[pyro] some backported patches

[pyro] some backported patches

[André Draszik]

Hi,

Can these fixes/patches from master please be applied to pyro.


Cheers,
Andre'

[pyro][PATCH 01/17] gdb: fix gdbserver not working in musl/mips context

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

Similar to
  https://bugs.lede-project.org/index.php?do=details&task_id=637&openedfrom=-1%2Bweek

Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 0b9d94a5e54191f93659f7b4e7a3cb4376487823)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/recipes-devtools/gdb/gdb-7.12.1.inc           |  1 +
 ..._gdb_patches_120-sigprocmask-invalid-call.patch | 45 ++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch

diff --git a/meta/recipes-devtools/gdb/gdb-7.12.1.inc b/meta/recipes-devtools/gdb/gdb-7.12.1.inc
index b15a2b5832..634756ce45 100644
--- a/meta/recipes-devtools/gdb/gdb-7.12.1.inc
+++ b/meta/recipes-devtools/gdb/gdb-7.12.1.inc
@@ -15,6 +15,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \
            file://0008-Use-exorted-definitions-of-SIGRTMIN.patch \
            file://0009-Change-order-of-CFLAGS.patch \
            file://0010-resolve-restrict-keyword-conflict.patch \
+           file://package_devel_gdb_patches_120-sigprocmask-invalid-call.patch \
 "
 SRC_URI[md5sum] = "193453347ddced7acb6b1cd2ee8f2e4b"
 SRC_URI[sha256sum] = "4607680b973d3ec92c30ad029f1b7dbde3876869e6b3a117d8a7e90081113186"
diff --git a/meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch b/meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch
new file mode 100644
index 0000000000..c5484f789d
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/package_devel_gdb_patches_120-sigprocmask-invalid-call.patch
@@ -0,0 +1,45 @@
+From 56893a61aa4f0270fa8d1197b9848247f90fce0d Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Fri, 24 Mar 2017 10:36:03 +0800
+Subject: [PATCH] Fix invalid sigprocmask call
+
+The POSIX document says
+
+    The pthread_sigmask() and sigprocmask() functions shall fail if:
+
+    [EINVAL]
+    The value of the how argument is not equal to one of the defined values.
+
+and this is how musl-libc is currently doing.  Fix the call to be safe
+and correct
+
+ [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_sigmask.html
+
+gdb/ChangeLog:
+2017-03-24  Yousong Zhou  <yszhou4tech@gmail.com>
+
+    * common/signals-state-save-restore.c (save_original_signals_state):
+    Fix invalid sigprocmask call.
+---
+Upstream-Status: Pending [not author, cherry-picked from LEDE https://bugs.lede-project.org/index.php?do=details&task_id=637&openedfrom=-1%2Bweek]
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+ gdb/ChangeLog                           | 5 +++++
+ gdb/common/signals-state-save-restore.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/gdb/common/signals-state-save-restore.c b/gdb/common/signals-state-save-restore.c
+index d11a9ae..734335c 100644
+--- a/gdb/common/signals-state-save-restore.c
++++ b/gdb/common/signals-state-save-restore.c
+@@ -41,7 +41,7 @@ save_original_signals_state (void)
+   int i;
+   int res;
+ 
+-  res = sigprocmask (0,  NULL, &original_signal_mask);
++  res = sigprocmask (SIG_BLOCK,  NULL, &original_signal_mask);
+   if (res == -1)
+     perror_with_name (("sigprocmask"));
+ 
+-- 
+2.6.4
+
-- 
2.14.2

[pyro][PATCH 02/17] busybox: fix a linking issue

[André Draszik]

From: Ming Liu <peter.x.liu@external.atlascopco.com>

A following linking error was observed:
| ==========
| archival/lib.a(tar.o): In function `tar_main':
| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
| ld: busybox_unstripped: hidden symbol `unpack_Z_stream' isn't defined
| ld: final link failed: Bad value

this happened with clang compiler, with the following configs:
| CONFIG_TAR=y
| # CONFIG_FEATURE_SEAMLESS_Z is not set

which can be fixed by adding IF_FEATURE_* checks in.

Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 789254b5ae983a94346f53de18286713b80eb5f2)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 .../busybox-tar-add-IF_FEATURE_-checks.patch       | 70 ++++++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.24.1.bb        |  1 +
 2 files changed, 71 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch

diff --git a/meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch b/meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch
new file mode 100644
index 0000000000..0c3c9c0f42
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/busybox-tar-add-IF_FEATURE_-checks.patch
@@ -0,0 +1,70 @@
+From f94412f6bb49136694c5478d0aecb19118d1b08d Mon Sep 17 00:00:00 2001
+From: Ming Liu <peter.x.liu@external.atlascopco.com>
+Date: Wed, 31 May 2017 11:48:09 +0200
+Subject: [PATCH] tar: add IF_FEATURE_* checks
+
+A following linking error was observed:
+| ==========
+| archival/lib.a(tar.o): In function `tar_main':
+| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
+| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
+| ld: busybox_unstripped: hidden symbol `unpack_Z_stream' isn't defined
+| ld: final link failed: Bad value
+
+this happened with clang compiler, with the following configs:
+| CONFIG_TAR=y
+| # CONFIG_FEATURE_SEAMLESS_Z is not set
+
+which can be fixed by adding IF_FEATURE_* checks in.
+
+Upstream-Status: Pending [ Sent to busybox upstream on 2017-06-02 ]
+
+Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
+---
+ archival/tar.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/archival/tar.c b/archival/tar.c
+index b70e00a..7598b71 100644
+--- a/archival/tar.c
++++ b/archival/tar.c
+@@ -1216,21 +1216,26 @@ int tar_main(int argc UNUSED_PARAM, char **argv)
+ 		USE_FOR_MMU(IF_DESKTOP(long long) int FAST_FUNC (*xformer)(transformer_state_t *xstate);)
+ 		USE_FOR_NOMMU(const char *xformer_prog;)
+ 
+-		if (opt & OPT_COMPRESS)
+-			USE_FOR_MMU(xformer = unpack_Z_stream;)
++		if (opt & OPT_COMPRESS) {
++			USE_FOR_MMU(IF_FEATURE_SEAMLESS_Z(xformer = unpack_Z_stream;))
+ 			USE_FOR_NOMMU(xformer_prog = "uncompress";)
+-		if (opt & OPT_GZIP)
+-			USE_FOR_MMU(xformer = unpack_gz_stream;)
++		}
++		if (opt & OPT_GZIP) {
++			USE_FOR_MMU(IF_FEATURE_SEAMLESS_GZ(xformer = unpack_gz_stream;))
+ 			USE_FOR_NOMMU(xformer_prog = "gunzip";)
+-		if (opt & OPT_BZIP2)
+-			USE_FOR_MMU(xformer = unpack_bz2_stream;)
++		}
++		if (opt & OPT_BZIP2) {
++			USE_FOR_MMU(IF_FEATURE_SEAMLESS_BZ2(xformer = unpack_bz2_stream;))
+ 			USE_FOR_NOMMU(xformer_prog = "bunzip2";)
+-		if (opt & OPT_LZMA)
+-			USE_FOR_MMU(xformer = unpack_lzma_stream;)
++		}
++		if (opt & OPT_LZMA) {
++			USE_FOR_MMU(IF_FEATURE_SEAMLESS_LZMA(xformer = unpack_lzma_stream;))
+ 			USE_FOR_NOMMU(xformer_prog = "unlzma";)
+-		if (opt & OPT_XZ)
+-			USE_FOR_MMU(xformer = unpack_xz_stream;)
++		}
++		if (opt & OPT_XZ) {
++			USE_FOR_MMU(IF_FEATURE_SEAMLESS_XZ(xformer = unpack_xz_stream;))
+ 			USE_FOR_NOMMU(xformer_prog = "unxz";)
++		}
+ 
+ 		fork_transformer_with_sig(tar_handle->src_fd, xformer, xformer_prog);
+ 		/* Can't lseek over pipes */
+-- 
+2.7.4
+
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index e26dfff776..a97847d7c6 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -57,6 +57,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-libiproute-handle-table-ids-larger-than-255.patch \
            file://ifupdown-pass-interface-device-name-for-ipv6-route-c.patch \
            file://BUG9071_buffer_overflow_arp.patch \
+           file://busybox-tar-add-IF_FEATURE_-checks.patch \
 "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 
-- 
2.14.2

