From 5282b9cff31f6e2bcaef703183cc0f9d5f5be3cc Mon Sep 17 00:00:00 2001 From: Jan Vermaete Date: Sat, 20 Apr 2024 11:13:19 +0200 Subject: [PATCH 1/5] opendds: version bump 3.27.0 -> 3.28.0: Update the README file The latest Long Term Support release of Yocto is Scathgap (5.0). Supported until April 2028. The Kirkstone release (4.0) is still supported until April 2026. Both LTS releases are supported in this meta layer. But only the latest LTS in the README file should be mentioned. And update the current version number of OpenDDS in the README.md file Signed-off-by: Jan Vermaete --- README | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 73b3de2..0e469fa 100644 --- a/README +++ b/README @@ -6,10 +6,10 @@ Dependencies ============ URI: git://git.openembedded.org/meta-openembedded - branch: kirkstone + branch: scarthgap URI: https://git.yoctoproject.org/git/poky/meta - branch: kirkstone + branch: scarthgap Patches ======= @@ -37,7 +37,7 @@ II. Misc The layer contains two recipes for OpenDDS: one versioned and one not. -If PREFERRED_VERSION is not specifed in your local.conf then the OpenDDS 3.26.1 recipe will be +If PREFERRED_VERSION is not specifed in your local.conf then the OpenDDS 3.28.0 recipe will be selected for build by default The versioned recipe will use the DOC Group ACE/TAO v2 by default. From 1e3d042045d575b9adab9560321d81ee8e71057c Mon Sep 17 00:00:00 2001 From: Jan Vermaete Date: Sat, 3 Feb 2024 17:33:27 +0100 Subject: [PATCH 2/5] Kas files to build an image with meta-opendds for Raspberry Pi Can be used to run the ishapes demo. And to run the Yocto ptests for OpenDDS * see kas/README.md for more info about how to install and use Kas. * See https://docs.yoctoproject.org/singleindex.html#testing-packages-with-ptest for more info about ptest of Yocto. Signed-off-by: Jan Vermaete --- .gitignore | 3 +++ kas/README.md | 60 +++++++++++++++++++++++++++++++++++++++++ kas/ishapes.yaml | 14 ++++++++++ kas/local.yaml | 13 +++++++++ kas/ptest.yaml | 8 ++++++ kas/rpi.yaml | 70 ++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 168 insertions(+) create mode 100644 kas/README.md create mode 100644 kas/ishapes.yaml create mode 100644 kas/local.yaml create mode 100644 kas/ptest.yaml create mode 100644 kas/rpi.yaml diff --git a/.gitignore b/.gitignore index 310a24c..4b0a9b6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ .project +# kas +build/ +layers/ diff --git a/kas/README.md b/kas/README.md new file mode 100644 index 0000000..b563911 --- /dev/null +++ b/kas/README.md @@ -0,0 +1,60 @@ +Building OpenDDS with Yocto and Kas +=================================== + +[Kas](https://kas.readthedocs.io/en/latest/index.html) is a setup tool for bitbake based projects. + +Prerequisits +------------ + +# Kas installed + +See: https://kas.readthedocs.io/en/latest/userguide.html#dependencies-installation + +# Install bmap-tool to create the SDCard + +``` +apt install bmap-tools +``` + +# clone the OpenDDS Yocto layer + +``` +git clone https://github.com/OpenDDS/meta-opendds.git +``` + +Building +-------- + +``` +cd meta-opendds +kas build kas/rpi.yaml; # Just OpenDDS for RPi +kas build kas/rpi.yaml:kas/ishapes.yaml; # iShapes demo +kas build kas/rpi.yaml:kas/ptests.yaml; # OpenDDS with Yocto ptests +``` + +Deploying +--------- + +Copy the WIC artifact to an SDCard. + +Following instruction