├── .gitignore
├── meta-lmp-base
├── recipes-bsp
│ ├── u-boot
│ │ ├── u-boot-fio
│ │ │ ├── lmp.cfg
│ │ │ ├── lmp-base.cfg
│ │ │ ├── lmp-ebbr.cfg
│ │ │ ├── lmp-ebbr-common.cfg
│ │ │ ├── lmp-common-nosec.cfg
│ │ │ ├── lmp-base-common.cfg
│ │ │ └── lmp-common.cfg
│ │ ├── u-boot-fio_2024.04.bb
│ │ ├── u-boot-base-scr
│ │ │ ├── boot.cmd
│ │ │ └── uEnv.txt.in
│ │ ├── u-boot-ostree-scr-fit
│ │ │ ├── boot-footer.cmd.in
│ │ │ ├── boot.cmd
│ │ │ └── boot.its.in
│ │ ├── u-boot-ostree-scr
│ │ │ ├── boot.cmd
│ │ │ └── uEnv.txt.in
│ │ ├── u-boot-ostree-scr.bb
│ │ └── u-boot-base-scr.bb
│ ├── efitools
│ │ ├── efitools_git.bbappend
│ │ ├── efitools-native_git.bb
│ │ └── efitools
│ │ │ ├── allow-local-auths.patch
│ │ │ ├── Fix-help2man-failure.patch
│ │ │ ├── Fix-the-wrong-dependency-for-blacklist.esl.patch
│ │ │ ├── build-keys-for-lockdown-only.patch
│ │ │ ├── Fix-help2man-error.patch
│ │ │ ├── 0001-Enable-RISC-V-build.patch
│ │ │ ├── Makefile-do-not-build-signed-efi-image.patch
│ │ │ ├── Add-static-keyword-for-IsValidVariableHeader.patch
│ │ │ └── Don-t-build-PreLoader.efi.patch
│ ├── pciutils
│ │ └── pciutils_%.bbappend
│ ├── grub
│ │ └── grub-efi_%.bbappend
│ ├── device-tree
│ │ └── lmp-device-tree.bb
│ ├── plug-and-trust-seteec
│ │ └── plug-and-trust-demos_4.02.00.bb
│ └── alsa-state
│ │ └── alsa-state
│ │ └── alsa-state-init
├── files
│ ├── lmp-group-table-default
│ └── lmp-passwd-table-default
├── recipes-extended
│ ├── zram
│ │ ├── zram
│ │ │ └── zram.conf
│ │ └── zram_%.bbappend
│ ├── shadow
│ │ ├── shadow
│ │ │ └── tmpfiles.conf
│ │ └── shadow_%.bbappend
│ ├── collectd
│ │ ├── collectd
│ │ │ ├── tmpfiles.conf
│ │ │ └── collectd.conf
│ │ └── collectd_%.bbappend
│ ├── pam
│ │ ├── libpam
│ │ │ └── pam-volatiles.conf
│ │ └── libpam_%.bbappend
│ ├── rpcbind
│ │ └── rpcbind_%.bbappend
│ ├── sudo
│ │ ├── sudo
│ │ │ └── tmpfiles.conf
│ │ └── sudo_%.bbappend
│ ├── rrdtool
│ │ └── rrdtool_%.bbappend
│ ├── haveged
│ │ ├── haveged_%.bbappend
│ │ └── haveged
│ │ │ └── haveged.service
│ └── ostree
│ │ ├── ostree_%.bbappend
│ │ └── ostree
│ │ └── 0005-ostree-decrease-default-grub.cfg-timeout-and-set-def.patch
├── recipes-support
│ ├── bluetooth-attach
│ │ └── bluetooth-attach
│ │ │ ├── btattach.conf
│ │ │ ├── hciattach.conf
│ │ │ ├── hciattach-custom.sh
│ │ │ ├── btattach.service
│ │ │ └── hciattach.service
│ ├── lmp-el2go-auto-register
│ │ ├── lmp-el2go-auto-register
│ │ │ ├── root.crt
│ │ │ └── default.env
│ │ └── lmp-el2go-auto-register.bb
│ ├── lmp-device-auto-register
│ │ ├── lmp-device-auto-register
│ │ │ ├── api-token
│ │ │ └── lmp-device-auto-register.service.in
│ │ └── lmp-device-auto-register.bb
│ ├── htpdate
│ │ └── htpdate
│ │ │ └── default.conf
│ ├── openct
│ │ └── openct_%.bbappend
│ ├── bt-6lowpan-setup
│ │ ├── bt-6lowpan-setup
│ │ │ ├── modules-6lowpan.conf
│ │ │ └── bt-6lowpan.network.in
│ │ └── bt-6lowpan-setup_0.1.bb
│ ├── systemd-watchdog-config
│ │ ├── systemd-watchdog-config
│ │ │ └── watchdog.conf
│ │ └── systemd-watchdog-config.bb
│ ├── systemd-journald-config
│ │ ├── systemd-journald-config
│ │ │ └── forward-console.conf
│ │ └── systemd-journald-config.bb
│ ├── curl
│ │ └── curl_%.bbappend
│ ├── docker-cli-config
│ │ ├── docker-cli-config
│ │ │ └── config.json.in
│ │ └── docker-cli-config_0.1.bb
│ ├── lshw
│ │ ├── lshw_%.bbappend
│ │ └── files
│ │ │ └── 0001-disable-docbook2man.patch
│ ├── opensc
│ │ └── opensc_%.bbappend
│ ├── sbin-path-helper
│ │ ├── sbin-path-helper
│ │ │ └── path-sbin.sh
│ │ └── sbin-path-helper_0.1.bb
│ ├── gmp
│ │ └── gmp_6.3.0.bbappend
│ ├── nss
│ │ └── nss_3.%.bbappend
│ ├── sysctl-hang-crash-helper
│ │ ├── sysctl-hang-crash-helper
│ │ │ └── sysctl-panic.conf
│ │ └── sysctl-hang-crash-helper_0.1.bb
│ ├── fioconfig
│ │ └── fioconfig
│ │ │ ├── fioconfig.path
│ │ │ ├── fioconfig.service
│ │ │ └── fioconfig-extract.service
│ ├── docker-auto-prune
│ │ ├── docker-auto-prune
│ │ │ ├── docker-auto-prune.service
│ │ │ └── docker-auto-prune.timer.in
│ │ └── docker-auto-prune_0.1.bb
│ ├── compose-apps-early-start
│ │ ├── compose-apps-early-start
│ │ │ ├── compose-apps-early-start-recovery.service
│ │ │ ├── compose-apps-early-start.service
│ │ │ └── compose-apps-early-start-recovery
│ │ └── compose-apps-early-start.bb
│ ├── ostree-pending-reboot
│ │ ├── ostree-pending-reboot
│ │ │ ├── ostree-pending-reboot.service
│ │ │ └── ostree-pending-reboot.timer.in
│ │ └── ostree-pending-reboot_0.1.bb
│ ├── dnsmasq
│ │ └── dnsmasq_2.91.bbappend
│ ├── fio-docker-fsck
│ │ ├── fio-docker-fsck
│ │ │ └── fio-docker-fsck.service
│ │ └── fio-docker-fsck_git.bb
│ ├── ptest-runner
│ │ ├── ptest-runner_%.bbappend
│ │ └── ptest-runner
│ │ │ └── ptest-lmp-runner.sh
│ ├── sysctl-net-queue-pfifo-fast
│ │ ├── sysctl-net-queue-pfifo-fast
│ │ │ └── sysctl-net-queuing.conf
│ │ └── sysctl-net-queue-pfifo-fast_0.1.bb
│ ├── luks-reencryption
│ │ ├── luks-reencryption
│ │ │ ├── luks-reencryption.service
│ │ │ └── luks-reencryption
│ │ └── luks-reencryption_0.1.bb
│ ├── ima-inspect
│ │ └── ima-inspect_0.15.bb
│ ├── resize-helper
│ │ ├── resize-helper
│ │ │ └── resize-helper.service
│ │ └── resize-helper_0.1.bb
│ ├── libfyaml
│ │ └── libfyaml_0.6.3.bb
│ ├── docker-credential-helper-fio
│ │ ├── docker-credential-helper-fio_0.1.bb
│ │ └── files
│ │ │ └── docker-credential-fio-helper
│ ├── lmp-auto-hostname
│ │ └── lmp-auto-hostname
│ │ │ └── lmp-auto-hostname.service.in
│ └── fio-diag
│ │ └── fio-diag_0.1.bb
├── recipes-security
│ ├── optee
│ │ ├── files
│ │ │ └── ckteec.module
│ │ ├── optee-examples_4.4.0.bb
│ │ ├── optee-os-fio_4.4.0.bb
│ │ ├── optee-client_4.4.0.bb
│ │ ├── optee-client_%.bbappend
│ │ ├── optee-os-fio%.bbappend
│ │ ├── optee-test_4.4.0.bb
│ │ ├── fio-se05x-cli_git.bb
│ │ ├── pkcs11-se050-import_git.bb
│ │ ├── optee-client-fio.inc
│ │ ├── optee-fiovb_git.bb
│ │ ├── optee-test
│ │ │ └── 0001-regression-1000-disable-1039.patch
│ │ ├── optee-os-tadevkit_4.4.0.bb
│ │ └── optee-client
│ │ │ └── 0001-FIO-extras-pkcs11-change-UUID-to-avoid-conflict-with.patch
│ ├── softhsm
│ │ ├── softhsm
│ │ │ └── tmpfiles.conf
│ │ └── softhsm_2.%.bbappend
│ └── ima_policy_tcb
│ │ ├── ima-policy-tcb_1.0.bb
│ │ └── files
│ │ └── ima_policy_tcb
├── recipes-sota
│ ├── aktualizr
│ │ ├── aktualizr
│ │ │ ├── tmpfiles.conf
│ │ │ └── aktualizr-lite.service.in
│ │ ├── aktualizr-pkcs11-label
│ │ │ └── pkcs11-label.toml
│ │ ├── aktualizr-fioefi-env-rollback
│ │ │ └── sota-fioefi-env.toml
│ │ ├── aktualizr-fiovb-env-rollback
│ │ │ └── sota-fiovb-env.toml
│ │ ├── aktualizr-callback
│ │ │ └── 90-handle-callback.toml
│ │ ├── aktualizr-fioefi-env-rollback_1.0.bb
│ │ ├── aktualizr-pkcs11-label.bb
│ │ ├── aktualizr-fiovb-env-rollback.bb
│ │ └── aktualizr-callback_1.0.bb
│ ├── custom-sota-client
│ │ ├── files
│ │ │ └── systemd.service
│ │ └── custom-sota-client_git.bb
│ ├── fioefi
│ │ └── fioefi_0.1.bb
│ ├── ostree-kernel-initramfs
│ │ └── ostree-kernel-initramfs_%.bbappend
│ ├── ostreeuploader
│ │ └── ostreeuploader_git.bb
│ └── lmp-device-register
│ │ └── lmp-device-register_git.bb
├── recipes-crypto
│ └── cryptsetup
│ │ ├── cryptsetup_2.8.1.bbappend