[pyro][PATCH 03/17] busybox: add backported patch to support iproute 'scope'

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

This is needed for avahi-autoipd, which attempts to
create a link-scope route as part of its work.

Without iproute scope support in busybox, the route is
not created due to an error message, and hence we
aren't accessible by, and can't access ourselves,
IP addresses outside the link-local scope
(169.254.0.0/16) unless we also have a proper
non link-local IP address, which somehow defeats the
purpose of zeroconf.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit bd06a1cbe8e97b7f66979b12d4d248092379df4a)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 ...mproper-optimization-req.r.rtm_scope-may-.patch |  33 ++++++
 .../0001-iproute-support-scope-.-Closes-8561.patch | 122 +++++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.24.1.bb        |   2 +
 3 files changed, 157 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch

diff --git a/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch b/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch
new file mode 100644
index 0000000000..812a507489
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch
@@ -0,0 +1,33 @@
+From 34ecc3b7aefdd6c31e8691bd5485037bbabedbd4 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Sun, 14 Aug 2016 01:30:34 +0200
+Subject: [PATCH] ip: fix an improper optimization: req.r.rtm_scope may be
+ nonzero here
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+Upstream-Status: Backport
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+
+ networking/libiproute/iproute.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/networking/libiproute/iproute.c b/networking/libiproute/iproute.c
+index e674e9a0d..48dc6e3d9 100644
+--- a/networking/libiproute/iproute.c
++++ b/networking/libiproute/iproute.c
+@@ -362,10 +362,9 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ 		req.r.rtm_scope = RT_SCOPE_NOWHERE;
+ 
+ 	if (cmd != RTM_DELROUTE) {
++		req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+ 		if (RTPROT_BOOT != 0)
+ 			req.r.rtm_protocol = RTPROT_BOOT;
+-		if (RT_SCOPE_UNIVERSE != 0)
+-			req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+ 		if (RTN_UNICAST != 0)
+ 			req.r.rtm_type = RTN_UNICAST;
+ 	}
+-- 
+2.11.0
+
diff --git a/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch b/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch
new file mode 100644
index 0000000000..66bc76e65e
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch
@@ -0,0 +1,122 @@
+From ce4bc1ed048233e89ee4cb95830bf6f01d523d1e Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 30 Dec 2015 17:32:51 +0100
+Subject: [PATCH] iproute: support "scope". Closes 8561
+
+function                                             old     new   delta
+iproute_modify                                      1051    1120     +69
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+Upstream-Status: Backport
+Modified patch to build against busybox 1.24.1:
+- s/invarg_1_to_2/invarg
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+---
+ networking/libiproute/iproute.c | 52 ++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 19 deletions(-)
+
+diff --git a/networking/libiproute/iproute.c b/networking/libiproute/iproute.c
+index d232ee6fd..82827488f 100644
+--- a/networking/libiproute/iproute.c
++++ b/networking/libiproute/iproute.c
+@@ -313,12 +313,13 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
+ static int iproute_modify(int cmd, unsigned flags, char **argv)
+ {
+ 	static const char keywords[] ALIGN1 =
+-		"src\0""via\0""mtu\0""lock\0""protocol\0"IF_FEATURE_IP_RULE("table\0")
++		"src\0""via\0""mtu\0""lock\0""scope\0""protocol\0"IF_FEATURE_IP_RULE("table\0")
+ 		"dev\0""oif\0""to\0""metric\0""onlink\0";
+ 	enum {
+ 		ARG_src,
+ 		ARG_via,
+ 		ARG_mtu, PARM_lock,
++		ARG_scope,
+ 		ARG_protocol,
+ IF_FEATURE_IP_RULE(ARG_table,)
+ 		ARG_dev,
+@@ -344,6 +345,7 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ 	unsigned mxlock = 0;
+ 	char *d = NULL;
+ 	smalluint ok = 0;
++	smalluint scope_ok = 0;
+ 	int arg;
+ 
+ 	memset(&req, 0, sizeof(req));
+@@ -352,15 +354,18 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ 	req.n.nlmsg_flags = NLM_F_REQUEST | flags;
+ 	req.n.nlmsg_type = cmd;
+ 	req.r.rtm_family = preferred_family;
+-	if (RT_TABLE_MAIN) /* if it is zero, memset already did it */
++	if (RT_TABLE_MAIN != 0) /* if it is zero, memset already did it */
+ 		req.r.rtm_table = RT_TABLE_MAIN;
+-	if (RT_SCOPE_NOWHERE)
++	if (RT_SCOPE_NOWHERE != 0)
+ 		req.r.rtm_scope = RT_SCOPE_NOWHERE;
+ 
+ 	if (cmd != RTM_DELROUTE) {
+-		req.r.rtm_protocol = RTPROT_BOOT;
+-		req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+-		req.r.rtm_type = RTN_UNICAST;
++		if (RTPROT_BOOT != 0)
++			req.r.rtm_protocol = RTPROT_BOOT;
++		if (RT_SCOPE_UNIVERSE != 0)
++			req.r.rtm_scope = RT_SCOPE_UNIVERSE;
++		if (RTN_UNICAST != 0)
++			req.r.rtm_type = RTN_UNICAST;
+ 	}
+ 
+ 	mxrta->rta_type = RTA_METRICS;
+@@ -393,6 +398,13 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ 			}
+ 			mtu = get_unsigned(*argv, "mtu");
+ 			rta_addattr32(mxrta, sizeof(mxbuf), RTAX_MTU, mtu);
++		} else if (arg == ARG_scope) {
++			uint32_t scope;
++			NEXT_ARG();
++			if (rtnl_rtscope_a2n(&scope, *argv))
++				invarg(*argv, "scope");
++			req.r.rtm_scope = scope;
++			scope_ok = 1;
+ 		} else if (arg == ARG_protocol) {
+ 			uint32_t prot;
+ 			NEXT_ARG();
