
fortify and other
good security stuff from compiler's point of view. So it seems your
distro is not inheriting
all the default distro policies was what I was trying to point at.

>
> > That’s not good :) you should inherit good defaults
>
> The problem above was from the autobuilder error you pointed me to,
> building with Poky not Oniro.
>
> -O2 -D_FORTIFY_SOURCE=2 itself works on the upstream code base, but it
> needs optimization enabled (as the error message states). No idea why
> that went wrong on the autobuilder.

-O2 is also poky default via SELECTED_OPTIMIZATION. So unless recipe is doing
something exotic to ignore these flags then it might happen because
SECURITY_FLAGS
are passed via CC not CFLAGS unlike SELECTED_OPTIMIZATION which is passed via
CFLAGS.

>
> regards
> Stefan Schmidt

Re: [oe] [meta-networking][PATCH 2/4] ot-daemon: add recipe for OpenThread daemon

[Stefan Schmidt]

Hello.

On 07.04.22 21:36, Khem Raj wrote:
> On Thu, Apr 7, 2022 at 3:28 PM Stefan Schmidt <stefan@datenfreihafen.org> wrote:
>>
>>
>> Hello Khem.
>>
>> On 05.04.22 20:08, Khem Raj wrote:
>>>
>>>
>>> On Tue, Apr 5, 2022 at 4:39 AM Stefan Schmidt <stefan@datenfreihafen.org
>>> <mailto:stefan@datenfreihafen.org>> wrote:
>>>
>>>
>>>      Hello Khem.
>>>
>>>      On 05.04.22 05:16, Khem Raj wrote:
>>>       > fails on x86_64/glibc see
>>>       >
>>>      https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610
>>>      <https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1610>
>>>
>>>      Ah, its not x86_64/glibc (I tested this) but the fact that the
>>>      autobuilder uses poky and I tested here without DISTRO in
>>>      openembedded core.
>>>
>>>      Seems the code base it not happy about the gcc changes to warn on the
>>>      combination of _FORTIFY_SOURCE and non-optimized code:
>>>
>>>      error: #warning _FORTIFY_SOURCE requires compiling with optimization
>>>      (-O) [-Werror=cpp]
>>>
>>>
>>> Hmm so you are not using security flags ?
>>
>> You mean Oniro is not using them? Not sure I can follow you train of
>> thoughts here. :-)
> 
> poky defaults now a days include security_flags.inc which enables
> fortify and other
> good security stuff from compiler's point of view. So it seems your
> distro is not inheriting
> all the default distro policies was what I was trying to point at.

We actually included security_flags.inc from the very beginning. :-)
First in oniro-linux only and since March also in oniro-zephyr.

regards
Stefan Schmidt