│ │ └── cryptsetup_%.bbappend
├── recipes-multimedia
│ └── alsa
│ │ ├── alsa-utils
│ │ └── tmpfiles.conf
│ │ └── alsa-utils_%.bbappend
├── recipes-core
│ ├── dropbear
│ │ ├── dropbear_%.bbappend
│ │ └── dropbear
│ │ │ ├── dropbear@.service
│ │ │ └── dropbearkey.service
│ ├── base-files
│ │ ├── base-files
│ │ │ ├── tmpfiles.conf
│ │ │ ├── share
│ │ │ │ └── dot.bashrc
│ │ │ ├── nsswitch.conf
│ │ │ └── profile
│ │ └── base-files_%.bbappend
│ ├── psplash
│ │ ├── files
│ │ │ └── lmp-logo.png
│ │ └── psplash_%.bbappend
│ ├── packagegroups
│ │ ├── packagegroup-base.bbappend
│ │ └── packagegroup-security-tpm2.bbappend
│ ├── base-passwd
│ │ ├── base-passwd_%.bbappend
│ │ └── base-passwd
│ │ │ └── 0001-Add-missing-groups-from-systemd-basic.conf.patch
│ ├── ovmf
│ │ └── ovmf_git.bbappend
│ ├── busybox
│ │ ├── busybox
│ │ │ ├── removed.cfg
│ │ │ ├── less.cfg
│ │ │ └── shell.cfg
│ │ └── busybox_%.bbappend
│ ├── readline
│ │ └── readline_%.bbappend
│ ├── images
│ │ ├── core-image-minimal-initramfs.bbappend
│ │ └── initramfs-ostree-lmp-recovery
│ │ │ ├── udhcpc.sh
│ │ │ ├── uboot_env.sh
│ │ │ └── image_download.sh
│ ├── dbus
│ │ └── dbus_%.bbappend
│ ├── systemd
│ │ ├── systemd-serialgetty.bbappend
│ │ ├── systemd
│ │ │ ├── 0001-tmpfiles-tmp.conf-reduce-cleanup-age-to-half.patch
│ │ │ └── systemd-networkd-wait-online.service.in-use-any-by-d.patch
│ │ └── systemd-boot_%.bbappend
│ ├── nss-altfiles
│ │ └── nss-altfiles_git.bb
│ ├── initrdscripts
│ │ ├── initramfs-module-install-efi_%.bbappend
│ │ └── initramfs-framework
│ │ │ ├── cryptfs_tpm2
│ │ │ └── ostree_recovery
│ └── os-release
│ │ └── os-release.bbappend
├── recipes-graphics
│ └── wayland
│ │ ├── weston-init
│ │ └── lmp-wayland
│ │ │ ├── weston.env
│ │ │ ├── tmpfiles.conf
│ │ │ ├── background.jpg
│ │ │ ├── utilities-terminal.png
│ │ │ └── weston.service.patch
│ │ └── weston-init.bbappend
├── dynamic-layers
│ ├── tpm-layer
│ │ ├── recipes-tpm2
│ │ │ ├── tpm2-abrmd
│ │ │ │ └── tpm2-abrmd_%.bbappend
│ │ │ ├── tpm2-pkcs11
│ │ │ │ ├── tpm2-pkcs11
│ │ │ │ │ ├── tmpfiles.conf
│ │ │ │ │ └── 0002-db-don-t-warn-the-user-when-db-is-not-found.patch
│ │ │ │ └── tpm2-pkcs11_%.bbappend
│ │ │ └── tpm2-tss
│ │ │ │ └── tpm2-tss_%.bbappend
│ │ └── recipes-tpm
│ │ │ └── swtpm
│ │ │ └── swtpm_%.bbappend
│ ├── meta-arm
│ │ ├── recipes-security
│ │ │ └── optee
│ │ │ │ └── optee-os_%.bbappend
│ │ └── recipes-bsp
│ │ │ ├── uefi
│ │ │ └── edk2-firmware_%.bbappend
│ │ │ └── trusted-firmware-a
│ │ │ └── trusted-firmware-a_%.bbappend
│ └── integrity
│ │ └── recipes-security
│ │ └── ima-evm-keys
│ │ └── ima-evm-keys_1.0.bbappend
├── recipes-devtools
│ ├── python
│ │ ├── python3-jsonschema_%.bbappend
│ │ ├── python3-pycparser_%.bbappend
│ │ ├── python3-pyroute2_%.bbappend
│ │ ├── python3-docker_%.bbappend
│ │ ├── python3-func-timeout_4.3.5.bb
│ │ ├── python3-plug-and-trust-ssscli_4.02.00.bb
│ │ └── python3-pyroute2
│ │ │ └── 0001-fix-vxcan-peer.patch
│ ├── pkcs11test
│ │ └── pkcs11test_git.bb
│ ├── mcumgr
│ │ └── mcumgr_git.bb
│ └── sbsigntool
│ │ └── sbsigntool
│ │ ├── 0002-docs-Don-t-build-man-pages.patch
│ │ ├── 0006-Makefile.am-do-not-use-Werror.patch
│ │ └── 0004-src-Makefile.am-Add-read_write_all.c-to-common_SOURC.patch
├── recipes-samples
│ └── images
│ │ ├── lmp-feature-nat64.inc
│ │ ├── lmp-feature-wifi.inc
│ │ ├── lmp-feature-sbin-path-helper.inc
│ │ ├── lmp-feature-efi.inc
│ │ ├── lmp-feature-ima.inc
│ │ ├── lmp-feature-ota-utils.inc
│ │ ├── lmp-feature-sysctl-hang-crash-helper.inc
│ │ ├── lmp-feature-softhsm.inc
│ │ ├── lmp-feature-sysctl-net-queue-pfifo-fast.inc
│ │ ├── lmp-feature-tpm2.inc
│ │ ├── lmp-feature-bluetooth.inc
│ │ ├── lmp-feature-wireguard.inc
│ │ ├── configs
│ │ └── sudoers
│ │ ├── lmp-feature-jobserv.inc
│ │ ├── lmp-feature-factory.inc
│ │ ├── lmp-feature-se05x.inc
│ │ ├── lmp-feature-optee.inc
│ │ ├── lmp-feature-bt-6lowpan.inc
│ │ ├── lmp-service-ostree-pending-reboot.inc
│ │ ├── lmp-service-auto-hostname.inc
│ │ ├── lmp-feature-debug.inc
│ │ ├── lmp-feature-wayland.inc
│ │ ├── lmp-feature-docker.inc
│ │ ├── lmp-feature-ansible.inc
│ │ ├── lmp-service-bluetooth-disable.inc
│ │ ├── lmp-mini-image.bb
│ │ └── lmp-base-console-image.bb
├── README.md
├── conf
│ └── distro
│ │ ├── lmp-wayland.conf
│ │ ├── lmp-xwayland.conf
│ │ ├── lmp-base-wayland.conf
│ │ ├── include
│ │ ├── cve-lmp-extra-exclusions.inc
│ │ └── arm-defaults.inc
│ │ ├── lmp-base-xwayland.conf
│ │ └── lmp-base.conf
├── recipes-containers
│ ├── docker-compose
│ │ ├── docker-compose_%.bbappend
│ │ └── docker-compose-switch_1.0.5.bb
│ ├── docker
│ │ ├── files
│ │ │ ├── daemon.json.in
│ │ │ ├── 0001-dockerd-daemon-use-default-system-config-when-none-i.patch
│ │ │ └── docker.service
│ │ ├── python3-docker-vxcan
│ │ │ └── docker-vxcan.service
│ │ └── python3-docker-vxcan_1.0.2.bb
│ ├── wayland-cdi
│ │ ├── files
│ │ │ ├── wayland-cdi.service
│ │ │ └── wayland-cdi-generate
│ │ └── wayland-cdi_0.1.bb
│ └── composeapp
│ │ └── composectl_git.bb
├── classes
│ ├── sota_lmp.bbclass
│ ├── lmp-disable-gplv3.bbclass
│ ├── fio-u-boot-localversion.bbclass
│ ├── kernel-lmp-efi.bbclass
│ └── lmp-staging.bbclass
├── recipes-kernel
│ ├── linux
│ │ ├── kmeta-linux-lmp-6.1.y.inc
│ │ ├── kmeta-linux-lmp-6.6.y.inc
│ │ ├── kmeta-linux-lmp-5.15.y.inc
│ │ ├── linux-yocto_%.bbappend
│ │ ├── linux-lmp_6.1.bb
│ │ ├── linux-lmp_6.6.bb
│ │ ├── linux-lmp-rt_6.6.bb
│ │ └── linux-lmp.inc
│ ├── wireguard
│ │ └── wireguard-module_%.bbappend
│ └── jool
│ │ └── jool_git.bb
├── recipes-connectivity
│ ├── docker-network-ref
│ │ ├── docker-network-ref
│ │ │ ├── create-docker-ref-network.sh.in
│ │ │ └── docker-network-ref.service
│ │ └── docker-network-ref_1.0.bb
│ ├── networkmanager
│ │ └── networkmanager_1.52.%.bbappend
│ └── bluez5
│ │ └── bluez5_5.85.bbappend
├── wic
│ ├── efidisk-sota.wks.in
│ ├── sdimage-split-boot-sota.wks.in
│ ├── image-efi-installer.wks.in
│ └── sdimage-mbr-efi-sota.wks
└── COPYING.MIT
├── .github
├── CODEOWNERS
└── workflows
│ └── backport.yaml
├── meta-lmp-bsp
├── recipes-security
│ └── optee
│ │ ├── optee-os-fio_4.4.0%.bbappend
│ │ ├── optee-client_4.4.0.bbappend
│ │ ├── optee-os-fio-bsp.inc
│ │ └── optee-os-tadevkit_4.4.0%.bbappend
├── recipes-bsp
│ ├── u-boot
│ │ ├── u-boot-base-scr.bbappend
│ │ ├── u-boot-fio_%.bbappend
│ │ ├── u-boot-fio
│ │ │ ├── rpi
│ │ │ │ ├── fw_env.config
│ │ │ │ ├── lmp-base.cfg
│ │ │ │ └── lmp.cfg
│ │ │ ├── qemuarm
│ │ │ │ ├── fw_env.config
│ │ │ │ └── lmp.cfg
│ │ │ ├── qemuarm64
│ │ │ │ ├── fw_env.config
│ │ │ │ ├── lmp.cfg
│ │ │ │ └── lmp-ebbr.cfg
│ │ │ └── beaglebone-yocto
│ │ │ │ ├── fw_env.config
│ │ │ │ └── lmp.cfg
│ │ ├── u-boot-ostree-scr-fit.bbappend
│ │ ├── u-boot-ostree-scr
│ │ │ └── rpi
│ │ │ │ └── uEnv.txt.in
│ │ └── u-boot-ostree-scr-fit
│ │ │ ├── beaglebone-yocto
│ │ │ └── boot.cmd
│ │ │ ├── rpi
│ │ │ └── boot.cmd
│ │ │ └── qemuarm
│ │ │ └── boot.cmd
│ ├── efitools
│ │ ├── efitools
│ │ │ ├── lockdown.conf
│ │ │ └── unlock.conf
│ │ └── efitools_git.bbappend
│ └── device-tree
│ │ ├── lmp-device-tree
│ │ ├── overlays_i2c1.dts
│ │ ├── overlays_spi0.dts
│ │ └── overlays_rpi-7inch-flip.dts
