* [PATCH] ca-certificates: prevent executing update-ca-certificates from host system @ 2017-08-17 14:44 Andrej Valek 2017-08-17 16:31 ` Richard Purdie 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-17 14:44 UTC (permalink / raw) To: openembedded-core Signed-off-by: Andrej Valek <andrej.valek@siemens.com> --- meta/recipes-support/ca-certificates/ca-certificates_20161130.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb b/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb index 9a80f43..771714d 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb @@ -72,7 +72,7 @@ CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" # Postinsts don't seem to be run for nativesdk packages when populating SDKs. CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" do_install_append_class-nativesdk () { - SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates + SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates } do_install_append_class-native () { -- 2.1.4 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-17 14:44 [PATCH] ca-certificates: prevent executing update-ca-certificates from host system Andrej Valek @ 2017-08-17 16:31 ` Richard Purdie 2017-08-18 6:26 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Richard Purdie @ 2017-08-17 16:31 UTC (permalink / raw) To: Andrej Valek, openembedded-core On Thu, 2017-08-17 at 16:44 +0200, Andrej Valek wrote: > Signed-off-by: Andrej Valek <andrej.valek@siemens.com> > --- > meta/recipes-support/ca-certificates/ca-certificates_20161130.bb | 2 > +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-support/ca-certificates/ca- > certificates_20161130.bb b/meta/recipes-support/ca-certificates/ca- > certificates_20161130.bb > index 9a80f43..771714d 100644 > --- a/meta/recipes-support/ca-certificates/ca- > certificates_20161130.bb > +++ b/meta/recipes-support/ca-certificates/ca- > certificates_20161130.bb > @@ -72,7 +72,7 @@ CONFFILES_${PN} += "${sysconfdir}/ca- > certificates.conf" > # Postinsts don't seem to be run for nativesdk packages when > populating SDKs. > CONFFILES_${PN}_append_class-nativesdk = " > ${sysconfdir}/ssl/certs/ca-certificates.crt" > do_install_append_class-nativesdk () { > - SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates > + SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca- > certificates > } > > do_install_append_class-native () { Since the HOSTTOOLS changes, this should no longer be needed? Cheers, Richard ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-17 16:31 ` Richard Purdie @ 2017-08-18 6:26 ` Andrej Valek 2017-08-18 9:35 ` Richard Purdie 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-18 6:26 UTC (permalink / raw) To: Richard Purdie, openembedded-core Yes, for actual branch is not required. But for branches like krogoth and morty, where HOSTTOOLS is not implemented, is this necessary. Andrej On 08/17/2017 06:31 PM, Richard Purdie wrote: > On Thu, 2017-08-17 at 16:44 +0200, Andrej Valek wrote: >> Signed-off-by: Andrej Valek <andrej.valek@siemens.com> >> --- >> meta/recipes-support/ca-certificates/ca-certificates_20161130.bb | 2 >> +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/meta/recipes-support/ca-certificates/ca- >> certificates_20161130.bb b/meta/recipes-support/ca-certificates/ca- >> certificates_20161130.bb >> index 9a80f43..771714d 100644 >> --- a/meta/recipes-support/ca-certificates/ca- >> certificates_20161130.bb >> +++ b/meta/recipes-support/ca-certificates/ca- >> certificates_20161130.bb >> @@ -72,7 +72,7 @@ CONFFILES_${PN} += "${sysconfdir}/ca- >> certificates.conf" >> # Postinsts don't seem to be run for nativesdk packages when >> populating SDKs. >> CONFFILES_${PN}_append_class-nativesdk = " >> ${sysconfdir}/ssl/certs/ca-certificates.crt" >> do_install_append_class-nativesdk () { >> - SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates >> + SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca- >> certificates >> } >> >> do_install_append_class-native () { > > Since the HOSTTOOLS changes, this should no longer be needed? > > Cheers, > > Richard > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-18 6:26 ` Andrej Valek @ 2017-08-18 9:35 ` Richard Purdie 2017-08-18 10:05 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Richard Purdie @ 2017-08-18 9:35 UTC (permalink / raw) To: Andrej Valek, openembedded-core On Fri, 2017-08-18 at 08:26 +0200, Andrej Valek wrote: > Yes, for actual branch is not required. But for branches like krogoth > and morty, where HOSTTOOLS is not implemented, is this necessary. Lets just apply this to krogoth/morty then... Cheers, Richard ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-18 9:35 ` Richard Purdie @ 2017-08-18 10:05 ` Andrej Valek 2017-08-18 15:46 ` Randy MacLeod 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-18 10:05 UTC (permalink / raw) To: Richard Purdie, openembedded-core OK thank You, so please merge it into these branches. Regards, Andrej On 08/18/2017 11:35 AM, Richard Purdie wrote: > On Fri, 2017-08-18 at 08:26 +0200, Andrej Valek wrote: >> Yes, for actual branch is not required. But for branches like krogoth >> and morty, where HOSTTOOLS is not implemented, is this necessary. > > Lets just apply this to krogoth/morty then... > > Cheers, > > Richard > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-18 10:05 ` Andrej Valek @ 2017-08-18 15:46 ` Randy MacLeod 2017-08-21 6:12 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Randy MacLeod @ 2017-08-18 15:46 UTC (permalink / raw) To: Andrej Valek, Richard Purdie, openembedded-core, Armin Kuster On 2017-08-18 06:05 AM, Andrej Valek wrote: > OK thank You, so please merge it into these branches. Add Armin, who maintains those branches: https://wiki.yoctoproject.org/wiki/Releases Is Krogoth still maintained? It's listed at Stable in the link above. ../Randy > > Regards, > Andrej > > On 08/18/2017 11:35 AM, Richard Purdie wrote: >> On Fri, 2017-08-18 at 08:26 +0200, Andrej Valek wrote: >>> Yes, for actual branch is not required. But for branches like krogoth >>> and morty, where HOSTTOOLS is not implemented, is this necessary. >> >> Lets just apply this to krogoth/morty then... >> >> Cheers, >> >> Richard >> -- # Randy MacLeod. SMTS, Linux, Wind River Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON, Canada, K2K 2W5 ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-18 15:46 ` Randy MacLeod @ 2017-08-21 6:12 ` Andrej Valek 2017-08-23 12:07 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-21 6:12 UTC (permalink / raw) To: Randy MacLeod, Richard Purdie, openembedded-core, Armin Kuster Hello Armin, Could You please merge it into krogoth and morty branch? @Randy: last commit into those branches was ~5weeks ago, so they are still maintained. Regards, Andrej On 08/18/2017 05:46 PM, Randy MacLeod wrote: > On 2017-08-18 06:05 AM, Andrej Valek wrote: >> OK thank You, so please merge it into these branches. > > Add Armin, who maintains those branches: > https://wiki.yoctoproject.org/wiki/Releases > Is Krogoth still maintained? It's listed at Stable in the link above. > > ../Randy > > > >> >> Regards, >> Andrej >> >> On 08/18/2017 11:35 AM, Richard Purdie wrote: >>> On Fri, 2017-08-18 at 08:26 +0200, Andrej Valek wrote: >>>> Yes, for actual branch is not required. But for branches like krogoth >>>> and morty, where HOSTTOOLS is not implemented, is this necessary. >>> >>> Lets just apply this to krogoth/morty then... >>> >>> Cheers, >>> >>> Richard >>> > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-21 6:12 ` Andrej Valek @ 2017-08-23 12:07 ` Andrej Valek 2017-08-23 12:44 ` Richard Purdie 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-23 12:07 UTC (permalink / raw) To: Randy MacLeod, Richard Purdie, openembedded-core, Armin Kuster Hello Richard, I have found out that even master with HOSTTOOLS does not fix my problem. We use ASSUME_PROVIDED for ca-certificates-native due to corporate environment CAs. Since nativesdk-ca-certificates depends on ca-certificates-native which is not built, so it could not be found. Unfortunately adding update-ca-certificates to HOSTTOOLS is not working, since build user does not have permissions to modify system CAs and also is in /usr/sbin/ which is not in usual system path. Therefore I think that this patch applies for master branch, too. Possible improvement would be also removing ca-certificates-native from DEPENDS of class-nativesdk. Solution of installing corporate CAs within OE recipe does not seem to be ideal, because the CAs have short expiration date. So using system CAs assures reachability of resources over https. We had to do this because svn fetcher uses https without option to ignore errors (unlike wget which ignores certificates by default). Regards, Andrej On 08/21/2017 08:12 AM, [ext] Andrej Valek wrote: > Hello Armin, > > Could You please merge it into krogoth and morty branch? > > @Randy: last commit into those branches was ~5weeks ago, so they are > still maintained. > > Regards, > Andrej > > On 08/18/2017 05:46 PM, Randy MacLeod wrote: >> On 2017-08-18 06:05 AM, Andrej Valek wrote: >>> OK thank You, so please merge it into these branches. >> >> Add Armin, who maintains those branches: >> https://wiki.yoctoproject.org/wiki/Releases >> Is