[meta-freescale PATCH 1/3] openssl-qoriq: Sync with OE-Core recipe changes

[meta-freescale PATCH 1/3] openssl-qoriq: Sync with OE-Core recipe changes

[Otavio Salvador]

This synchronizes the OpenSSL recipe with OE-Core as well as includes
the CVE-2016-2178 and CVE-2016-2177 security fixes in this fork.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---

 recipes-connectivity/openssl/openssl-qoriq.inc     |   8 +-
 .../openssl/openssl-qoriq/CVE-2016-2177.patch      | 286 +++++++++++++++++++++
 .../openssl/openssl-qoriq/CVE-2016-2178.patch      |  51 ++++
 .../openssl/openssl-qoriq_1.0.2h.bb                |   2 +
 4 files changed, 345 insertions(+), 2 deletions(-)
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2177.patch
 create mode 100644 recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2178.patch

diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index 8c8c036..dfafaaf 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -8,7 +8,7 @@ SECTION = "libs/network"
 LICENSE = "openssl"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 
-DEPENDS = "hostperl-runtime-native"
+DEPENDS = "makedepend-native hostperl-runtime-native"
 DEPENDS_append_class-target = " openssl-native"
 
 PROVIDES = "openssl"
@@ -95,7 +95,7 @@ do_configure () {
 		target=linux-elf-armeb
 		;;
 	linux-aarch64*)
-		target=linux-aarch64
+		target=linux-generic64
 		;;
 	linux-sh3)
 		target=debian-sh3
@@ -160,10 +160,14 @@ do_compile_prepend_class-target () {
 }
 
 do_compile () {
+	oe_runmake depend
 	oe_runmake
 }
 
 do_compile_ptest () {
+	# build dependencies for test directory too
+	export DIRS="$DIRS test"
+	oe_runmake depend
 	oe_runmake buildtest
 }
 