│ │ └── lmp-device-tree.bbappend
├── recipes-core
│ ├── base-files
│ │ ├── base-files_%.bbappend
│ │ └── base-files
│ │ │ ├── rpi
│ │ │ └── fstab
│ │ │ ├── qemuarm
│ │ │ └── fstab
│ │ │ ├── beaglebone-yocto
│ │ │ └── fstab
│ │ │ └── qemuarm64
│ │ │ └── fstab
│ └── images
│ │ ├── initramfs-ostree-lmp-recovery
│ │ ├── tee.sh
│ │ ├── qemuarm64
│ │ │ ├── udhcpc.sh
│ │ │ └── uboot_env.sh
│ │ └── start_adb.sh
│ │ └── initramfs-ostree-lmp-recovery.bbappend
├── README.md
├── recipes-kernel
│ └── linux
│ │ ├── linux-lmp-machine-custom.inc
│ │ └── linux-lmp-rpi_git.bb
├── conf
│ ├── machine
│ │ └── qemuarm64-secureboot-ebbr.conf
│ └── layer.conf
└── COPYING.MIT
├── README.md
└── COPYING.MIT
/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__
2 | *.pyc
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio/lmp.cfg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio/lmp-base.cfg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio/lmp-ebbr.cfg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/files/lmp-group-table-default:
--------------------------------------------------------------------------------
1 | fio:x:1000:
2 |
--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @angolini @quaresmajose @ricardosalveti
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/zram/zram/zram.conf:
--------------------------------------------------------------------------------
1 | ZRAM_SIZE_LIMIT="8G"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bluetooth-attach/bluetooth-attach/btattach.conf:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bluetooth-attach/bluetooth-attach/hciattach.conf:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/files/lmp-passwd-table-default:
--------------------------------------------------------------------------------
1 | fio:x:1000:1000::/home/fio:/bin/sh
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lmp-el2go-auto-register/lmp-el2go-auto-register/root.crt:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/files/ckteec.module:
--------------------------------------------------------------------------------
1 | module: /usr/lib/libckteec.so.0
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/sota 0700 root root -
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lmp-device-auto-register/lmp-device-auto-register/api-token:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lmp-el2go-auto-register/lmp-el2go-auto-register/default.env:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-crypto/cryptsetup/cryptsetup_2.8.1.bbappend:
--------------------------------------------------------------------------------
1 | DEFAULT_PREFERENCE = "-1"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/shadow/shadow/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/spool/mail 0775 root mail -
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/htpdate/htpdate/default.conf:
--------------------------------------------------------------------------------
1 | HTPDATE_ARGS="-st www.example.com"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/openct/openct_%.bbappend:
--------------------------------------------------------------------------------
1 | SYSTEMD_AUTO_ENABLE:lmp = "disable"
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-security/optee/optee-os-fio_4.4.0%.bbappend:
--------------------------------------------------------------------------------
1 | require optee-os-fio-bsp.inc
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/collectd/collectd/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/lib/collectd 0755 root root -
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/pam/libpam/pam-volatiles.conf:
--------------------------------------------------------------------------------
1 | d /run/sepermit 0755 root root - -
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/pam/libpam_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-multimedia/alsa/alsa-utils/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/lib/alsa 0755 root root -
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/dropbear/dropbear_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bt-6lowpan-setup/bt-6lowpan-setup/modules-6lowpan.conf:
--------------------------------------------------------------------------------
1 | bluetooth_6lowpan
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-base-scr.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-graphics/wayland/weston-init/lmp-wayland/weston.env:
--------------------------------------------------------------------------------
1 | OPTARGS=--continue-without-input
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-pkcs11-label/pkcs11-label.toml:
--------------------------------------------------------------------------------
1 | [p11]
2 | label = "aktualizr"
3 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/rpi/fw_env.config:
--------------------------------------------------------------------------------
1 | /mnt/boot/uboot.env 0x0000 0x4000
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-ostree-scr-fit.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/base-files/base-files_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/rpcbind/rpcbind_%.bbappend:
--------------------------------------------------------------------------------
1 | EXTRA_OECONF += "--with-nss-modules='files altfiles'"
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-graphics/wayland/weston-init/lmp-wayland/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /home/weston 0755 weston weston -
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/efitools/efitools/lockdown.conf:
--------------------------------------------------------------------------------
1 | title UEFI Secure Boot Provisioning
2 | efi /LockDown.efi
3 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/efitools/efitools/unlock.conf:
--------------------------------------------------------------------------------
1 | title UEFI Secure Boot PK Clear
2 | efi /UnLock-signed.efi
3 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/qemuarm/fw_env.config:
--------------------------------------------------------------------------------
1 | /mnt/boot/uboot.env 0x0000 0x40000
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/qemuarm64/fw_env.config:
--------------------------------------------------------------------------------
1 | /mnt/boot/uboot.env 0x0000 0x40000
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/rpi/lmp-base.cfg:
--------------------------------------------------------------------------------
1 | # CONFIG_OF_EMBED is not set
2 | CONFIG_OF_BOARD=y
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/tpm-layer/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_%.bbappend:
--------------------------------------------------------------------------------
1 | RDEPENDS:${PN} += "libtss2-tcti-device"
2 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/beaglebone-yocto/fw_env.config:
--------------------------------------------------------------------------------
1 | /mnt/boot/uboot.env 0x0000 0x20000