+@@ -469,20 +481,22 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ 		addattr_l(&req.n, sizeof(req), RTA_METRICS, RTA_DATA(mxrta), RTA_PAYLOAD(mxrta));
+ 	}
+ 
+-	if (req.r.rtm_type == RTN_LOCAL || req.r.rtm_type == RTN_NAT)
+-		req.r.rtm_scope = RT_SCOPE_HOST;
+-	else
+-	if (req.r.rtm_type == RTN_BROADCAST
+-	 || req.r.rtm_type == RTN_MULTICAST
+-	 || req.r.rtm_type == RTN_ANYCAST
+-	) {
+-		req.r.rtm_scope = RT_SCOPE_LINK;
+-	}
+-	else if (req.r.rtm_type == RTN_UNICAST || req.r.rtm_type == RTN_UNSPEC) {
+-		if (cmd == RTM_DELROUTE)
+-			req.r.rtm_scope = RT_SCOPE_NOWHERE;
+-		else if (!(ok & gw_ok))
++	if (!scope_ok) {
++		if (req.r.rtm_type == RTN_LOCAL || req.r.rtm_type == RTN_NAT)
++			req.r.rtm_scope = RT_SCOPE_HOST;
++		else
++		if (req.r.rtm_type == RTN_BROADCAST
++		 || req.r.rtm_type == RTN_MULTICAST
++		 || req.r.rtm_type == RTN_ANYCAST
++		) {
+ 			req.r.rtm_scope = RT_SCOPE_LINK;
++		}
++		else if (req.r.rtm_type == RTN_UNICAST || req.r.rtm_type == RTN_UNSPEC) {
++			if (cmd == RTM_DELROUTE)
++				req.r.rtm_scope = RT_SCOPE_NOWHERE;
++			else if (!(ok & gw_ok))
++				req.r.rtm_scope = RT_SCOPE_LINK;
++		}
+ 	}
+ 
+ 	if (req.r.rtm_family == AF_UNSPEC) {
+-- 
+2.11.0
+
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index a97847d7c6..6ccbffd97b 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -58,6 +58,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://ifupdown-pass-interface-device-name-for-ipv6-route-c.patch \
            file://BUG9071_buffer_overflow_arp.patch \
            file://busybox-tar-add-IF_FEATURE_-checks.patch \
+           file://0001-iproute-support-scope-.-Closes-8561.patch \
+           file://0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch \
 "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 
-- 
2.14.2

[pyro][PATCH 04/17] openssh: allow to override OpenSSL HostKeys when read-only-rootfs

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

With these changes it is possible to have a .bbappend that
- sets SYSCONFDIR to some persistent storage
- modifies SYSCONFDIR/sshd_config to use ssh host keys from
  the (writable) sysconfdir

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 106b59d9f96f70d133fa1421091ad280d27a5b6a)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/rootfs-postcommands.bbclass       |  4 +--
 meta/recipes-connectivity/openssh/openssh/init | 46 +++++++++++++++++++++++---
 2 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index 2503d89e28..4b91972ce7 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -91,10 +91,10 @@ read_only_rootfs_hook () {
 	# and the keys under /var/run/ssh.
 	if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then
 		if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then
-			echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
+			echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh
 			echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh
 		else
-			echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
+			echo "SYSCONFDIR=\${SYSCONFDIR:-/var/run/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh
 			echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh
 		fi
 	fi
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init
index 1f63725cc0..386628afc8 100644
--- a/meta/recipes-connectivity/openssh/openssh/init
+++ b/meta/recipes-connectivity/openssh/openssh/init
@@ -19,10 +19,24 @@ fi
 [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
 mkdir -p $SYSCONFDIR
 
-HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
-HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
-HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
+parse_sshd_opts() {
+    set -- ${SSHD_OPTS} --
+    sshd_config=/etc/ssh/sshd_config
+    while true ; do
+        case "$1" in
+        -f*) if [ "$1" = "-f" ] ; then
+                 sshd_config="$2"
+                 shift
+             else
+                 sshd_config="${1#-f}"
+             fi
+             shift
+             ;;
+        --) shift; break;;
+        *) shift;;
+        esac
+    done
+}
 
 check_for_no_start() {
     # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
@@ -45,21 +59,45 @@ check_config() {
 }
 
 check_keys() {
+	# parse location of keys
+	local HOST_KEY_RSA
+	local HOST_KEY_DSA
+	local HOST_KEY_ECDSA
+	local HOST_KEY_ED25519
+
+	parse_sshd_opts
+	HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
+	HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
+	HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
+	HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
+	[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
+
 	# create keys if necessary
 	if [ ! -f $HOST_KEY_RSA ]; then
 		echo "  generating ssh RSA key..."
+		mkdir -p $(dirname $HOST_KEY_RSA)
 		ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
 	fi
 	if [ ! -f $HOST_KEY_ECDSA ]; then
 		echo "  generating ssh ECDSA key..."
+		mkdir -p $(dirname $HOST_KEY_ECDSA)
 		ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
 	fi
 	if [ ! -f $HOST_KEY_DSA ]; then
 		echo "  generating ssh DSA key..."
+		mkdir -p $(dirname $HOST_KEY_DSA)
 		ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
 	fi
 	if [ ! -f $HOST_KEY_ED25519 ]; then
 		echo "  generating ssh ED25519 key..."
+		mkdir -p $(dirname $HOST_KEY_ED25519)
 		ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
 	fi
 }
-- 
2.14.2

[pyro][PATCH 05/17] selftest/archiver: add tests for recipe type filtering

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

The archiver used to be able to filter based on COPYLEFT_RECIPE_TYPES.