diff --git a/recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2177.patch b/recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2177.patch
new file mode 100644
index 0000000..df36d5f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2177.patch
@@ -0,0 +1,286 @@
+From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 5 May 2016 11:10:26 +0100
+Subject: [PATCH] Avoid some undefined pointer arithmetic
+
+A common idiom in the codebase is:
+
+if (p + len > limit)
+{
+    return; /* Too long */
+}
+
+Where "p" points to some malloc'd data of SIZE bytes and
+limit == p + SIZE
+
+"len" here could be from some externally supplied data (e.g. from a TLS
+message).
+
+The rules of C pointer arithmetic are such that "p + len" is only well
+defined where len <= SIZE. Therefore the above idiom is actually
+undefined behaviour.
+
+For example this could cause problems if some malloc implementation
+provides an address for "p" such that "p + len" actually overflows for
+values of len that are too big and therefore p + len < limit!
+
+Issue reported by Guido Vranken.
+
+CVE-2016-2177
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+
+Upstream-Status: Backport
+CVE: CVE-2016-2177
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+
+---
+ ssl/s3_srvr.c  | 14 +++++++-------
+ ssl/ssl_sess.c |  2 +-
+ ssl/t1_lib.c   | 56 ++++++++++++++++++++++++++++++--------------------------
+ 3 files changed, 38 insertions(+), 34 deletions(-)
+
+diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
+index ab28702..ab7f690 100644
+--- a/ssl/s3_srvr.c
++++ b/ssl/s3_srvr.c
+@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
+ 
+         session_length = *(p + SSL3_RANDOM_SIZE);
+ 
+-        if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
++        if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
+             al = SSL_AD_DECODE_ERROR;
+             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+             goto f_err;
+@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
+     /* get the session-id */
+     j = *(p++);
+ 
+-    if (p + j > d + n) {
++    if ((d + n) - p < j) {
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+         goto f_err;
+@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
+ 
+     if (SSL_IS_DTLS(s)) {
+         /* cookie stuff */
+-        if (p + 1 > d + n) {
++        if ((d + n) - p < 1) {
+             al = SSL_AD_DECODE_ERROR;
+             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+             goto f_err;
+         }
+         cookie_len = *(p++);
+ 
+-        if (p + cookie_len > d + n) {
++        if ((d + n ) - p < cookie_len) {
+             al = SSL_AD_DECODE_ERROR;
+             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+             goto f_err;
+@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
+         }
+     }
+ 
+-    if (p + 2 > d + n) {
++    if ((d + n ) - p < 2) {
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+         goto f_err;
+@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
+     }
+ 
+     /* i bytes of cipher data + 1 byte for compression length later */
+-    if ((p + i + 1) > (d + n)) {
++    if ((d + n) - p < i + 1) {
+         /* not enough data */
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
+ 
+     /* compression */
+     i = *(p++);
+-    if ((p + i) > (d + n)) {
++    if ((d + n) - p < i) {
+         /* not enough data */
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index b182998..54ee783 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
+     int r;
+ #endif
+ 
+-    if (session_id + len > limit) {
++    if (limit - session_id < len) {
+         fatal = 1;
+         goto err;
+     }
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index fb64607..cdac011 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+         0x02, 0x03,             /* SHA-1/ECDSA */
+     };
+ 
+-    if (data >= (limit - 2))
++    if (limit - data <= 2)
+         return;
+     data += 2;
+ 
+-    if (data > (limit - 4))
++    if (limit - data < 4)
+         return;
+     n2s(data, type);
+     n2s(data, size);
+@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+     if (type != TLSEXT_TYPE_server_name)
+         return;
+ 
+-    if (data + size > limit)
++    if (limit - data < size)
+         return;
+     data += size;
+ 
+@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+         const size_t len1 = sizeof(kSafariExtensionsBlock);
+         const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+ 
+-        if (data + len1 + len2 != limit)
++        if (limit - data != (int)(len1 + len2))
+             return;
+         if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+             return;
+@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+     } else {
+         const size_t len = sizeof(kSafariExtensionsBlock);
+ 
+-        if (data + len != limit)
++        if (limit - data != (int)(len))
+             return;
+         if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+             return;
+@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
+     if (data == limit)
+         goto ri_check;
+ 
+-    if (data > (limit - 2))
++    if (limit - data < 2)
+         goto err;
+ 
+     n2s(data, len);
+ 
+-    if (data + len != limit)
++    if (limit - data != len)
+         goto err;
+ 
+-    while (data <= (limit - 4)) {
++    while (limit - data >= 4) {
+         n2s(data, type);
+         n2s(data, size);
+ 
+-        if (data + size > (limit))
++        if (limit - data < size)
+             goto err;
+ # if 0
+         fprintf(stderr, "Received extension type %d size %d\n", type, size);
+@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
+     if (s->hit || s->cert->srv_ext.meths_count == 0)
+         return 1;
+ 
+-    if (data >= limit - 2)
++    if (limit - data <= 2)
+         return 1;
+     n2s(data, len);
+ 
+-    if (data > limit - len)
++    if (limit - data < len)
+         return 1;
+ 
+-    while (data <= limit - 4) {
++    while (limit - data >= 4) {
+         n2s(data, type);
+         n2s(data, size);
+ 
+-        if (data + size > limit)
++        if (limit - data < size)
+             return 1;
+         if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
+             return 0;
+@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
+                              SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
+ # endif
+ 
+-    if (data >= (d + n - 2))
++    if ((d + n) - data <= 2)
+         goto ri_check;
+ 
+     n2s(data, length);
+-    if (data + length != d + n) {
++    if ((d + n) - data != length) {
+         *al = SSL_AD_DECODE_ERROR;
+         return 0;
+     }
+ 
+-    while (data <= (d + n - 4)) {
++    while ((d + n) - data >= 4) {
+         n2s(data, type);
+         n2s(data, size);
+ 
+-        if (data + size > (d + n))
++        if ((d + n) - data < size)
+             goto ri_check;
+ 
+         if (s->tlsext_debug_cb)
+@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+     /* Skip past DTLS cookie */
+     if (SSL_IS_DTLS(s)) {
+         i = *(p++);
+-        p += i;
+-        if (p >= limit)
++
++        if (limit - p <= i)
+             return -1;
++
++        p += i;
+     }
+     /* Skip past cipher list */
+     n2s(p, i);
+-    p += i;
+-    if (p >= limit)
++    if (limit - p <= i)
+         return -1;
++    p += i;
++
+     /* Skip past compression algorithm list */
+     i = *(p++);
+-    p += i;
+-    if (p > limit)
++    if (limit - p < i)
+         return -1;
++    p += i;
++
+     /* Now at start of extensions */
+-    if ((p + 2) >= limit)
++    if (limit - p <= 2)
+         return 0;
+     n2s(p, i);
+-    while ((p + 4) <= limit) {
++    while (limit - p >= 4) {
+         unsigned short type, size;
+         n2s(p, type);
+         n2s(p, size);
+-        if (p + size > limit)
++        if (limit - p < size)
+             return 0;
+         if (type == TLSEXT_TYPE_session_ticket) {
+             int r;
+-- 
+2.3.5
+
diff --git a/recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2178.patch b/recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2178.patch
new file mode 100644
index 0000000..27ade4e
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/CVE-2016-2178.patch
@@ -0,0 +1,51 @@
+From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001
+From: Cesar Pereida <cesar.pereida@aalto.fi>
+Date: Mon, 23 May 2016 12:45:25 +0300
+Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME
+
+Operations in the DSA signing algorithm should run in constant time in
+order to avoid side channel attacks. A flaw in the OpenSSL DSA
+implementation means that a non-constant time codepath is followed for
+certain operations. This has been demonstrated through a cache-timing
+attack to be sufficient for an attacker to recover the private DSA key.
+
+CVE-2016-2178
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+
+Upstream-Status: Backport
+CVE: CVE-2016-2178
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/dsa/dsa_ossl.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c
+===================================================================
+--- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c
++++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c
+@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C
+         if (!BN_rand_range(&k, dsa->q))
+             goto err;
+     while (BN_is_zero(&k)) ;
+-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+-        BN_set_flags(&k, BN_FLG_CONSTTIME);
+-    }
+ 
+     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C
+     } else {
+         K = &k;
+     }
++
++    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
++        BN_set_flags(K, BN_FLG_CONSTTIME);
++    }
++
+     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+                    dsa->method_mont_p);
+     if (!BN_mod(r, r, dsa->q, ctx))
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
index f67d3de..1c66fb9 100644
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb
@@ -43,6 +43,8 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
             file://ptest_makefile_deps.patch  \
             file://configure-musl-target.patch \
             file://parallel.patch \
+            file://CVE-2016-2177.patch \
+            file://CVE-2016-2178.patch \
            "
 SRC_URI += "file://0001-remove-double-initialization-of-cryptodev-engine.patch \
 	file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
-- 
2.9.3