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/tpm-layer/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/tpm2_pkcs11 0750 root root -
2 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-fioefi-env-rollback/sota-fioefi-env.toml:
--------------------------------------------------------------------------------
1 | [bootloader]
2 | rollback_mode = "fioefi"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-fiovb-env-rollback/sota-fiovb-env.toml:
--------------------------------------------------------------------------------
1 | [bootloader]
2 | rollback_mode = "fiovb"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/systemd-watchdog-config/systemd-watchdog-config/watchdog.conf:
--------------------------------------------------------------------------------
1 | [Manager]
2 | RuntimeWatchdogSec=60
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/python/python3-jsonschema_%.bbappend:
--------------------------------------------------------------------------------
1 | # prefer non gpl runtime dependencies
2 | PACKAGECONFIG = "nongpl"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/sudo/sudo/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/lib/sudo 0755 root root -
2 | d /var/lib/sudo/lectured 0700 root root -
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-nat64.inc:
--------------------------------------------------------------------------------
1 | # NAT64 packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | jool \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-wifi.inc:
--------------------------------------------------------------------------------
1 | # Wifi packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | hostapd \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/systemd-journald-config/systemd-journald-config/forward-console.conf:
--------------------------------------------------------------------------------
1 | [Journal]
2 | ForwardToConsole=yes
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools_git.bbappend:
--------------------------------------------------------------------------------
1 | INSANE_SKIP:${PN}-dbg += "buildpaths"
2 | INSANE_SKIP:${PN}-doc += "buildpaths"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-callback/90-handle-callback.toml:
--------------------------------------------------------------------------------
1 | [pacman]
2 | callback_program = /usr/bin/callback-handler
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/curl/curl_%.bbappend:
--------------------------------------------------------------------------------
1 | EXTRA_OECONF:append:sota = " \
2 | --with-ca-path=${sysconfdir}/ssl/certs \
3 | "
4 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/README.md:
--------------------------------------------------------------------------------
1 | Meta-LMP-BSP
2 | ================================
3 |
4 | Linux microPlatform OpenEmbedded/Yocto Project BSP layer.
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/README.md:
--------------------------------------------------------------------------------
1 | Meta-LMP-Base
2 | ================================
3 |
4 | Linux microPlatform OpenEmbedded/Yocto Project base layer.
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/softhsm/softhsm/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/lib/softhsm 0755 root root -
2 | d /var/lib/softhsm/tokens 1770 root root -
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/meta-arm/recipes-security/optee/optee-os_%.bbappend:
--------------------------------------------------------------------------------
1 | # Default OP-TEE OS from meta-arm
2 | PROVIDES = "virtual/optee-os"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-sbin-path-helper.inc:
--------------------------------------------------------------------------------
1 | # packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | sbin-path-helper \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/base-files/base-files/tmpfiles.conf:
--------------------------------------------------------------------------------
1 | d /var/backups 0755 - - -
2 | d /var/lib/misc 0755 - - -
3 | d /var/local 0755 - - -
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-efi.inc:
--------------------------------------------------------------------------------
1 | CORE_IMAGE_BASE_INSTALL += " \
2 | efivar \
3 | efibootmgr \
4 | efitools \
5 | "
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-examples_4.4.0.bb:
--------------------------------------------------------------------------------
1 | require optee-examples-fio.inc
2 |
3 | SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035"
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/docker-cli-config/docker-cli-config/config.json.in:
--------------------------------------------------------------------------------
1 | {
2 | "credHelpers": {
3 | "@@HUB_URL@@": "fio-helper"
4 | }
5 | }
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/psplash/files/lmp-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/foundriesio/meta-lmp/HEAD/meta-lmp-base/recipes-core/psplash/files/lmp-logo.png
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-ima.inc:
--------------------------------------------------------------------------------
1 | # IMA packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | ima-evm-utils \
4 | ima-inspect \
5 | "
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lshw/lshw_%.bbappend:
--------------------------------------------------------------------------------
1 | do_install:append() {
2 | # data files provided by dependencies
3 | rm -rf ${D}/usr/share/lshw
4 | }
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bbappend:
--------------------------------------------------------------------------------
1 | # Set default value to avoid parsing error
2 | IMA_EVM_X509 ?= ""
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/psplash/psplash_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
2 | SPLASH_IMAGES = "file://lmp-logo.png;outsuffix=default"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-ota-utils.inc:
--------------------------------------------------------------------------------
1 | # OTA utils
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | aktualizr-get \
4 | aktualizr-hwid \
5 | "
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-sysctl-hang-crash-helper.inc:
--------------------------------------------------------------------------------
1 | # packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | sysctl-hang-crash-helper \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio/lmp-ebbr-common.cfg:
--------------------------------------------------------------------------------
1 | # CONFIG_FIT_SIGNATURE is not set
2 | # CONFIG_SPL_FIT_SIGNATURE is not set
3 | # CONFIG_VIDEO is not set
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/packagegroups/packagegroup-base.bbappend:
--------------------------------------------------------------------------------
1 | # Add aplay/arecord by default.