Unfortunately, this got broken with the fix for
  https://bugzilla.yoctoproject.org/show_bug.cgi?id=6929
in commit ae9102bda398 ("copyleft_filter.bbclass: Allow to filter on name")

Add two tests to prevent that from happening again.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 709f02c5cb25983090251c6237bac4fc0a295c4f)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/lib/oeqa/selftest/archiver.py | 76 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/meta/lib/oeqa/selftest/archiver.py b/meta/lib/oeqa/selftest/archiver.py
index d7f215cbf6..06b2597050 100644
--- a/meta/lib/oeqa/selftest/archiver.py
+++ b/meta/lib/oeqa/selftest/archiver.py
@@ -41,3 +41,79 @@ class Archiver(oeSelfTest):
         # Check that exclude_recipe was excluded
         excluded_present = len(glob.glob(src_path + '/%s-*' % exclude_recipe))
         self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % exclude_recipe)
+
+
+    def test_archiver_filters_by_type(self):
+        """
+        Summary:     The archiver is documented to filter on the recipe type.
+        Expected:    1. included recipe type (target) should be included
+                     2. other types should be excluded
+        Product:     oe-core
+        Author:      André Draszik <adraszik@tycoint.com>
+        """
+
+        target_recipe = 'initscripts'
+        native_recipe = 'zlib-native'
+
+        features = 'INHERIT += "archiver"\n'
+        features += 'ARCHIVER_MODE[src] = "original"\n'
+        features += 'COPYLEFT_RECIPE_TYPES = "target"\n'
+        self.write_config(features)
+
+        bitbake('-c clean %s %s' % (target_recipe, native_recipe))
+        bitbake("%s -c deploy_archives %s" % (target_recipe, native_recipe))
+
+        bb_vars = get_bb_vars(['DEPLOY_DIR_SRC', 'TARGET_SYS', 'BUILD_SYS'])
+        src_path_target = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS'])
+        src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS'])
+
+        # Check that target_recipe was included
+        included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipe))
+        self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipe)
+
+        # Check that native_recipe was excluded
+        excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipe))
+        self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipe)
+
+    def test_archiver_filters_by_type_and_name(self):
+        """
+        Summary:     Test that the archiver archives by recipe type, taking the
+                     recipe name into account.
+        Expected:    1. included recipe type (target) should be included
+                     2. other types should be excluded
+                     3. recipe by name should be included / excluded,
+                        overriding previous decision by type
+        Product:     oe-core
+        Author:      André Draszik <adraszik@tycoint.com>
+        """
+
+        target_recipes = [ 'initscripts', 'zlib' ]
+        native_recipes = [ 'update-rc.d-native', 'zlib-native' ]
+
+        features = 'INHERIT += "archiver"\n'
+        features += 'ARCHIVER_MODE[src] = "original"\n'
+        features += 'COPYLEFT_RECIPE_TYPES = "target"\n'
+        features += 'COPYLEFT_PN_INCLUDE = "%s"\n' % native_recipes[1]
+        features += 'COPYLEFT_PN_EXCLUDE = "%s"\n' % target_recipes[1]
+        self.write_config(features)
+
+        bitbake('-c clean %s %s' % (' '.join(target_recipes), ' '.join(native_recipes)))
+        bitbake('-c deploy_archives %s %s' % (' '.join(target_recipes), ' '.join(native_recipes)))
+
+        bb_vars = get_bb_vars(['DEPLOY_DIR_SRC', 'TARGET_SYS', 'BUILD_SYS'])
+        src_path_target = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS'])
+        src_path_native = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['BUILD_SYS'])
+
+        # Check that target_recipe[0] and native_recipes[1] were included
+        included_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[0]))
+        self.assertTrue(included_present, 'Recipe %s was not included.' % target_recipes[0])
+
+        included_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[1]))
+        self.assertTrue(included_present, 'Recipe %s was not included.' % native_recipes[1])
+
+        # Check that native_recipes[0] and target_recipes[1] were excluded
+        excluded_present = len(glob.glob(src_path_native + '/%s-*' % native_recipes[0]))
+        self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % native_recipes[0])
+
+        excluded_present = len(glob.glob(src_path_target + '/%s-*' % target_recipes[1]))
+        self.assertFalse(excluded_present, 'Recipe %s was not excluded.' % target_recipes[1])
-- 
2.14.2

[pyro][PATCH 06/17] selftest/archiver: only execute deploy_archives task

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

There should be no reason to execute a full build, as we're
just interested in the deployment of the archives.

The newly added tests already do the same.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 78c2897dff7cd9fe2cab511549cb146d5231e573)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/lib/oeqa/selftest/archiver.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/archiver.py b/meta/lib/oeqa/selftest/archiver.py
index 06b2597050..7f01c36d4e 100644
--- a/meta/lib/oeqa/selftest/archiver.py
+++ b/meta/lib/oeqa/selftest/archiver.py
@@ -29,7 +29,7 @@ class Archiver(oeSelfTest):
         self.write_config(features)
 
         bitbake('-c clean %s %s' % (include_recipe, exclude_recipe))
-        bitbake("%s %s" % (include_recipe, exclude_recipe))
+        bitbake("-c deploy_archives %s %s" % (include_recipe, exclude_recipe))
 
         bb_vars = get_bb_vars(['DEPLOY_DIR_SRC', 'TARGET_SYS'])
         src_path = os.path.join(bb_vars['DEPLOY_DIR_SRC'], bb_vars['TARGET_SYS'])
-- 
2.14.2

[pyro][PATCH 07/17] copyleft_filter.bbclass: restore possiblity to filter on type

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

Since the changes introduced in ae9102bda398
("copyleft_filter.bbclass: Allow to filter on name"), it is
impossible to filter on the recipe type, all recipes are
treated as though they should be included if the license
matches, irrespective of the COPYLEFT_RECIPE_TYPES
variable.