[meta-freescale PATCH 2/3] qoriq-base.inc: Remove unused SoC family support

[Otavio Salvador]

The SoC family use has been removed in commit 8999634f (Migrate from
SOC_FAMILY to MACHINEOVERRIDES) so the support can be dropped as well.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---

 conf/machine/include/qoriq-base.inc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/conf/machine/include/qoriq-base.inc b/conf/machine/include/qoriq-base.inc
index 0a463ee..1786b00 100644
--- a/conf/machine/include/qoriq-base.inc
+++ b/conf/machine/include/qoriq-base.inc
@@ -1,6 +1,3 @@
-# Provides the QorIQ common settings
-require conf/machine/include/soc-family.inc
-
 # common providers of QorIQ targets
 PREFERRED_PROVIDER_cryptodev-linux = "cryptodev-qoriq-linux"
 PREFERRED_PROVIDER_cryptodev-module = "cryptodev-qoriq-module"
-- 
2.9.3

[meta-freescale PATCH 3/3] qoriq-base.inc: Use 'fsl-dynamic-packagearch' class

[Otavio Salvador]

This ensures PACKAGE_ARCH has a better default.

 - use MACHINE_ARCH for every package depending on virtual/kernel

 - use MACHINE_SOCARCH for every package depending on
   cryptodev-qoriq-linux, cryptodev-qoriq-module, cryptodev-qoriq-test
   or openssl-qoriq;

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---

 conf/machine/include/qoriq-base.inc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/conf/machine/include/qoriq-base.inc b/conf/machine/include/qoriq-base.inc
index 1786b00..7360a75 100644
--- a/conf/machine/include/qoriq-base.inc
+++ b/conf/machine/include/qoriq-base.inc
@@ -17,3 +17,12 @@ MACHINE_EXTRA_RRECOMMENDS += "udev-extraconf udev-rules-qoriq kernel-modules"
 EXTRA_IMAGEDEPENDS += "u-boot cst-native"
 
 MACHINEOVERRIDES =. "qoriq:"
+
+# Sub-architecture support
+MACHINE_SOCARCH_SUFFIX ?= ""
+MACHINE_SOCARCH_SUFFIX_qoriq = "-qoriq"
+
+MACHINE_ARCH_FILTER = "virtual/kernel"
+MACHINE_SOCARCH_FILTER_append_qoriq = " cryptodev-qoriq-linux cryptodev-qoriq-module cryptodev-qoriq-test openssl-qoriq"
+
+INHERIT += "fsl-dynamic-packagearch"
-- 
2.9.3