is an *example*. Check before executing the command where the SDCard is mounted (e.g. `/dev/sda`)! + +``` +cd build/tmp/deploy/images/raspberrypi4-64 +sudo bmaptool copy core-image-minimal-xfce-raspberrypi4-64.rootfs.wic.bz2 /dev/sda +``` + +Testing +------- + +### Run the ishapes demo + +Open a terminal on the Raspberry Pi. +Run `ishapes` + +### Running the Yocto ptests for OpenDDS + +Open a terminal on the Raspberry Pi. +Run `ptest-runner opendds` + +A detailed log of the run can be found on the `/tmp` of the device. diff --git a/kas/ishapes.yaml b/kas/ishapes.yaml new file mode 100644 index 0000000..0e73f41 --- /dev/null +++ b/kas/ishapes.yaml @@ -0,0 +1,14 @@ +header: + version: 1 + +repos: + meta-qt5: + url: https://github.com/meta-qt5/meta-qt5/ + path: layers/meta-qt5 + branch: master # Scartgap release not yet available + +local_conf_header: + opendds-ishapes: | + IMAGE_INSTALL:append = " opendds-ishapes" + PACKAGECONFIG:append:pn-opendds = " ishapes" + DISTRO_FEATURES:remove = " ptest" diff --git a/kas/local.yaml b/kas/local.yaml new file mode 100644 index 0000000..3c5d7bb --- /dev/null +++ b/kas/local.yaml @@ -0,0 +1,13 @@ +header: + version: 1 + +local_conf_header: + pc: | + PARALLEL_MAKE = "-j 4" + BB_NUMBER_THREADS = "4" + build_faster: | + DL_DIR = "/var/lib/yocto/downloads" + SSTATE_DIR = "/var/lib/yocto/sstate-cache" + buildhistory: | + INHERIT += "buildhistory" + BUILDHISTORY_COMMIT = "1" diff --git a/kas/ptest.yaml b/kas/ptest.yaml new file mode 100644 index 0000000..ace6489 --- /dev/null +++ b/kas/ptest.yaml @@ -0,0 +1,8 @@ +header: + version: 1 + +local_conf_header: + opendds-testing: | + DISTRO_FEATURES:append = " ptest" + EXTRA_IMAGE_FEATURES += "ptest-pkgs" + IMAGE_INSTALL:append = " opendds-dev" diff --git a/kas/rpi.yaml b/kas/rpi.yaml new file mode 100644 index 0000000..83b8e06 --- /dev/null +++ b/kas/rpi.yaml @@ -0,0 +1,70 @@ +header: + version: 1 + +machine: raspberrypi4-64 + +distro: poky + +target: core-image-minimal-xfce + +repos: + meta-opendds: + meta-raspberrypi: + url: https://github.com/agherzan/meta-raspberrypi + path: layers/meta-raspberrypi + branch: master # Scartgap release not yet available + poky: + url: https://git.yoctoproject.org/git/poky + path: layers/poky + branch: scarthgap + layers: + meta: + meta-poky: + meta-openembedded: + url: http://git.openembedded.org/meta-openembedded + path: layers/meta-openembedded + branch: scarthgap + layers: + meta-oe: + meta-python: + meta-networking: + meta-perl: + meta-gnome: + meta-multimedia: + meta-xfce: + +bblayers_conf_header: + standard: | + POKY_BBLAYERS_CONF_VERSION = "2" + BBPATH = "${TOPDIR}" + BBFILES ?= "" + +local_conf_header: + standard: | + CONF_VERSION = "2" + SDKMACHINE = "x86_64" + USER_CLASSES = "buildstats" + debug-tweaks: | + EXTRA_IMAGE_FEATURES = "debug-tweaks" + IMAGE_ROOTFS_EXTRA_SPACE = "1524288" + diskmon: | + BB_DISKMON_DIRS = "\ + STOPTASKS,${TMPDIR},1G,100K \ + STOPTASKS,${DL_DIR},1G,100K \ + STOPTASKS,${SSTATE_DIR},1G,100K \ + STOPTASKS,/tmp,100M,100K \ + HALT,${TMPDIR},100M,1K \ + HALT,${DL_DIR},100M,1K \ + HALT,${SSTATE_DIR},100M,1K \ + HALT,/tmp,10M,1K" + network: | + IMAGE_FEATURES:append = " ssh-server-openssh" + hostname:pn-base-files = "rpi4-opendds" + system: | + DISTRO_FEATURES:append = " systemd usrmerge" + VIRTUAL-RUNTIME_init_manager = "systemd" + opendds: | + IMAGE_INSTALL:append = " opendds" + PACKAGECONFIG:append:pn-opendds = " doc-group3" + PACKAGECONFIG:append:pn-opendds-native = " doc-group3" + INHERIT += "cve-check" From 691aa6817253a491e5aec91b0b754755256c65dc Mon Sep 17 00:00:00 2001 From: Jan Vermaete Date: Sun, 21 Apr 2024 19:42:29 +0200 Subject: [PATCH 3/5] Adding ptest to OpenDDS. Ptest is the layer of Yocto above the unit tests of the recipes. Ptest of OpenDDS will run the 'auto_run_tests.pl' script on the target. Not all tests are passing yet. To create an image with the ptests for Yocto: DISTRO_FEATURES:append = " ptest" EXTRA_IMAGE_FEATURES += "ptest-pkgs" IMAGE_INSTALL:append = " opendds-dev" Signed-off-by: Jan Vermaete --- recipes-connectivity/opendds/opendds.inc | 72 ++++++++++++++++++- .../opendds/opendds/run-ptest | 11 +++ 2 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 recipes-connectivity/opendds/opendds/run-ptest diff --git a/recipes-connectivity/opendds/opendds.inc b/recipes-connectivity/opendds/opendds.inc index e555495..ab258a9 100644 --- a/recipes-connectivity/opendds/opendds.inc +++ b/recipes-connectivity/opendds/opendds.inc @@ -5,13 +5,16 @@ BUGTRACKER = "https://github.com/OpenDDS/OpenDDS/issues" LICENSE = "OpenDDS" LIC_FILES_CHKSUM = "file://LICENSE;md5=11ee76f6fb51f69658b5bb8327c50b11" -inherit autotools +inherit autotools ptest -PACKAGECONFIG ??= "security" +SRC_URI:append = " file://run-ptest" + +PACKAGECONFIG ??= "security ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'tests', '', d)}" PACKAGECONFIG:class-native ??= "" PACKAGECONFIG[security] = "--security, , openssl xerces-c, " PACKAGECONFIG[ishapes] = "--qt=${STAGING_DIR_NATIVE}${prefix_native} --qt-include=${STAGING_INCDIR},,qtbase qtbase-native" PACKAGECONFIG[doc-group3] = "--doc-group3,," +PACKAGECONFIG[tests] = "--tests --gtest=${WORKDIR}/recipe-sysroot/usr, --no-tests, googletest, perl packagegroup-meta-perl perl-module-tie-array perl-module-english, ,ishapes" DEPENDS += "\ cmake-native \ @@ -56,7 +59,6 @@ OECONF ??= "" OECONF:append = "\ --prefix=${prefix} \ --verbose \ - --no-tests \ --no-rapidjson \ ${PACKAGECONFIG_CONFARGS} \ " @@ -142,6 +144,69 @@ do_install:append:class-nativesdk() { ln -sf ${bindir}/tao_idl ${D}${datadir}/ace/bin/tao_idl } +do_install_ptest() { + sed -i "s#@PTEST_ARGS@#${@bb.utils.contains('PACKAGECONFIG', 'security', '--security', '', d)}#g" ${D}${PTEST_PATH}/run-ptest + + install -d ${D}${datadir}/DDS_ROOT/ + install -d ${D}${datadir}/DDS_ROOT/tests + cd ${S}/tests + tar --no-same-owner \ + --exclude='*.mpc'\ + --exclude='*.o' \ + --exclude='GNUmakefile*'\ + --exclude='.gitignore'\ + --exclude='.depend*'\ + --exclude='.obj*'\ + -cpf - . \ + | tar --no-same-owner -xpf - -C ${D}${datadir}/DDS_ROOT/tests + + install -d ${D}${datadir}/DDS_ROOT/performance-tests + cd ${S}/performance-tests + tar --no-same-owner \ + --exclude='*.mpc'\ + --exclude='*.o' \ + --exclude='GNUmakefile*'\ + --exclude='.gitignore'\ + --exclude='.depend*'\ + --exclude='.obj*'\ + -cpf - . \ + | tar --no-same-owner -xpf - -C ${D}${datadir}/DDS_ROOT/performance-tests + + install -d ${D}${datadir}/DDS_ROOT/DevGuideExamples + cd ${S}/DevGuideExamples + tar --no-same-owner \ + --exclude='*.mpc'\ + --exclude='*.o' \ + --exclude='GNUmakefile*'\ + --exclude='.gitignore'\ + --exclude='.depend*'\ + --exclude='.obj*'\ + -cpf - . \ + | tar --no-same-owner -xpf - -C ${D}${datadir}/DDS_ROOT/DevGuideExamples + + install -d ${D}${datadir}/DDS_ROOT/examples + cd ${S}/examples + tar --no-same-owner \ + --exclude='*.mpc'\ + --exclude='*.o' \ + --exclude='GNUmakefile*'\ + --exclude='.gitignore'\ + --exclude='.depend*'\ + --exclude='.obj*'\ + -cpf - . \ + | tar --no-same-owner -xpf - -C ${D}${datadir}/DDS_ROOT/examples + + # A symbolic link because the test script will search the execuables under DDS_ROOT. + # But because of the --prefix in the configure they are installed under /usr/bin + ln -s ${bindir} ${D}${datadir}/DDS_ROOT/bin + install -d ${D}/usr/lib/perl5/5.38.2/PerlACE + install -m 644 ${S}/ACE_wrappers/bin/PerlACE/*.pm ${D}/usr/lib/perl5/5.38.2/PerlACE + install -d ${D}/usr/lib/perl5/5.38.2/PerlDDS + install -m 644 ${S}/bin/PerlDDS/*.pm ${D}/usr/lib/perl5/5.38.2/PerlDDS + install -d ${D}${datadir}/DDS_ROOT/tools/scripts/modules + install -m 644 ${S}/tools/scripts/modules/*.pm ${D}${datadir}/DDS_ROOT/tools/scripts/modules +} + PACKAGES += "${PN}-ishapes" INSANE_SKIP:${PN} += "dev-so" @@ -149,6 +214,7 @@ INSANE_SKIP:${PN}-dev += "libdir" FILES:${PN}-dev += "${datadir}" FILES:${PN}-ishapes += "${bindir}/ishapes" +FILES:${PN}-ptest += "${libdir}/perl5/5.38.2/PerlACE ${libdir}/perl5/5.38.2/PerlDDS" ALLOW_EMPTY:${PN}-ishapes = "1" diff --git a/recipes-connectivity/opendds/opendds/run-ptest b/recipes-connectivity/opendds/opendds/run-ptest new file mode 100644 index 0000000..2dc3960 --- /dev/null +++ b/recipes-connectivity/opendds/opendds/run-ptest @@ -0,0 +1,11 @@ +#!/bin/sh + +export DDS_ROOT=/usr/share/DDS_ROOT +export ACE_ROOT=/usr +export TAO_ROOT=/usr +export PERLLIB="$PERLLIB:/usr/share/DDS_ROOT/tools/scripts/modules" +export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DDS_ROOT/lib" +LOG="/tmp/opendds_ptest_$(date +%Y%m%d-%H%M%S).log" + +# Todo: some sed experts can do their thing +${DDS_ROOT}/tests/auto_run_tests.pl @PTEST_ARGS@ 2>&1 | tee -a ${LOG} | sed -rnu '/^auto_run_tests_finished:/p' | sed -u 's/^auto_run_tests_finished: // ; /Result:0/ s/^/PASS: / ; /Result:0/! s/^/FAIL: /' | sed -u 's/\(.*\) \(Time:.*\) \(Result:.*\)/\1/' From fc2c62114c17aab79f690348c57f7dd86fc16eee Mon Sep 17 00:00:00 2001 From: Jan Vermaete Date: Sun, 21 Apr 2024 19:47:31 +0200 Subject: [PATCH 4/5] Added the patch from the OpenDDS git repo to fix the OpenSSL issue in 3.28.0 Could be removed in the next release of OpenDDS. This patch do make the ptests about security passing. Signed-off-by: Jan Vermaete --- ...gov-gen-uses-openssl-API-incorrectly.patch | 58 +++++++++++++++++++ .../opendds/opendds_3.28.0.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch diff --git a/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch b/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch new file mode 100644 index 0000000..387027f --- /dev/null +++ b/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch @@ -0,0 +1,58 @@ +From 5a9bc8545f771742e48d31e1635e15f156cc9c17 Mon Sep 17 00:00:00 2001 +From: "Justin R. Wilson" +Date: Wed, 17 Apr 2024 12:59:03 -0500 +Subject: [PATCH] `gov_gen` uses openssl API incorrectly + +Problem +------- + +The `gov_gen` application generates governance files for testing and +signs them with openssl. `gov_gen` has a bug on Debian +12.5 (openssl 3.0.11) where a null argument is passed. + +Solution +-------- + +Pass `mem` as the "in"" parameter