2 | RDEPENDS:packagegroup-base-alsa += "\
3 | alsa-utils-aplay \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-softhsm.inc:
--------------------------------------------------------------------------------
1 | # SoftHSM / PKCS-11 related packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | opensc \
4 | softhsm \
5 | "
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-sysctl-net-queue-pfifo-fast.inc:
--------------------------------------------------------------------------------
1 | # packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | sysctl-net-queue-pfifo-fast \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-tpm2.inc:
--------------------------------------------------------------------------------
1 | # TPM2 package group from meta-tpm
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | packagegroup-security-tpm2 \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-os-fio_4.4.0.bb:
--------------------------------------------------------------------------------
1 | require optee-os-fio.inc
2 |
3 | SRCREV = "88da15801ac113be49ec6ad2e28f4019846402d7"
4 | SRCBRANCH = "4.4.0+fio"
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/opensc/opensc_%.bbappend:
--------------------------------------------------------------------------------
1 | # There is no runtime dependency on readline if not built with support for it
2 | RDEPENDS:${PN}:remove = "readline"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-bluetooth.inc:
--------------------------------------------------------------------------------
1 | # Bluetooth packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | bluetooth-attach \
4 | bluez5-noinst-tools \
5 | "
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-wireguard.inc:
--------------------------------------------------------------------------------
1 | # WireGuard packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | wireguard-tools \
4 | kernel-module-wireguard \
5 | "
6 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-security/optee/optee-client_4.4.0.bbappend:
--------------------------------------------------------------------------------
1 | # Enable RPMB emulation on qemuarm64 to easy testing
2 | EXTRA_OECMAKE:append:qemuarm64 = " \
3 | -DRPMB_EMU=ON \
4 | "
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/base-passwd/base-passwd_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += "file://0001-Add-missing-groups-from-systemd-basic.conf.patch"
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/python/python3-pycparser_%.bbappend:
--------------------------------------------------------------------------------
1 | # cpp/cpp-symlinks are not strictly required (more of a suggestion)
2 | RDEPENDS:${PN}:class-target:remove = "cpp cpp-symlinks"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/configs/sudoers:
--------------------------------------------------------------------------------
1 | # Disable lecture by default
2 | Defaults lecture = never
3 |
4 | # members of group sudo can execute any command
5 | %sudo ALL=(ALL) ALL
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bt-6lowpan-setup/bt-6lowpan-setup/bt-6lowpan.network.in:
--------------------------------------------------------------------------------
1 | [Match]
2 | Name=@@BT_6LOWPAN_INTERFACE@@
3 |
4 | [Network]
5 | Address=@@BT_6LOWPAN_NETWORK@@
6 | DHCP=no
7 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-kernel/linux/linux-lmp-machine-custom.inc:
--------------------------------------------------------------------------------
1 | # Machine specific configuration
2 |
3 | # QEMU
4 | KERNEL_FEATURES:remove:qemuall = "features/kernel-sample/kernel-sample.scc"
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/packagegroups/packagegroup-security-tpm2.bbappend:
--------------------------------------------------------------------------------
1 | # Trousers is relevant with TPM 1.2 (not supported by LmP)
2 | RDEPENDS:packagegroup-security-tpm2:remove = "trousers"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-crypto/cryptsetup/cryptsetup_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += "file://0001-reencrypt-online-reencryption-with-TPM-PKCS11-tokens.patch"
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-jobserv.inc:
--------------------------------------------------------------------------------
1 | # Packages required for jobserv compatibility
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | python3-json \
4 | python3-multiprocessing \
5 | "
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/sbin-path-helper/sbin-path-helper/path-sbin.sh:
--------------------------------------------------------------------------------
1 | # Add all sbin dirs to $PATH (useful for development)
2 | [ "$USER" == "root" ] || PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio/lmp-common-nosec.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_BOOTDELAY=0
2 | CONFIG_DISTRO_DEFAULTS=y
3 | # CONFIG_FIT_SIGNATURE_STRICT is not set
4 | # CONFIG_SPL_FIT_SIGNATURE_STRICT is not set
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/python/python3-pyroute2_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:"
2 |
3 | # Required by docker-vxcan
4 | SRC_URI:append = " file://0001-fix-vxcan-peer.patch"
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-graphics/wayland/weston-init/lmp-wayland/background.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/foundriesio/meta-lmp/HEAD/meta-lmp-base/recipes-graphics/wayland/weston-init/lmp-wayland/background.jpg
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/gmp/gmp_6.3.0.bbappend:
--------------------------------------------------------------------------------
1 | # Upstream is dual licensed on GPLv2 | LGPLv3, so force GPLv2 in order
2 | # to allow safe checks via image-license-checker
3 | LICENSE = "GPL-2.0-or-later"
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/ovmf/ovmf_git.bbappend:
--------------------------------------------------------------------------------
1 | PACKAGECONFIG += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'tpm2', '', d)} secureboot"
2 | PACKAGECONFIG[tpm2] = "-D TPM2_ENABLE=TRUE,-D TPM2_ENABLE=FALSE,,"
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-graphics/wayland/weston-init/lmp-wayland/utilities-terminal.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/foundriesio/meta-lmp/HEAD/meta-lmp-base/recipes-graphics/wayland/weston-init/lmp-wayland/utilities-terminal.png
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-security/optee/optee-os-fio-bsp.inc:
--------------------------------------------------------------------------------
1 | OPTEEMACHINE:qemuarm64 = "vexpress-qemu_armv8a"
2 |
3 | # Machine Settings
4 | EXTRA_OEMAKE:append:qemuarm64 = " \
5 | CFG_RPMB_FS=y CFG_RPMB_WRITE_KEY=y \
6 | "
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio/lmp-base-common.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_BOOTDELAY=2
2 | CONFIG_DISTRO_DEFAULTS=y
3 | # CONFIG_FIT_SIGNATURE_STRICT is not set
4 | # CONFIG_SPL_FIT_SIGNATURE is not set
5 | # CONFIG_VIDEO is not set
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/busybox/busybox/removed.cfg:
--------------------------------------------------------------------------------
1 | # CONFIG_LOGIN is not set
2 | # CONFIG_PASSWD is not set
3 | # CONFIG_SU is not set
4 | # CONFIG_SULOGIN is not set
5 | # CONFIG_LOGREAD is not set
6 | # CONFIG_SYSLOGD is not set
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/nss/nss_3.%.bbappend:
--------------------------------------------------------------------------------
1 | # Neoverse-N1 is ARMv8.2-a based but libatomic explicitly asks for
2 | # -march=armv8.1-a which causes -march conflicts in gcc
3 | TUNE_CCARGS:remove = "-mcpu=neoverse-n1+crc+crypto"
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/sysctl-hang-crash-helper/sysctl-hang-crash-helper/sysctl-panic.conf:
--------------------------------------------------------------------------------
1 | # panic and reboot in case of hung tasks and crashes
2 | kernel.hung_task_panic = 1
3 | kernel.panic = 1
4 | kernel.panic_on_oops = 1
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/python/python3-docker_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:"
2 |
3 | # Add in LMP credential helper
4 | SRC_URI:append = " file://0001-config-Include-usr-lib-docker-in-search-path.patch"
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/fioconfig/fioconfig/fioconfig.path:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Foundries.io configuration management path monitor
3 |
4 | [Path]
5 | PathExists=/var/sota/sota.toml
6 |
7 | [Install]
8 | WantedBy=multi-user.target
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/pciutils/pciutils_%.bbappend:
--------------------------------------------------------------------------------
1 | inherit update-alternatives
2 |
3 | # Avoid conflict with busybox
4 | ALTERNATIVE:${PN} = "lspci"
5 | ALTERNATIVE_PRIORITY = "100"
6 | ALTERNATIVE_LINK_NAME[lspci] = "${base_bindir}/lspci"
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-factory.inc:
--------------------------------------------------------------------------------
1 | # FoundriesFactory related packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | docker-cli-config \
4 | fioconfig \
5 | fio-docker-fsck \
6 | lmp-device-register \
7 | "
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/docker-auto-prune/docker-auto-prune/docker-auto-prune.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Automatic Docker Prune
3 | After=docker.service
4 |
5 | [Service]
6 | Type=oneshot
7 | ExecStart=/usr/bin/docker system prune --force
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/conf/distro/lmp-wayland.conf:
--------------------------------------------------------------------------------
1 | require conf/distro/lmp.conf
2 |
3 | DISTRO = "lmp-wayland"
4 | DISTROOVERRIDES = "lmp:lmp-wayland"
5 | DISTRO_NAME = "Linux-microPlatform Wayland"
6 |
7 | DISTRO_FEATURES:append = " wayland opengl vulkan"
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/docker-compose/docker-compose_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += "file://cli-config-support-default-system-config.patch;patchdir=src/import/vendor.fetch/github.com/docker/cli"
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/readline/readline_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += "file://inputrc.lmp"
4 |
5 | do_install:append () {
6 | install -m 0644 ${UNPACKDIR}/inputrc.lmp ${D}${sysconfdir}/inputrc
7 | }
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-se05x.inc:
--------------------------------------------------------------------------------
1 | # SE05X packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | fio-se05x-cli \
4 | plug-and-trust-seteec \
5 | plug-and-trust-seteec-agent \
6 | python3-plug-and-trust-ssscli \
7 | "
8 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-security/optee/optee-os-tadevkit_4.4.0%.bbappend:
--------------------------------------------------------------------------------
1 | # Do not assume one by default as we also support different providers
2 | require ${@bb.utils.contains('PREFERRED_PROVIDER_virtual/optee-os', 'optee-os-fio', 'optee-os-fio-bsp.inc', '', d)}
3 |
--------------------------------------------------------------------------------
/meta-lmp-base/classes/sota_lmp.bbclass:
--------------------------------------------------------------------------------
1 | # Class required by meta-updater, empty as meta-lmp defines all BSP options
2 | ## See meta-lmp-bsp/conf/machine/include/lmp-machine-custom.inc (included by
3 | ## lmp.bbclass) for the machine related options defined by LMP.