Krogoth still maintained? It's listed at Stable in the link above. >> >> ../Randy >> >> >> >>> >>> Regards, >>> Andrej >>> >>> On 08/18/2017 11:35 AM, Richard Purdie wrote: >>>> On Fri, 2017-08-18 at 08:26 +0200, Andrej Valek wrote: >>>>> Yes, for actual branch is not required. But for branches like krogoth >>>>> and morty, where HOSTTOOLS is not implemented, is this necessary. >>>> >>>> Lets just apply this to krogoth/morty then... >>>> >>>> Cheers, >>>> >>>> Richard >>>> >> >> ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-23 12:07 ` Andrej Valek @ 2017-08-23 12:44 ` Richard Purdie 2017-08-23 19:00 ` Khem Raj 0 siblings, 1 reply; 17+ messages in thread From: Richard Purdie @ 2017-08-23 12:44 UTC (permalink / raw) To: Andrej Valek, Randy MacLeod, openembedded-core, Armin Kuster On Wed, 2017-08-23 at 14:07 +0200, Andrej Valek wrote: > I have found out that even master with HOSTTOOLS does not fix my > problem. > We use ASSUME_PROVIDED for ca-certificates-native due to corporate > environment CAs. > Since nativesdk-ca-certificates depends on ca-certificates-native > whichis not built, so it could not be found. Unfortunately adding > update-ca-certificates to HOSTTOOLS is not working, since build user > does not have permissions to modify system CAs and also is in > /usr/sbin/ which is not in usual system path. > > Therefore I think that this patch applies for master branch, too. > Possible improvement would be also removing ca-certificates-native > from DEPENDS of class-nativesdk. > > Solution of installing corporate CAs within OE recipe does not seem > to be ideal, because the CAs have short expiration date. So using > system CAs assures reachability of resources over https. > We had to do this because svn fetcher uses https without option to > ignore errors (unlike wget which ignores certificates by default). Reading this made me realise this is a pretty complex issue. In general we cannot assume that we can execute nativesdk binaries. Since ca- certificates is allarch and we're executing an sh script, this is less of an issue in this very specific case. There is a binary involved, c_rehash and we do need to make sure there are the right -native dependencies to get that. There is a further complication with regard to the paths used, ca- certificates-native will use one set of paths, nativesdk-ca- certificates will use a different set and target ca-certificates a differnt set again. I suspect you're right and the ca-certificates-native dependency may be incorrect and the certs installed into sdks may be broken too. If the native sysroot and target sysroot layouts don't match, that would cause an additional source of errors. So some changes in this area does appear to be needed... Cheers, Richard ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-23 12:44 ` Richard Purdie @ 2017-08-23 19:00 ` Khem Raj 2017-08-24 10:38 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Khem Raj @ 2017-08-23 19:00 UTC (permalink / raw) To: Richard Purdie, Andrej Valek, Randy MacLeod, openembedded-core, Armin Kuster On 8/23/17 5:44 AM, Richard Purdie wrote: > On Wed, 2017-08-23 at 14:07 +0200, Andrej Valek wrote: >> I have found out that even master with HOSTTOOLS does not fix my >> problem. >> We use ASSUME_PROVIDED for ca-certificates-native due to corporate >> environment CAs. >> Since nativesdk-ca-certificates depends on ca-certificates-native >> whichis not built, so it could not be found. Unfortunately adding >> update-ca-certificates to HOSTTOOLS is not working, since build user >> does not have permissions to modify system CAs and also is in >> /usr/sbin/ which is not in usual system path. >> >> Therefore I think that this patch applies for master branch, too. >> Possible improvement would be also removing ca-certificates-native >> from DEPENDS of class-nativesdk. >> >> Solution of installing corporate CAs within OE recipe does not seem >> to be ideal, because the CAs have short expiration date. So using >> system CAs assures reachability of resources over https. >> We had to do this because svn fetcher uses https without option to >> ignore errors (unlike wget which ignores certificates by default). > > Reading this made me realise this is a pretty complex issue. In general > we cannot assume that we can execute nativesdk binaries. Since ca- > certificates is allarch and we're executing an sh script, this is less > of an issue in this very specific case. There is a binary involved, > c_rehash and we do need to make sure there are the right -native > dependencies to get that. c_rehash comes from openssl-native in this case. > > There