and use `PKCS7_STREAM`. + +Upstream-Status: Backport [https://github.com/OpenDDS/OpenDDS/commit/270cae56421462db367cbe8d89cccd752108dd20] + +--- + docs/news.d/gov-gen.rst | 5 +++++ + tests/security/attributes/gov_gen.cpp | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + create mode 100644 docs/news.d/gov-gen.rst + +diff --git a/docs/news.d/gov-gen.rst b/docs/news.d/gov-gen.rst +new file mode 100644 +index 0000000000..4a628c1659 +--- /dev/null ++++ b/docs/news.d/gov-gen.rst +@@ -0,0 +1,5 @@ ++.. news-prs: 4591 ++ ++.. news-start-section: Fixes ++- Fixed incorrect usage of OpenSSL in ``gov_gen`` application. ++.. news-end-section +diff --git a/tests/security/attributes/gov_gen.cpp b/tests/security/attributes/gov_gen.cpp +index ee1adbdf44..b35dd89ed4 100644 +--- a/tests/security/attributes/gov_gen.cpp ++++ b/tests/security/attributes/gov_gen.cpp +@@ -403,7 +403,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[]) + return EXIT_FAILURE; + } + +- PKCS7* p7 = PKCS7_sign(cert, key, NULL, NULL, PKCS7_TEXT | PKCS7_DETACHED); ++ PKCS7* p7 = PKCS7_sign(cert, key, NULL, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM); + if (!p7) { + std::cerr << "ERROR: could not sign" << std::endl; + print_ssl_error(); +@@ -418,7 +418,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[]) + + } + +- if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED)) { ++ if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM)) { + std::cerr << "ERROR: could not write " << outpath << std::endl; + print_ssl_error(); + return EXIT_FAILURE; diff --git a/recipes-connectivity/opendds/opendds_3.28.0.bb b/recipes-connectivity/opendds/opendds_3.28.0.bb index 9e72ff8..dea7ddf 100644 --- a/recipes-connectivity/opendds/opendds_3.28.0.bb +++ b/recipes-connectivity/opendds/opendds_3.28.0.bb @@ -12,6 +12,7 @@ SRC_URI = "\ git://github.com/OpenDDS/OpenDDS.git;protocol=https;branch=${DDS_SRC_BRANCH};name=opendds \ ${@bb.utils.contains('PACKAGECONFIG', 'doc-group3', '${DOC_TAO3_URI};name=ace_tao;unpack=0;subdir=git', '${DOC_TAO2_URI};name=ace_tao;unpack=0;subdir=git', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'ishapes', 'file://0001-adding-the-ishapes-demo.patch', '', d)} \ + file://0002-gov-gen-uses-openssl-API-incorrectly.patch \ " require opendds.inc From 7105b7a4933ac16202e1bebf1f1665e09a1f5fa5 Mon Sep 17 00:00:00 2001 From: Jan Vermaete Date: Mon, 22 Apr 2024 19:07:49 +0200 Subject: [PATCH 5/5] GHA: added missing layers to pass yocto-check-layer The layers meta-networking, meta-python and meta-perl are needed to run the yocto-check-layer now ptest is added. Signed-off-by: Jan Vermaete --- .github/scripts/yocto-check-layer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/scripts/yocto-check-layer.sh b/.github/scripts/yocto-check-layer.sh index c7e422b..8db9b88 100755 --- a/.github/scripts/yocto-check-layer.sh +++ b/.github/scripts/yocto-check-layer.sh @@ -14,4 +14,7 @@ cd poky git clone --depth 1 --branch $YOCTO_RELEASE git://git.openembedded.org/meta-openembedded . ./oe-init-build-env build bitbake-layers add-layer ../meta-openembedded/meta-oe +bitbake-layers add-layer ../meta-openembedded/meta-perl +bitbake-layers add-layer ../meta-openembedded/meta-python +bitbake-layers add-layer ../meta-openembedded/meta-networking yocto-check-layer --with-software-layer-signature-check --debug "$GITHUB_WORKSPACE"