4 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio_2024.04.bb:
--------------------------------------------------------------------------------
1 | require u-boot-fio-common.inc
2 |
3 | SRCREV = "30cd2b39fb4989dc0e4c69bc5c73b1f169951bf1"
4 | SRCBRANCH = "2024.04+fio"
5 | LIC_FILES_CHKSUM = "file://Licenses/README;md5=2ca5f2c35c8cc335f0a19756634782f1"
6 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/images/initramfs-ostree-lmp-recovery/tee.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | tee_enabled() {
6 | return 0
7 | }
8 |
9 | tee_run() {
10 | /usr/sbin/tee-supplicant &
11 | }
12 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/images/initramfs-ostree-lmp-recovery/qemuarm64/udhcpc.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | udhcpc_enabled() {
6 | return 0
7 | }
8 |
9 | udhcpc_run() {
10 | udhcpc -i enp0s1
11 | }
12 |
--------------------------------------------------------------------------------
/meta-lmp-base/conf/distro/lmp-xwayland.conf:
--------------------------------------------------------------------------------
1 | require conf/distro/lmp.conf
2 |
3 | DISTRO = "lmp-xwayland"
4 | DISTROOVERRIDES = "lmp:lmp-wayland:lmp-xwayland"
5 | DISTRO_NAME = "Linux-microPlatform XWayland"
6 |
7 | DISTRO_FEATURES:append = " x11 wayland opengl vulkan"
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/rrdtool/rrdtool_%.bbappend:
--------------------------------------------------------------------------------
1 | # Disable rrd_graph as it requires cairo and pango
2 | PACKAGECONFIG:remove = "graph"
3 |
4 | # Fix perl install rdepends and path
5 | RDEPENDS:${PN}:remove = "perl"
6 | FILES:${PN}-perl = "${libdir}/perl5/vendor_perl"
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-optee.inc:
--------------------------------------------------------------------------------
1 | # OP-TEE/SKS packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | optee-client \
4 | ${@bb.utils.contains('PREFERRED_PROVIDER_virtual/optee-os', 'optee-os-fio', 'optee-os-fio-ta', '', d)} \
5 | optee-test \
6 | "
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools-native_git.bb:
--------------------------------------------------------------------------------
1 | require efitools.inc
2 |
3 | DEPENDS += "gnu-efi-native"
4 |
5 | inherit native
6 |
7 | EXTRA_OEMAKE += " \
8 | INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \
9 | CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \
10 | "
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/kmeta-linux-lmp-6.1.y.inc:
--------------------------------------------------------------------------------
1 | KERNEL_META_REPO ?= "git://github.com/foundriesio/lmp-kernel-cache.git"
2 | KERNEL_META_REPO_PROTOCOL ?= "https"
3 | KERNEL_META_BRANCH ?= "linux-v6.1.y"
4 | KERNEL_META_COMMIT ?= "fbe5b02b658a3098fb3816be5589136e25d8e8f9"
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/kmeta-linux-lmp-6.6.y.inc:
--------------------------------------------------------------------------------
1 | KERNEL_META_REPO ?= "git://github.com/foundriesio/lmp-kernel-cache.git"
2 | KERNEL_META_REPO_PROTOCOL ?= "https"
3 | KERNEL_META_BRANCH ?= "linux-v6.6.y"
4 | KERNEL_META_COMMIT ?= "6d8bf98d3e25e89523d17ea8c84446d663fcdd2c"
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/compose-apps-early-start/compose-apps-early-start/compose-apps-early-start-recovery.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Recovery for compose-apps-early-start.service
3 |
4 | [Service]
5 | Type=oneshot
6 | ExecStart=/usr/bin/compose-apps-early-start-recovery
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/docker-auto-prune/docker-auto-prune/docker-auto-prune.timer.in:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Automatic Docker Prune Timer
3 |
4 | [Timer]
5 | OnCalendar=@@DOCKER_PRUNE_ONCALENDAR@@
6 | Persistent=false
7 |
8 | [Install]
9 | WantedBy=timers.target
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/kmeta-linux-lmp-5.15.y.inc:
--------------------------------------------------------------------------------
1 | KERNEL_META_REPO ?= "git://github.com/foundriesio/lmp-kernel-cache.git"
2 | KERNEL_META_REPO_PROTOCOL ?= "https"
3 | KERNEL_META_BRANCH ?= "linux-v5.15.y"
4 | KERNEL_META_COMMIT ?= "613da241353acf42c6c7b3a653e1ff9eef824151"
5 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-bt-6lowpan.inc:
--------------------------------------------------------------------------------
1 | # NOTE: should use lmp-feature-bluetooth.inc
2 |
3 | # user can customize this option in machine conf
4 | # BT_6LOWPAN_NETWORK ?= "fe80:0:0:0:d4e7::1/80"
5 |
6 | CORE_IMAGE_BASE_INSTALL += " \
7 | bt-6lowpan-setup \
8 | "
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-service-ostree-pending-reboot.inc:
--------------------------------------------------------------------------------
1 | # user can customize this to change how often reboot is checked (in minutes)
2 | # OSTREE_PENDING_REBOOT_CHECK_MINUTES ?= "5"
3 |
4 | # packages
5 | CORE_IMAGE_BASE_INSTALL += " \
6 | ostree-pending-reboot \
7 | "
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/ostree-pending-reboot/ostree-pending-reboot/ostree-pending-reboot.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Aktualizr OSTree Update Automatic Reboot
3 | ConditionPathExists=/var/run/aktualizr-session/need_reboot
4 |
5 | [Service]
6 | Type=simple
7 | ExecStart=/usr/sbin/reboot
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/ostree-pending-reboot/ostree-pending-reboot/ostree-pending-reboot.timer.in:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Automatic OSTree Update Reboot Scheduling
3 |
4 | [Timer]
5 | OnCalendar=*:0/@@OSTREE_PENDING_REBOOT_CHECK_MINUTES@@
6 |
7 | [Install]
8 | WantedBy=multi-user.target
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-base-scr/boot.cmd:
--------------------------------------------------------------------------------
1 | if test ${distro_bootpart} != 1
2 | then
3 | echo "Boot partition needs to be the first partition"
4 | exit
5 | fi
6 |
7 | fatload ${devtype} ${devnum}:1 $loadaddr /uEnv.txt
8 | env import -t $loadaddr $filesize
9 | run bootcmd
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-ostree-scr-fit/boot-footer.cmd.in:
--------------------------------------------------------------------------------
1 | run bootcmd_rollback
2 | run bootcmd_bootargs_add_root
3 | run bootcmd_load_f
4 | run bootcmd_tee_ovy
5 | if test -n "${bootcmd_load_fw}"; then
6 | run bootcmd_load_fw
7 | fi
8 |
9 | run bootcmd_run
10 |
11 | reset
12 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/zram/zram_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI:append = " file://zram.conf"
4 |
5 | do_install:append() {
6 | install -d ${D}${sysconfdir}/default
7 | install -m 0644 ${UNPACKDIR}/zram.conf ${D}${sysconfdir}/default/zram
8 | }
9 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/images/initramfs-ostree-lmp-recovery/qemuarm64/uboot_env.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | uboot_env_enabled() {
6 | return 0
7 | }
8 |
9 | uboot_env_run() {
10 | mkdir -p /mnt/boot
11 | mount /mnt/boot
12 | }