is a further complication with regard to the paths used, ca- > certificates-native will use one set of paths, nativesdk-ca- > certificates will use a different set and target ca-certificates a > differnt set again. > > I suspect you're right and the ca-certificates-native dependency may be > incorrect and the certs installed into sdks may be broken too. If the > native sysroot and target sysroot layouts don't match, that would cause > an additional source of errors. > > So some changes in this area does appear to be needed... > > Cheers, > > Richard > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-23 19:00 ` Khem Raj @ 2017-08-24 10:38 ` Andrej Valek 2017-08-24 14:16 ` Richard Purdie 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-24 10:38 UTC (permalink / raw) To: Khem Raj, Richard Purdie, Randy MacLeod, openembedded-core, Armin Kuster What about enabling ASSUME_PROVIDED functionality also for nativesdk- components? Andrej On 08/23/2017 09:00 PM, Khem Raj wrote: > On 8/23/17 5:44 AM, Richard Purdie wrote: >> On Wed, 2017-08-23 at 14:07 +0200, Andrej Valek wrote: >>> I have found out that even master with HOSTTOOLS does not fix my >>> problem. >>> We use ASSUME_PROVIDED for ca-certificates-native due to corporate >>> environment CAs. >>> Since nativesdk-ca-certificates depends on ca-certificates-native >>> whichis not built, so it could not be found. Unfortunately adding >>> update-ca-certificates to HOSTTOOLS is not working, since build user >>> does not have permissions to modify system CAs and also is in >>> /usr/sbin/ which is not in usual system path. >>> >>> Therefore I think that this patch applies for master branch, too. >>> Possible improvement would be also removing ca-certificates-native >>> from DEPENDS of class-nativesdk. >>> >>> Solution of installing corporate CAs within OE recipe does not seem >>> to be ideal, because the CAs have short expiration date. So using >>> system CAs assures reachability of resources over https. >>> We had to do this because svn fetcher uses https without option to >>> ignore errors (unlike wget which ignores certificates by default). >> >> Reading this made me realise this is a pretty complex issue. In general >> we cannot assume that we can execute nativesdk binaries. Since ca- >> certificates is allarch and we're executing an sh script, this is less >> of an issue in this very specific case. There is a binary involved, >> c_rehash and we do need to make sure there are the right -native >> dependencies to get that. > > > c_rehash comes from openssl-native in this case. > >> >> There is a further complication with regard to the paths used, ca- >> certificates-native will use one set of paths, nativesdk-ca- >> certificates will use a different set and target ca-certificates a >> differnt set again. >> >> I suspect you're right and the ca-certificates-native dependency may be >> incorrect and the certs installed into sdks may be broken too. If the >> native sysroot and target sysroot layouts don't match, that would cause >> an additional source of errors. >> >> So some changes in this area does appear to be needed... >> >> Cheers, >> >> Richard >> >> > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-24 10:38 ` Andrej Valek @ 2017-08-24 14:16 ` Richard Purdie 2017-08-24 14:23 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Richard Purdie @ 2017-08-24 14:16 UTC (permalink / raw) To: Andrej Valek, Khem Raj, Randy MacLeod, openembedded-core, Armin Kuster On Thu, 2017-08-24 at 12:38 +0200, Andrej Valek wrote: > What about enabling ASSUME_PROVIDED functionality also for nativesdk- > components? That would mean something quite different, that the dependency was provided on the system the nativesdk package ended up running on? Since I've spent the time to understand the problem, I wrote and sent out a patch which I think should address the issues you're seeing? Cheers, Richard ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-24 14:16 ` Richard Purdie @ 2017-08-24 14:23 ` Andrej Valek 2017-08-24 14:26 ` Richard Purdie 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-24 14:23 UTC (permalink / raw) To: Richard Purdie, Khem Raj, Randy MacLeod, openembedded-core, Armin Kuster I have seen your patch, but it is not fixing my described issue. A command update-ca-certificates will be not available due to missing native stuff. Regards, Andrej On 08/24/2017 04:16 PM, Richard Purdie wrote: > On Thu, 2017-08-24 at 12:38 +0200, Andrej Valek wrote: >> What about enabling ASSUME_PROVIDED functionality also for nativesdk- >> components? > > That would mean something quite different, that