Fix this.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit e612dfa520c7d7ecf58006e82189be601204f38d)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/copyleft_filter.bbclass | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/classes/copyleft_filter.bbclass b/meta/classes/copyleft_filter.bbclass
index 5867bb9f7e..c36bce431a 100644
--- a/meta/classes/copyleft_filter.bbclass
+++ b/meta/classes/copyleft_filter.bbclass
@@ -47,27 +47,27 @@ def copyleft_should_include(d):
     import oe.license
     from fnmatch import fnmatchcase as fnmatch
 
-    included, motive = False, 'recipe did not match anything'
-
     recipe_type = d.getVar('COPYLEFT_RECIPE_TYPE')
     if recipe_type not in oe.data.typed_value('COPYLEFT_RECIPE_TYPES', d):
-        include, motive = False, 'recipe type "%s" is excluded' % recipe_type
+        included, motive = False, 'recipe type "%s" is excluded' % recipe_type
+    else:
+        included, motive = False, 'recipe did not match anything'
 
-    include = oe.data.typed_value('COPYLEFT_LICENSE_INCLUDE', d)
-    exclude = oe.data.typed_value('COPYLEFT_LICENSE_EXCLUDE', d)
+        include = oe.data.typed_value('COPYLEFT_LICENSE_INCLUDE', d)
+        exclude = oe.data.typed_value('COPYLEFT_LICENSE_EXCLUDE', d)
 
-    try:
-        is_included, reason = oe.license.is_included(d.getVar('LICENSE'), include, exclude)
-    except oe.license.LicenseError as exc:
-        bb.fatal('%s: %s' % (d.getVar('PF'), exc))
-    else:
-        if is_included:
-            if reason:
-                included, motive = True, 'recipe has included licenses: %s' % ', '.join(reason)
-            else:
-                included, motive = False, 'recipe does not include a copyleft license'
+        try:
+            is_included, reason = oe.license.is_included(d.getVar('LICENSE'), include, exclude)
+        except oe.license.LicenseError as exc:
+            bb.fatal('%s: %s' % (d.getVar('PF'), exc))
         else:
-            included, motive = False, 'recipe has excluded licenses: %s' % ', '.join(reason)
+            if is_included:
+                if reason:
+                    included, motive = True, 'recipe has included licenses: %s' % ', '.join(reason)
+                else:
+                    included, motive = False, 'recipe does not include a copyleft license'
+            else:
+                included, motive = False, 'recipe has excluded licenses: %s' % ', '.join(reason)
 
     if any(fnmatch(d.getVar('PN'), name) \
             for name in oe.data.typed_value('COPYLEFT_PN_INCLUDE', d)):
-- 
2.14.2

[pyro][PATCH 08/17] debianutils: Add a native version (for run-parts)

[André Draszik]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

(cherry picked from commit 46985e66c193ad2aa9b575aeab5c78740bc5a4ed)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/recipes-support/debianutils/debianutils_4.8.1.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/debianutils/debianutils_4.8.1.bb b/meta/recipes-support/debianutils/debianutils_4.8.1.bb
index 54c345ea25..12c63ee1ea 100644
--- a/meta/recipes-support/debianutils/debianutils_4.8.1.bb
+++ b/meta/recipes-support/debianutils/debianutils_4.8.1.bb
@@ -34,7 +34,7 @@ PACKAGES =+ "${PN}-run-parts"
 FILES_${PN}-run-parts = "${base_bindir}/run-parts.debianutils"
 
 RDEPENDS_${PN} += "${PN}-run-parts"
-
+RDEPENDS_${PN}_class-native = ""
 
 ALTERNATIVE_PRIORITY="30"
 ALTERNATIVE_${PN} = "add-shell installkernel remove-shell savelog tempfile which"
@@ -50,3 +50,5 @@ ALTERNATIVE_LINK_NAME[run-parts]="${base_bindir}/run-parts"
 ALTERNATIVE_LINK_NAME[savelog]="${bindir}/savelog"
 ALTERNATIVE_LINK_NAME[tempfile]="${base_bindir}/tempfile"
 ALTERNATIVE_LINK_NAME[which]="${bindir}/which"
+
+BBCLASSEXTEND = "native"
-- 
2.14.2

[pyro][PATCH 09/17] ca-certificates: Fix postinst dependency issues

[André Draszik]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We were relying on running ca-certificates from the -native version. This
meant the host and target path layouts had to match which might not be true,
it certainly isn't true for the sdk builds.

There was a dependency on run-parts which wasn't represented (we can get it
from busybox or debianutils).

Since this is an allarch script, call the script directly, making sure debianutils
and openssl are available as postinst rootfs time to resolve the issues.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

(cherry picked from commit d9575e05f2cb8bf293534c036ddc0d0336701256)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 .../ca-certificates/ca-certificates_20161130.bb               | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb b/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb
index 42088b9899..c282ace264 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb
@@ -8,10 +8,11 @@ LICENSE = "GPL-2.0+ & MPL-2.0"
 LIC_FILES_CHKSUM = "file://debian/copyright;md5=e7358b9541ccf3029e9705ed8de57968"
 
 # This is needed to ensure we can run the postinst at image creation time
-DEPENDS = "ca-certificates-native"
+DEPENDS = ""
 DEPENDS_class-native = "openssl-native"
-DEPENDS_class-nativesdk = "ca-certificates-native openssl-native"
-PACKAGE_WRITE_DEPS += "ca-certificates-native"
+DEPENDS_class-nativesdk = "openssl-native"
+# Need c_rehash from openssl and run-parts from debianutils
+PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
 SRCREV = "61b70a1007dc269d56881a0d480fc841daacc77c"
 
@@ -63,7 +64,7 @@ do_install_append_class-target () {
 }
 
 pkg_postinst_${PN} () {
-    SYSROOT="$D" update-ca-certificates
+    SYSROOT="$D" $D${sbindir}/update-ca-certificates
 }
 
 CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
@@ -71,7 +72,7 @@ CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
 # Postinsts don't seem to be run for nativesdk packages when populating SDKs.
 CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
 do_install_append_class-nativesdk () {
-    SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
+    SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
 }
 
 do_install_append_class-native () {
-- 
2.14.2

[pyro][PATCH 10/17] kernel-uimage.bbclass: Fix up generation of uImage from vmlinux

[André Draszik]

From: Nathan Rossi <nathan@nathanrossi.com>

Fix up the generation of uImage from vmlinux when KEEPUIMAGE != 'yes'.
This fixes up the working directory that do_uboot_mkimage is run from,
such that it is run from the ${B} directory to access built artefacts.