Re: [meta-freescale PATCH 3/3] qoriq-base.inc: Use 'fsl-dynamic-packagearch' class

[Zhenhua Luo]

Hello Otavio, 

> -----Original Message-----
> From: Otavio Salvador [mailto:otavio@ossystems.com.br]
> Sent: Saturday, September 17, 2016 1:22 AM
> 
> This ensures PACKAGE_ARCH has a better default.
> 
>  - use MACHINE_ARCH for every package depending on virtual/kernel
> 
>  - use MACHINE_SOCARCH for every package depending on
>    cryptodev-qoriq-linux, cryptodev-qoriq-module, cryptodev-qoriq-test
>    or openssl-qoriq;
> 
> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
> ---
> 
>  conf/machine/include/qoriq-base.inc | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/conf/machine/include/qoriq-base.inc b/conf/machine/include/qoriq-
> base.inc
> index 1786b00..7360a75 100644
> --- a/conf/machine/include/qoriq-base.inc
> +++ b/conf/machine/include/qoriq-base.inc
> @@ -17,3 +17,12 @@ MACHINE_EXTRA_RRECOMMENDS += "udev-extraconf
> udev-rules-qoriq kernel-modules"
>  EXTRA_IMAGEDEPENDS += "u-boot cst-native"
> 
>  MACHINEOVERRIDES =. "qoriq:"
> +
> +# Sub-architecture support
> +MACHINE_SOCARCH_SUFFIX ?= ""
> +MACHINE_SOCARCH_SUFFIX_qoriq = "-qoriq"
> +
> +MACHINE_ARCH_FILTER = "virtual/kernel"
[Zhenhua Luo] For the MACHINE_ARCH definition, seems good. 

> +MACHINE_SOCARCH_FILTER_append_qoriq = " cryptodev-qoriq-linux
> cryptodev-qoriq-module cryptodev-qoriq-test openssl-qoriq"
[Zhenhua Luo] I don't understand why the MACHINE_SOCARCH definition is needed for those packages, can you please elaborate? 

> +INHERIT += "fsl-dynamic-packagearch"
[Zhenhua Luo] According to the following code in fsl-dynamic-packagearch.bbclass, the MACHINE_SOCARCH of qoriq-ppc targets will be set to SOCARCH of ARM? This seems to be problematic. 

	ARM_EXTRA_SOCARCH = "${ARMPKGARCH}${ARMPKGSFX_DSP}${ARMPKGSFX_EABI}${ARMPKGSFX_ENDIAN}${ARMPKGSFX_FPU}${MACHINE_SOCARCH_SUFFIX}"
	THUMB_EXTRA_SOCARCH = "${ARMPKGARCH}${ARM_THUMB_SUFFIX}${ARMPKGSFX_DSP}${ARMPKGSFX_EABI}${ARMPKGSFX_ENDIAN}${ARMPKGSFX_FPU}${MACHINE_SOCARCH_SUFFIX}"

	MACHINE_SOCARCH = "${@bb.utils.contains('ARM_INSTRUCTION_SET', 'thumb', '${THUMB_EXTRA_SOCARCH}', '${ARM_EXTRA_SOCARCH}', d)}"


Best Regards, 

Zhenhua 

Re: [meta-freescale PATCH 3/3] qoriq-base.inc: Use 'fsl-dynamic-packagearch' class

[Otavio Salvador]

On Sun, Sep 18, 2016 at 6:13 AM, Zhenhua Luo <zhenhua.luo@nxp.com> wrote:
...
>> +MACHINE_SOCARCH_FILTER_append_qoriq = " cryptodev-qoriq-linux
>> cryptodev-qoriq-module cryptodev-qoriq-test openssl-qoriq"
> [Zhenhua Luo] I don't understand why the MACHINE_SOCARCH definition is needed for those packages, can you please elaborate?

Because it needs to use a different provider for QorIQ machine and as
consequence the packages depending on those also need to be split out.