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/conf/distro/lmp-base-wayland.conf:
--------------------------------------------------------------------------------
1 | require conf/distro/lmp-base.conf
2 |
3 | DISTRO = "lmp-base-wayland"
4 | DISTROOVERRIDES = "lmp:lmp-base:lmp-wayland:lmp-base-wayland"
5 | DISTRO_NAME = "Linux-microPlatform Base (no ostree) Wayland"
6 |
7 | DISTRO_FEATURES:append = " wayland opengl vulkan"
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-ostree-scr/boot.cmd:
--------------------------------------------------------------------------------
1 | if test ${distro_bootpart} != 1
2 | then
3 | echo "Boot partition needs to be the first partition"
4 | exit
5 | fi
6 |
7 | fatload ${devtype} ${devnum}:1 $loadaddr /uEnv.txt
8 | env import -t $loadaddr $filesize
9 | run bootcmd
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/images/core-image-minimal-initramfs.bbappend:
--------------------------------------------------------------------------------
1 | # Only initramfs-module-install-efi is supported
2 | INITRAMFS_SCRIPTS:remove = "initramfs-module-install"
3 |
4 | SSTATE_SKIP_CREATION:task-image-qa = "0"
5 | SSTATE_SKIP_CREATION:task-image-complete = "0"
6 |
7 | inherit nopackages
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/dnsmasq/dnsmasq_2.91.bbappend:
--------------------------------------------------------------------------------
1 | # Upstream is dual licensed on GPLv2 | GPLv3, so force GPLv2 in order
2 | # to allow safe checks via image-license-checker
3 | LICENSE = "GPL-2.0-only"
4 |
5 | # Disabled by default to avoid conflicts with NM/systemd
6 | SYSTEMD_AUTO_ENABLE = "disable"
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/dbus/dbus_%.bbappend:
--------------------------------------------------------------------------------
1 | # Avoid warnings with systemd
2 | EXTRA_OECONF += "--runstatedir=/run"
3 |
4 | do_install:append () {
5 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
6 | (cd ${D}${localstatedir}; rmdir -v --parents lib/dbus)
7 | fi
8 | }
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/images/initramfs-ostree-lmp-recovery/udhcpc.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | udhcpc_enabled() {
6 | # Disabled by default, to be replaced based on the target hardware
7 | return 1
8 | }
9 |
10 | udhcpc_run() {
11 | udhcpc
12 | }
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-client_4.4.0.bb:
--------------------------------------------------------------------------------
1 | require optee-client-fio.inc
2 |
3 | SRCREV = "d221676a58b305bddbf97db00395205b3038de8e"
4 |
5 | SRC_URI += " \
6 | file://0001-FIO-extras-pkcs11-change-UUID-to-avoid-conflict-with.patch \
7 | "
8 |
9 | EXTRA_OECMAKE += "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-base-scr/uEnv.txt.in:
--------------------------------------------------------------------------------
1 | bootcmd_dtb=load ${devtype} ${devnum}:1 ${fdt_addr_r} ${fdtfile}
2 | bootcmd_load_k=load ${devtype} ${devnum}:1 ${kernel_addr_r} ${kernel_image}
3 | bootcmd_run=@@KERNEL_BOOTCMD@@ ${kernel_addr_r} - ${fdt_addr_r}
4 | bootcmd=run bootcmd_dtb; run bootcmd_load_k; run bootcmd_run
5 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/efitools/efitools_git.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | PACKAGE_ARCH = "${MACHINE_ARCH}"
4 |
5 | UEFI_SECURE_BOOT_PROVISIONING = ""
6 | UEFI_SECURE_BOOT_PROVISIONING:intel-x86-common = "efitools-UEFI-secure-boot-provisioning.inc"
7 |
8 | require ${UEFI_SECURE_BOOT_PROVISIONING}
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/conf/distro/include/cve-lmp-extra-exclusions.inc:
--------------------------------------------------------------------------------
1 | # This file contains a list of CVE's where resolution has proven to be impractical
2 | # or there is no reasonable action the Yocto Project can take to resolve the issue.
3 | #
4 | # Issues that are also not relevant to LmP (code not used by LmP) can also be
5 | # included here.
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/conf/distro/lmp-base-xwayland.conf:
--------------------------------------------------------------------------------
1 | require conf/distro/lmp-base.conf
2 |
3 | DISTRO = "lmp-base-xwayland"
4 | DISTROOVERRIDES = "lmp:lmp-base:lmp-wayland:lmp-xwayland:lmp-base-wayland:lmp-base-xwayland"
5 | DISTRO_NAME = "Linux-microPlatform Base (no ostree) XWayland"
6 |
7 | DISTRO_FEATURES:append = " x11 wayland opengl vulkan"
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-service-auto-hostname.inc:
--------------------------------------------------------------------------------
1 | # user can customize these options in machine conf
2 | # LMP_HOSTNAME_MACHINE ?= "${MACHINE}"
3 | # LMP_HOSTNAME_MODE ?= "serial"
4 | # LMP_HOSTNAME_NETDEVICE ?= ""
5 |
6 | # Auto hostname service package
7 | CORE_IMAGE_BASE_INSTALL += " \
8 | lmp-auto-hostname \
9 | "
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend:
--------------------------------------------------------------------------------
1 | do_install:append:qemuarm64-secureboot-ebbr() {
2 | install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/QEMU*.fd ${D}/firmware/
3 | # QEMU requires that the images be minimum of 64M in size
4 | truncate -s 64M ${D}/firmware/QEMU*.fd
5 | }
6 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-connectivity/docker-network-ref/docker-network-ref/create-docker-ref-network.sh.in:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # Run this script as root to prepare docker-network-ref bridge network for docker
4 | #
5 |
6 | if [ -z "`docker network list -q -f name=@@DOCKER_NETWORK_NAME@@`" ]; then
7 | docker network create @@DOCKER_NETWORK_NAME@@
8 | fi
9 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/device-tree/lmp-device-tree/overlays_i2c1.dts:
--------------------------------------------------------------------------------
1 | /dts-v1/;
2 | /plugin/;
3 |
4 | / {
5 | compatible = "brcm,bcm2835", "brcm,bcm2708", "brcm,bcm2709";
6 |
7 | fragment@0 {
8 | target = <&i2c1>;
9 | __overlay__ {
10 | #address-cells = <1>;
11 | #size-cells = <0>;
12 | status = "okay";
13 | };
14 | };
15 | };
16 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-debug.inc:
--------------------------------------------------------------------------------
1 | # Debug packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | htop \
4 | strace \
5 | tcpdump \
6 | vim-tiny \
7 | screen \
8 | tmux \
9 | minicom \
10 | devmem2 \
11 | curl \
12 | dtc \
13 | i2c-tools \
14 | alsa-utils \
15 | alsa-tools \
16 | "
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/fio-docker-fsck/fio-docker-fsck/fio-docker-fsck.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Check and fix an image&layer store of the docker daemon
3 | Before=docker.service
4 |
5 | [Service]
6 | Type=oneshot
7 | RemainAfterExit=true
8 | ExecStart=/usr/bin/fio-docker-fsck -fix-store
9 |
10 | [Install]
11 | WantedBy=multi-user.target
12 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/device-tree/lmp-device-tree.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI:append:rpi = " \