Simplify the logic in the task so that the parse step either adds the
task or not if the conditions are met. This reduces the need for the
task to run in cases when it is not used. The task is also changed to
depend on the kernel_link_images task as arch/<arch>/boot/* is not
available until after kernel_link_images in certain cases (e.g.
vmlinux/uImage only KERNEL_IMAGETYPES).

Fix up the use of ${S}/vmlinux when pulling the entry symbols
address so that it accesses the vmlinux in ${B}.

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit e0b4f018d1c2a65e66c81e5be1da8894e9a6c132)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/kernel-uimage.bbclass | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/meta/classes/kernel-uimage.bbclass b/meta/classes/kernel-uimage.bbclass
index 19c6ade507..7c026abf0b 100644
--- a/meta/classes/kernel-uimage.bbclass
+++ b/meta/classes/kernel-uimage.bbclass
@@ -15,23 +15,21 @@ python __anonymous () {
             typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or ""
             if "uImage" in typeformake.split():
                 d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('uImage', 'vmlinux'))
+
+            # Enable building of uImage with mkimage
+            bb.build.addtask('do_uboot_mkimage', 'do_install', 'do_kernel_link_images', d)
 }
 
+do_uboot_mkimage[dirs] += "${B}"
 do_uboot_mkimage() {
-	if echo "${KERNEL_IMAGETYPES}" | grep -wq "uImage"; then
-		if test "x${KEEPUIMAGE}" != "xyes" ; then
-			uboot_prep_kimage
-
-			ENTRYPOINT=${UBOOT_ENTRYPOINT}
-			if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
-				ENTRYPOINT=`${HOST_PREFIX}nm ${S}/vmlinux | \
-					awk '$3=="${UBOOT_ENTRYSYMBOL}" {print $1}'`
-			fi
+	uboot_prep_kimage
 
-			uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
-			rm -f linux.bin
-		fi
+	ENTRYPOINT=${UBOOT_ENTRYPOINT}
+	if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
+		ENTRYPOINT=`${HOST_PREFIX}nm ${B}/vmlinux | \
+			awk '$3=="${UBOOT_ENTRYSYMBOL}" {print $1}'`
 	fi
-}
 
-addtask uboot_mkimage before do_install after do_compile
+	uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
+	rm -f linux.bin
+}
-- 
2.14.2

[pyro][PATCH 11/17] kernel-fitimage: sanitize dtb section name (unbreak MIPS)

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

We can't build fitImages for MIPS any more:
| Error: fit-image.its:21.27-28 syntax error
| FATAL ERROR: Unable to parse input tree
| uboot-mkimage: Can't read arch/mips/boot/fitImage.tmp: Invalid argument

Since commit cd2ed7f80b555add07795cc0cbaee866e6c193a3
("kernel-fitimage: dtb sections named by their filenames
and one config section for each dtb"), commit
1ec405ef5df82884c8997878bbe6c66d924b5127 in yocto, dtb
sections are named by the DTB filename, but the filename
can legally be in a subdirectory below
arch/$arch/boot/dts/, and on MIPS all DTBs are actually
in a subdirectory.

If so, mkimage fails with the above error message.

Unbreak this by replacing the offending character
(directory separator /)

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 335fc50cf54e47db4e3d5c35a9846484faf0270f)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/kernel-fitimage.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 2630b47316..6f1b7667bc 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -351,6 +351,7 @@ fitimage_assemble() {
 				DTB_PATH="arch/${ARCH}/boot/${DTB}"
 			fi
 
+			DTB=$(echo "${DTB}" | tr '/' '_')
 			DTBS="${DTBS} ${DTB}"
 			fitimage_emit_section_dtb ${1} ${DTB} ${DTB_PATH}
 		done
-- 
2.14.2

[pyro][PATCH 12/17] kernel-fitimage: unbreak UBOOT_ENTRYSYMBOL support

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

- vmlinux is located in ${B}, not ${S}.
- parsing of nm output got broken completely in commit
  b406a89935f148779569fa3770776e009dd51f13 ("kernel-fitimage: add
  initramfs support"), commit ec755d2524fcbd9dfded23a576f25c990d405a6c
  in yocto

While at it, make awk exit on match to save a few CPU cycles.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 9d2ec9c046c4a9c6a842d28133d40639f5a65297)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/kernel-fitimage.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 6f1b7667bc..5583b4472e 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -97,8 +97,8 @@ fitimage_emit_section_kernel() {
 
 	ENTRYPOINT=${UBOOT_ENTRYPOINT}
 	if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
-		ENTRYPOINT=`${HOST_PREFIX}nm ${S}/vmlinux | \
-			awk '$4=="${UBOOT_ENTRYSYMBOL}" {print $2}'`
+		ENTRYPOINT=`${HOST_PREFIX}nm vmlinux | \
+			awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
 	fi
 
 	cat << EOF >> ${1}
-- 
2.14.2

[pyro][PATCH 13/17] kernel-uimage: optimise UBOOT_ENTRYSYMBOL support

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

This is the remaining local change to a fix similar to
commit e0b4f018d1c2 ("kernel-uimage.bbclass: Fix up
generation of uImage from vmlinux"):

Make awk exit on match to save a few CPU cycles so as
to make this similar to kernel-fitimage.bbclass

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 614e8be7a89a2f2113fa40b11e7a05b9e8155f6a)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/kernel-uimage.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel-uimage.bbclass b/meta/classes/kernel-uimage.bbclass
index 7c026abf0b..1d8656e76e 100644
--- a/meta/classes/kernel-uimage.bbclass
+++ b/meta/classes/kernel-uimage.bbclass
@@ -27,7 +27,7 @@ do_uboot_mkimage() {
 	ENTRYPOINT=${UBOOT_ENTRYPOINT}
 	if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
 		ENTRYPOINT=`${HOST_PREFIX}nm ${B}/vmlinux | \
-			awk '$3=="${UBOOT_ENTRYSYMBOL}" {print $1}'`
+			awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
 	fi
 