Without this, following error happens:

ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: If the above
message is too much, the simpler version is you're advised to wipe out
tmp and rebuild (reusing sstate is fine). That will likely fix things
in most (but not all) cases.
ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: Function failed:
sstate_task_postfunc
ERROR: Logfile of failure stored in:
.../build-wayland/tmp/work/cortexa7hf-neon-poky-linux-gnueabi/openssl-qoriq/1.0.2h-r0/temp/log.do_package_write_rpm.5308
recipe openssl-qoriq-1.0.2h-r0: task do_package_write_rpm: Failed
ERROR: Task (.../sources/meta-freescale/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb:do_package_write_rpm)
failed with exit code '1'

>> +INHERIT += "fsl-dynamic-packagearch"
> [Zhenhua Luo] According to the following code in fsl-dynamic-packagearch.bbclass, the MACHINE_SOCARCH of qoriq-ppc targets will be set to SOCARCH of ARM? This seems to be problematic.
>
>         ARM_EXTRA_SOCARCH = "${ARMPKGARCH}${ARMPKGSFX_DSP}${ARMPKGSFX_EABI}${ARMPKGSFX_ENDIAN}${ARMPKGSFX_FPU}${MACHINE_SOCARCH_SUFFIX}"
>         THUMB_EXTRA_SOCARCH = "${ARMPKGARCH}${ARM_THUMB_SUFFIX}${ARMPKGSFX_DSP}${ARMPKGSFX_EABI}${ARMPKGSFX_ENDIAN}${ARMPKGSFX_FPU}${MACHINE_SOCARCH_SUFFIX}"
>
>         MACHINE_SOCARCH = "${@bb.utils.contains('ARM_INSTRUCTION_SET', 'thumb', '${THUMB_EXTRA_SOCARCH}', '${ARM_EXTRA_SOCARCH}', d)}"

Good catch, I did not catch this  as all test cases I had were
ARM-based. I will work on a fix for it.

-- 
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750

Re: [meta-freescale PATCH 3/3] qoriq-base.inc: Use 'fsl-dynamic-packagearch' class

[Zhenhua Luo]

Hello Otavio, 

> -----Original Message-----
> From: Otavio Salvador [mailto:otavio.salvador@ossystems.com.br]
> Sent: Monday, September 19, 2016 6:48 PM
> 
> On Sun, Sep 18, 2016 at 6:13 AM, Zhenhua Luo <zhenhua.luo@nxp.com> wrote:
> ...
> >> +MACHINE_SOCARCH_FILTER_append_qoriq = " cryptodev-qoriq-linux
> >> cryptodev-qoriq-module cryptodev-qoriq-test openssl-qoriq"
> > [Zhenhua Luo] I don't understand why the MACHINE_SOCARCH definition is
> needed for those packages, can you please elaborate?
> 
> Because it needs to use a different provider for QorIQ machine and as
> consequence the packages depending on those also need to be split out.
>
> Without this, following error happens:
> 
> ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: If the above message
> is too much, the simpler version is you're advised to wipe out tmp and rebuild
> (reusing sstate is fine). That will likely fix things in most (but not all) cases.
> ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: Function failed:
> sstate_task_postfunc
> ERROR: Logfile of failure stored in:
> .../build-wayland/tmp/work/cortexa7hf-neon-poky-linux-gnueabi/openssl-
> qoriq/1.0.2h-r0/temp/log.do_package_write_rpm.5308
> recipe openssl-qoriq-1.0.2h-r0: task do_package_write_rpm: Failed
> ERROR: Task (.../sources/meta-freescale/recipes-connectivity/openssl/openssl-
> qoriq_1.0.2h.bb:do_package_write_rpm)
> failed with exit code '1'
[Zhenhua Luo] I still don't know why MACHINE_SOCARCH is needed for openssl and cryptodev, what's the negative impaction without this definition? I didn't meet the build error when openssl-qoriq is built for ls1021atwr, may I know how the issue can be reproduced?

> >> +INHERIT += "fsl-dynamic-packagearch"
> > [Zhenhua Luo] According to the following code in fsl-dynamic-
> packagearch.bbclass, the MACHINE_SOCARCH of qoriq-ppc targets will be set to
> SOCARCH of ARM? This seems to be problematic.
> >
> >         ARM_EXTRA_SOCARCH =
> "${ARMPKGARCH}${ARMPKGSFX_DSP}${ARMPKGSFX_EABI}${ARMPKGSFX_ENDI
> AN}${ARMPKGSFX_FPU}${MACHINE_SOCARCH_SUFFIX}"
> >         THUMB_EXTRA_SOCARCH =
> "${ARMPKGARCH}${ARM_THUMB_SUFFIX}${ARMPKGSFX_DSP}${ARMPKGSFX_E
> ABI}${ARMPKGSFX_ENDIAN}${ARMPKGSFX_FPU}${MACHINE_SOCARCH_SUFFIX
> }"
> >
> >         MACHINE_SOCARCH = "${@bb.utils.contains('ARM_INSTRUCTION_SET',
> 'thumb', '${THUMB_EXTRA_SOCARCH}', '${ARM_EXTRA_SOCARCH}', d)}"
> 
> Good catch, I did not catch this  as all test cases I had were ARM-based. I will
> work on a fix for it.
[Zhenhua Luo] Thanks. 