the dependency was > provided on the system the nativesdk package ended up running on? > > Since I've spent the time to understand the problem, I wrote and sent > out a patch which I think should address the issues you're seeing? > > Cheers, > > Richard > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-24 14:23 ` Andrej Valek @ 2017-08-24 14:26 ` Richard Purdie 2017-08-25 6:05 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Richard Purdie @ 2017-08-24 14:26 UTC (permalink / raw) To: Andrej Valek, Khem Raj, Randy MacLeod, openembedded-core, Armin Kuster On Thu, 2017-08-24 at 16:23 +0200, Andrej Valek wrote: > I have seen your patch, but it is not fixing my described issue. > A command update-ca-certificates will be not available due to missing > native stuff. I changed the postinst so it doesn't need a native update-ca- certificates though? Its similar to one of your original patches but fixes the dependency issues and explains why the current approach is broken (path mismatch) and why its safe to do this (allarch recipe and script). Cheers, Richard ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-24 14:26 ` Richard Purdie @ 2017-08-25 6:05 ` Andrej Valek 2017-08-25 8:25 ` Richard Purdie 0 siblings, 1 reply; 17+ messages in thread From: Andrej Valek @ 2017-08-25 6:05 UTC (permalink / raw) To: Richard Purdie, Khem Raj, Randy MacLeod, openembedded-core, Armin Kuster It's fine, but for this function do_install_append_class-nativesdk () { SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates } is still update-ca-certificates needed from native. On 08/24/2017 04:26 PM, Richard Purdie wrote: > On Thu, 2017-08-24 at 16:23 +0200, Andrej Valek wrote: >> I have seen your patch, but it is not fixing my described issue. >> A command update-ca-certificates will be not available due to missing >> native stuff. > > I changed the postinst so it doesn't need a native update-ca- > certificates though? > > Its similar to one of your original patches but fixes the dependency > issues and explains why the current approach is broken (path mismatch) > and why its safe to do this (allarch recipe and script). > > Cheers, > > Richard > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-25 6:05 ` Andrej Valek @ 2017-08-25 8:25 ` Richard Purdie 2017-08-25 12:31 ` Andrej Valek 0 siblings, 1 reply; 17+ messages in thread From: Richard Purdie @ 2017-08-25 8:25 UTC (permalink / raw) To: Andrej Valek, Khem Raj, Randy MacLeod, openembedded-core, Armin Kuster On Fri, 2017-08-25 at 08:05 +0200, Andrej Valek wrote: > It's fine, but for this function > > do_install_append_class-nativesdk () { > SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates > } > > is still update-ca-certificates needed from native. I realised that in testing and have updated the version in master-next which passed testing this time. Cheers, Richard ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] ca-certificates: prevent executing update-ca-certificates from host system 2017-08-25 8:25 ` Richard Purdie @ 2017-08-25 12:31 ` Andrej Valek 0 siblings, 0 replies; 17+ messages in thread From: Andrej Valek @ 2017-08-25 12:31 UTC (permalink / raw) To: Richard Purdie, Khem Raj, Randy MacLeod, openembedded-core, Armin Kuster Hello Richard, I have seen, that You have merge also my change into current branch. Thank you about that. Andrej On 08/25/2017 10:25 AM, Richard Purdie wrote: > On Fri, 2017-08-25 at 08:05 +0200, Andrej Valek wrote: >> It's fine, but for this function >> >> do_install_append_class-nativesdk () { >> SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates >> } >> >> is still update-ca-certificates needed from native. > > I realised that in testing and have updated the version in master-next > which passed testing this time. > > Cheers, > > Richard > ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2017-08-25 12:31 UTC | newest] Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-08-17 14:44 [PATCH] ca-certificates: prevent executing update-ca-certificates from host system Andrej Valek 2017-08-17 16:31 ` Richard Purdie 2017-08-18 6:26 ` Andrej Valek 2017-08-18 9:35 ` Richard Purdie 2017-08-18 10:05 ` Andrej Valek 2017-08-18 15:46 ` Randy MacLeod 2017-08-21 6:12 ` Andrej Valek 2017-08-23 12:07 ` Andrej Valek 2017-08-23 12:44 ` Richard Purdie 2017-08-23 19:00 ` Khem Raj 2017-08-24 10:38 ` Andrej Valek 2017-08-24 14:16 ` Richard Purdie 2017-08-24 14:23 ` Andrej Valek 2017-08-24 14:26 ` Richard Purdie 2017-08-25 6:05 ` Andrej Valek 2017-08-25 8:25 ` Richard Purdie 2017-08-25 12:31 ` Andrej Valek
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.