 	uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
-- 
2.14.2

[pyro][PATCH 14/17] kernel-uboot: support compressed kernel on MIPS

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

MIPS generates vmlinuz.bin when compression in the kernel build is
enabled, including any necessary objcopy so we can leverage that
and skip our manual invocation of objcopy here. We just have to
put the file into the right place for the rest of the build to
find it.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 00bc7682473c2558d72ba42c182f8e3bd445f8af)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/kernel-uboot.bbclass | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/meta/classes/kernel-uboot.bbclass b/meta/classes/kernel-uboot.bbclass
index 868e97d7a7..87f02654fa 100644
--- a/meta/classes/kernel-uboot.bbclass
+++ b/meta/classes/kernel-uboot.bbclass
@@ -3,13 +3,19 @@ uboot_prep_kimage() {
 		vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux"
 		linux_suffix=""
 		linux_comp="none"
+	elif [ -e arch/${ARCH}/boot/vmlinuz.bin ]; then
+		rm -f linux.bin
+		cp -l arch/${ARCH}/boot/vmlinuz.bin linux.bin
+		vmlinux_path=""
+		linux_suffix=""
+		linux_comp="none"
 	else
 		vmlinux_path="vmlinux"
 		linux_suffix=".gz"
 		linux_comp="gzip"
 	fi
 
-	${OBJCOPY} -O binary -R .note -R .comment -S "${vmlinux_path}" linux.bin
+	[ -n "${vmlinux_path}" ] && ${OBJCOPY} -O binary -R .note -R .comment -S "${vmlinux_path}" linux.bin
 
 	if [ "${linux_comp}" != "none" ] ; then
 		gzip -9 linux.bin
-- 
2.14.2

[pyro][PATCH 15/17] kernel-fitimage: support MIPS (compressed)

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

On MIPS, the compressed kernel image target is vmlinuz.bin

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

(cherry picked from commit 74d97569aa4e0f82e094a539dec302076103affa)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/kernel-fitimage.bbclass | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 5583b4472e..179185b6b2 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -7,7 +7,9 @@ python __anonymous () {
         depends = "%s u-boot-mkimage-native dtc-native" % depends
         d.setVar("DEPENDS", depends)
 
-        if d.getVar("UBOOT_ARCH") == "x86":
+        if d.getVar("UBOOT_ARCH") == "mips":
+            replacementtype = "vmlinuz.bin"
+        elif d.getVar("UBOOT_ARCH") == "x86":
             replacementtype = "bzImage"
         else:
             replacementtype = "zImage"
-- 
2.14.2

[pyro][PATCH 16/17] curl: enable threaded resolver

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

Multi-threaded applications using libcurl crash
on DNS timeouts when built using OE.

The reason is as follows:
By default, libcurl implements DNS timeouts using a
timer (alarm()) and a pair of setjmp()/longjmp().
This approach is unsafe in multi-threaded applications
for various reasons, as e.g. explained in the relevant
man-pages.

To avoid this, libcurl can be compiled with a built-in
threaded resolver, or against the c-ares asynchronous
resolver library.

To keep extra dependencies to a minimum, and to mimic
other distributions (debian at least), and because
c-ares is not available in OE-core, add a PACKAGECONFIG
to be able to enable use of of the built-in threaded
resolver and enable it by default.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

(cherry picked from commit 41f1e44fce976c4140cda62a41349e91e69d04ef)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/recipes-support/curl/curl_7.53.1.bb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-support/curl/curl_7.53.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb
index bc78ffb07e..a3d7cb949d 100644
--- a/meta/recipes-support/curl/curl_7.53.1.bb
+++ b/meta/recipes-support/curl/curl_7.53.1.bb
@@ -20,9 +20,9 @@ SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59b
 CVE_PRODUCT = "libcurl"
 inherit autotools pkgconfig binconfig multilib_header
 
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls proxy zlib"
-PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib"
-PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls proxy threaded-resolver zlib"
+PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver zlib"
+PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver zlib"
 
 PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
 PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
@@ -42,6 +42,7 @@ PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
 PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl"
 PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
 PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
+PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver"
 PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
 PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
 
-- 
2.14.2

[pyro][PATCH 17/17] useradd-staticids: don't create username-group if gid is specified

[André Draszik]

From: André Draszik <adraszik@tycoint.com>

Adding distcc to an image, and having staticids enabled,
doesn't work as it causes a a superfluous 'distcc' group
being added using a conflicting  GID, thus failing the
build:
 | ERROR: distcc-3.2-r0 do_prepare_recipe_sysroot: distcc: groupadd command did not succeed.

Compared to other recipes, the distcc recipe only
specifies --gid for the primary group, and doesn't specify
--no-user-group, but when --gid is given, it doesn't make
sense to create a matching username-group in addition,
even if --no-user-group was not specified, and 'useradd'
actually complains if --gid and --user-group are given
both.

If only --gid is given, the current code in here
effectively behaves as if --user-group was specified,
taking the group-id of the username-group from the
--gid parameter. This causes the error above, as we try
to add a new group (distcc) with an existing group-id
(nogroup).

This is contrary to the comment in this file just above,
contrary to what useradd can do, contrary to behaviour
without the useradd-staticids bbclass, and non-intuitive.

Change the code such that a username-group is only created
- if a primary group using --gid was not specified, or
- if --no-user-group was not specified

To be in line with useradd, if gid is not given, and
--no-user-group is given, we add the user to the group
'users', which mimics useradd's behaviour.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

(cherry picked from commit fc3a86ae68919cec72c1a8ae0f9ba1f98ae13f0d)
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
 meta/classes/useradd-staticids.bbclass | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/meta/classes/useradd-staticids.bbclass b/meta/classes/useradd-staticids.bbclass
index 2d282c0d71..6ebf7600f6 100644
--- a/meta/classes/useradd-staticids.bbclass
+++ b/meta/classes/useradd-staticids.bbclass
@@ -141,9 +141,13 @@ def update_useradd_static_config(d):
             # So if the implicit username-group creation is on, then the implicit groupname (LOGIN)
             # is used, and we disable the user_group option.
             #
-            user_group = uaargs.user_group is None or uaargs.user_group is True
-            uaargs.groupname = uaargs.LOGIN if user_group else uaargs.gid
-            uaargs.groupid = field[3] or uaargs.gid or uaargs.groupname
+            if uaargs.gid:
+                uaargs.groupname = uaargs.gid
+            elif uaargs.user_group is not False:
+                uaargs.groupname = uaargs.LOGIN
+            else:
+                uaargs.groupname = 'users'
+            uaargs.groupid = field[3] or uaargs.groupname
 
             if uaargs.groupid and uaargs.gid != uaargs.groupid:
                 newgroup = None
-- 
2.14.2