Best Regards, 

Zhenhua

Re: [meta-freescale PATCH 3/3] qoriq-base.inc: Use 'fsl-dynamic-packagearch' class

[Otavio Salvador]

On Tue, Sep 20, 2016 at 3:25 AM, Zhenhua Luo <zhenhua.luo@nxp.com> wrote:
>> Without this, following error happens:
>>
>> ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: If the above message
>> is too much, the simpler version is you're advised to wipe out tmp and rebuild
>> (reusing sstate is fine). That will likely fix things in most (but not all) cases.
>> ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: Function failed:
>> sstate_task_postfunc
>> ERROR: Logfile of failure stored in:
>> .../build-wayland/tmp/work/cortexa7hf-neon-poky-linux-gnueabi/openssl-
>> qoriq/1.0.2h-r0/temp/log.do_package_write_rpm.5308
>> recipe openssl-qoriq-1.0.2h-r0: task do_package_write_rpm: Failed
>> ERROR: Task (.../sources/meta-freescale/recipes-connectivity/openssl/openssl-
>> qoriq_1.0.2h.bb:do_package_write_rpm)
>> failed with exit code '1'
> [Zhenhua Luo] I still don't know why MACHINE_SOCARCH is needed for openssl and cryptodev, what's the negative impaction without this definition? I didn't meet the build error when openssl-qoriq is built for ls1021atwr, may I know how the issue can be reproduced?

do:

MACHINE=imx7dsabresd bitbake openssl && MACHINE=ls1021atwr bitbake openssl

-- 
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750

Re: [meta-freescale PATCH 3/3] qoriq-base.inc: Use 'fsl-dynamic-packagearch' class

[Zhenhua Luo]

Thanks, I can reproduce the issue and understand the solution now. 


Best Regards, 

Zhenhua

> -----Original Message-----
> From: Otavio Salvador [mailto:otavio.salvador@ossystems.com.br]
> Sent: Wednesday, September 21, 2016 5:57 PM
> To: Zhenhua Luo <zhenhua.luo@nxp.com>
> Cc: Otavio Salvador <otavio@ossystems.com.br>; meta-freescale Mailing List
> <meta-freescale@yoctoproject.org>; White Weng <white.weng@nxp.com>;
> Jun Zhu <junzhu@nxp.com>; Lauren Post <lauren.post@nxp.com>
> Subject: Re: [meta-freescale PATCH 3/3] qoriq-base.inc: Use 'fsl-dynamic-
> packagearch' class
> 
> On Tue, Sep 20, 2016 at 3:25 AM, Zhenhua Luo <zhenhua.luo@nxp.com> wrote:
> >> Without this, following error happens:
> >>
> >> ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: If the above
> >> message is too much, the simpler version is you're advised to wipe
> >> out tmp and rebuild (reusing sstate is fine). That will likely fix things in most
> (but not all) cases.
> >> ERROR: openssl-qoriq-1.0.2h-r0 do_package_write_rpm: Function failed:
> >> sstate_task_postfunc
> >> ERROR: Logfile of failure stored in:
> >> .../build-wayland/tmp/work/cortexa7hf-neon-poky-linux-gnueabi/openssl
> >> -
> >> qoriq/1.0.2h-r0/temp/log.do_package_write_rpm.5308
> >> recipe openssl-qoriq-1.0.2h-r0: task do_package_write_rpm: Failed
> >> ERROR: Task
> >> (.../sources/meta-freescale/recipes-connectivity/openssl/openssl-
> >> qoriq_1.0.2h.bb:do_package_write_rpm)
> >> failed with exit code '1'
> > [Zhenhua Luo] I still don't know why MACHINE_SOCARCH is needed for
> openssl and cryptodev, what's the negative impaction without this definition? I
> didn't meet the build error when openssl-qoriq is built for ls1021atwr, may I
> know how the issue can be reproduced?
> 
> do:
> 
> MACHINE=imx7dsabresd bitbake openssl && MACHINE=ls1021atwr bitbake
> openssl
> 
> --
> Otavio Salvador                             O.S. Systems
> http://www.ossystems.com.br        http://code.ossystems.com.br
> Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750