Re: [pyro][PATCH 04/17] openssh: allow to override OpenSSL HostKeys when read-only-rootfs

[Joshua Watt]

On Fri, 2017-10-06 at 13:12 +0100, André Draszik wrote:
> From: André Draszik <adraszik@tycoint.com>
> 
> With these changes it is possible to have a .bbappend that
> - sets SYSCONFDIR to some persistent storage
> - modifies SYSCONFDIR/sshd_config to use ssh host keys from
>   the (writable) sysconfdir
> 
> Signed-off-by: André Draszik <adraszik@tycoint.com>
> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> 
> (cherry picked from commit 106b59d9f96f70d133fa1421091ad280d27a5b6a)
> Signed-off-by: André Draszik <adraszik@tycoint.com>
> ---
>  meta/classes/rootfs-postcommands.bbclass       |  4 +--
>  meta/recipes-connectivity/openssh/openssh/init | 46
> +++++++++++++++++++++++---
>  2 files changed, 44 insertions(+), 6 deletions(-)
> 
> diff --git a/meta/classes/rootfs-postcommands.bbclass
> b/meta/classes/rootfs-postcommands.bbclass
> index 2503d89e28..4b91972ce7 100644
> --- a/meta/classes/rootfs-postcommands.bbclass
> +++ b/meta/classes/rootfs-postcommands.bbclass
> @@ -91,10 +91,10 @@ read_only_rootfs_hook () {
>  	# and the keys under /var/run/ssh.
>  	if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then
>  		if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ];
> then
> -			echo "SYSCONFDIR=/etc/ssh" >>
> ${IMAGE_ROOTFS}/etc/default/ssh
> +			echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}"
> >> ${IMAGE_ROOTFS}/etc/default/ssh
>  			echo "SSHD_OPTS=" >>
> ${IMAGE_ROOTFS}/etc/default/ssh
>  		else
> -			echo "SYSCONFDIR=/var/run/ssh" >>
> ${IMAGE_ROOTFS}/etc/default/ssh
> +			echo "SYSCONFDIR=\${SYSCONFDIR:-
> /var/run/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh
>  			echo "SSHD_OPTS='-f
> /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh
>  		fi
>  	fi
> diff --git a/meta/recipes-connectivity/openssh/openssh/init
> b/meta/recipes-connectivity/openssh/openssh/init
> index 1f63725cc0..386628afc8 100644
> --- a/meta/recipes-connectivity/openssh/openssh/init
> +++ b/meta/recipes-connectivity/openssh/openssh/init
> @@ -19,10 +19,24 @@ fi
>  [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
>  mkdir -p $SYSCONFDIR
>  
> -HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
> -HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
> -HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
> -HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
> +parse_sshd_opts() {
> +    set -- ${SSHD_OPTS} --
> +    sshd_config=/etc/ssh/sshd_config
> +    while true ; do
> +        case "$1" in
> +        -f*) if [ "$1" = "-f" ] ; then
> +                 sshd_config="$2"
> +                 shift
> +             else
> +                 sshd_config="${1#-f}"
> +             fi
> +             shift
> +             ;;
> +        --) shift; break;;
> +        *) shift;;
> +        esac
> +    done
> +}
>  
>  check_for_no_start() {
>      # forget it if we're trying to start, and
> /etc/ssh/sshd_not_to_be_run exists
> @@ -45,21 +59,45 @@ check_config() {
>  }
>  
>  check_keys() {
> +	# parse location of keys
> +	local HOST_KEY_RSA
> +	local HOST_KEY_DSA
> +	local HOST_KEY_ECDSA
> +	local HOST_KEY_ED25519
> +
> +	parse_sshd_opts
> +	HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ |
> tail -1 | awk ' { print $2 } ')
> +	[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey
> "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
> +	[ -z "${HOST_KEY_RSA}" ] &&
> HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
> +	HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ |
> tail -1 | awk ' { print $2 } ')
> +	[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey
> "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
> +	[ -z "${HOST_KEY_DSA}" ] &&
> HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
> +	HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep
> _ecdsa_ | tail -1 | awk ' { print $2 } ')
> +	[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey
> "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
> +	[ -z "${HOST_KEY_ECDSA}" ] &&
> HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
> +	HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep
> _ed25519_ | tail -1 | awk ' { print $2 } ')
> +	[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep
> HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print
> $2 } ')
> +	[ -z "${HOST_KEY_ED25519}" ] &&
> HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
> +
>  	# create keys if necessary
>  	if [ ! -f $HOST_KEY_RSA ]; then
>  		echo "  generating ssh RSA key..."
> +		mkdir -p $(dirname $HOST_KEY_RSA)
>  		ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
>  	fi
>  	if [ ! -f $HOST_KEY_ECDSA ]; then
>  		echo "  generating ssh ECDSA key..."
> +		mkdir -p $(dirname $HOST_KEY_ECDSA)
>  		ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
>  	fi
>  	if [ ! -f $HOST_KEY_DSA ]; then
>  		echo "  generating ssh DSA key..."
> +		mkdir -p $(dirname $HOST_KEY_DSA)
>  		ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
>  	fi
>  	if [ ! -f $HOST_KEY_ED25519 ]; then
>  		echo "  generating ssh ED25519 key..."
> +		mkdir -p $(dirname $HOST_KEY_ED25519)
>  		ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
>  	fi
>  }
> -- 
> 2.14.2
> 

If you are backporting this, please also backport
ae32558a19ae3b3f175365dc0e10fa74a91e28ce (https://patchwork.openembedde
d.org/series/7509/)

Re: [pyro] some backported patches

[akuster808]

Andre


On 10/06/2017 05:12 AM, André Draszik wrote:
> Hi,
>
> Can these fixes/patches from master please be applied to pyro.
I have integrated this series into my stagging. I ran into a build
issue. I need to sort out if this came in with this set of other
backports I have pending.

regards,
Armin
>
>
> Cheers,
> Andre'
>

Re: [pyro] some backported patches

[André Draszik]

Hi Armin,

On Tue, 2017-10-10 at 07:58 -0700, akuster808 wrote:
> Andre
> 
> 
> On 10/06/2017 05:12 AM, André Draszik wrote:
> > Hi,
> > 
> > Can these fixes/patches from master please be applied to pyro.
> 
> I have integrated this series into my stagging. I ran into a build
> issue. I need to sort out if this came in with this set of other
> backports I have pending.

Thanks. Do you need any help?

Cheers,
Andre'