4 | file://overlays_rpi-7inch.dts \
5 | file://overlays_rpi-7inch-flip.dts \
6 | file://overlays_i2c1.dts \
7 | file://overlays_spi0.dts \
8 | "
9 | COMPATIBLE_MACHINE:rpi = ".*"
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/docker/files/daemon.json.in:
--------------------------------------------------------------------------------
1 | {
2 | "log-driver": "journald",
3 | "log-opts": {
4 | "tag": "{{.Name}}"
5 | },
6 | "features": {
7 | "cdi": true
8 | },
9 | @@DOCKER_DAEMON_JSON_CUSTOM@@
10 | "max-concurrent-downloads": @@MAX_CONCURRENT_DOWNLOADS@@,
11 | "max-download-attempts": @@MAX_DOWNLOAD_ATTEMPTS@@
12 | }
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/wayland-cdi/files/wayland-cdi.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=CDI device entry generator for Wayland
3 | After=weston.service
4 | Before=docker.service
5 |
6 | [Service]
7 | Type=oneshot
8 | ExecStart=/usr/bin/wayland-cdi-generate
9 | RemainAfterExit=yes
10 |
11 | [Install]
12 | WantedBy=weston.service
13 | RequiredBy=docker.service
14 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-ostree-scr-fit/boot.cmd:
--------------------------------------------------------------------------------
1 | # Default boot type and device
2 | setenv devtype mmc
3 | setenv devnum ${mmcdev}
4 |
5 | load ${devtype} ${devnum}:2 ${loadaddr} /boot/loader/uEnv.txt
6 | env import -t ${loadaddr} ${filesize}
7 |
8 | load ${devtype} ${devnum}:2 ${loadaddr} "/boot"${kernel_image}
9 |
10 | bootm ${loadaddr}#conf-${fdtfile}
11 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/rpi/lmp.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_BOOTCOUNT_LIMIT=y
2 | CONFIG_BOOTCOUNT_ENV=y
3 | CONFIG_BOOTCOUNT_BOOTLIMIT=3
4 | # CONFIG_OF_EMBED is not set
5 | CONFIG_OF_BOARD=y
6 | # CONFIG_USE_PREBOOT is not set
7 | CONFIG_BOOTCOMMAND="fatload mmc 0:1 ${loadaddr} /boot.itb; setenv verify 1; source ${loadaddr}; env default -a; saveenv; reset"
8 | CONFIG_VIDEO=y
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-wayland.inc:
--------------------------------------------------------------------------------
1 | # Wayland packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | psplash \
4 | weston \
5 | weston-init \
6 | wayland \
7 | ${@bb.utils.contains("DISTRO_FEATURES", "x11 wayland", "weston-xwayland", "", d)} \
8 | "
9 | IMAGE_FEATURES += '${@bb.utils.contains('DISTRO_FEATURES', 'wayland', ' weston', '', d)}'
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/ptest-runner/ptest-runner_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI:append:lmp = " \
4 | file://ptest-lmp-runner.sh \
5 | "
6 |
7 | do_install:append:lmp() {
8 | install -D -m 0755 ${UNPACKDIR}/ptest-lmp-runner.sh ${D}${bindir}/ptest-lmp-runner
9 | }
10 |
11 | FILES:${PN}:append:lmp = " ${bindir}/ptest-lmp-runner"
12 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/device-tree/lmp-device-tree/overlays_spi0.dts:
--------------------------------------------------------------------------------
1 | /* SPI0 support via spidev */
2 | /dts-v1/;
3 | /plugin/;
4 |
5 | / {
6 | compatible = "brcm,bcm2835", "brcm,bcm2708", "brcm,bcm2709";
7 |
8 | fragment@0 {
9 | target = <&spi0>;
10 | __overlay__ {
11 | #address-cells = <1>;
12 | #size-cells = <0>;
13 | status = "okay";
14 | };
15 | };
16 | };
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend:
--------------------------------------------------------------------------------
1 | # Depend on virtual/optee-os based on machine-features
2 | DEPENDS:remove = "optee-os"
3 | DEPENDS += " ${@bb.utils.contains("MACHINE_FEATURES", "optee", "virtual/optee-os", "", d)}"
4 |
5 | # Qemu (EBBR)
6 | TFA_UBOOT:qemuarm64-secureboot-ebbr = "0"
7 | TFA_UEFI:qemuarm64-secureboot-ebbr = "1"
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-docker.inc:
--------------------------------------------------------------------------------
1 | # Docker packages
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | docker \
4 | docker-credential-helper-fio \
5 | docker-compose \
6 | ${@bb.utils.contains("DISTRO_FEATURES", "wayland", "wayland-cdi", "", d)} \
7 | "
8 |
9 | EXTRA_USERS_PARAMS += "\
10 | groupadd docker; \
11 | usermod -a -G docker ${LMP_USER}; \
12 | "
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-client_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
2 |
3 | SRC_URI += "file://ckteec.module"
4 |
5 | do_install:append() {
6 | install -d ${D}${datadir}/p11-kit/modules
7 | install -m 0644 ${UNPACKDIR}/ckteec.module ${D}${datadir}/p11-kit/modules/ckteec.module
8 | }
9 |
10 | FILES:${PN} += "${datadir}/p11-kit/modules"
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/images/initramfs-ostree-lmp-recovery/uboot_env.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | uboot_env_enabled() {
6 | # Disabled by default, to be replaced based on the target hardware
7 | return 1
8 | }
9 |
10 | uboot_env_run() {
11 | # Define a valid fw_env for u-boot env manipulation from userspace
12 | :
13 | }
14 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/busybox/busybox/less.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_LESS=y
2 | CONFIG_FEATURE_LESS_BRACKETS=y
3 | CONFIG_FEATURE_LESS_FLAGS=y
4 | CONFIG_FEATURE_LESS_TRUNCATE=y
5 | CONFIG_FEATURE_LESS_MARKS=y
6 | CONFIG_FEATURE_LESS_REGEXP=y
7 | CONFIG_FEATURE_LESS_WINCH=y
8 | CONFIG_FEATURE_LESS_DASHCMD=y
9 | CONFIG_FEATURE_LESS_LINENUMS=y
10 | CONFIG_FEATURE_LESS_RAW=y
11 | CONFIG_FEATURE_LESS_ENV=y
12 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/haveged/haveged_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI:append = " \
4 | file://haveged.service \
5 | "
6 |
7 | do_install:append() {
8 | install -d ${D}${systemd_system_unitdir}
9 | install -m 0644 ${UNPACKDIR}/haveged.service ${D}${systemd_system_unitdir}
10 | }
11 |
12 | FILES:${PN} += "${systemd_system_unitdir}"
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/base-files/base-files/share/dot.bashrc:
--------------------------------------------------------------------------------
1 | # ~/.bashrc: executed by bash(1) for non-login shells.
2 |
3 | umask 022
4 |
5 | export LS_OPTIONS='--color=auto'
6 | alias ls='ls $LS_OPTIONS'
7 | alias ll='ls $LS_OPTIONS -l'
8 | alias l='ls $LS_OPTIONS -lA'
9 |
10 | # Some more alias to avoid making mistakes:
11 | # alias rm='rm -i'
12 | # alias cp='cp -i'
13 | # alias mv='mv -i'
14 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-feature-ansible.inc:
--------------------------------------------------------------------------------
1 | # Packages required for ansible compatibility
2 | CORE_IMAGE_BASE_INSTALL += " \
3 | openssh-sftp-server \
4 | python3-compression \
5 | python3-distutils \
6 | python3-json \
7 | python3-multiprocessing \
8 | python3-netclient \
9 | python3-pkgutil \
10 | python3-shell \
11 | python3-unixadmin \
12 | "
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-service-bluetooth-disable.inc:
--------------------------------------------------------------------------------
1 | # NOTE: should use lmp-feature-bluetooth.inc
2 |
3 | fakeroot do_populate_rootfs_bluetooth_src () {
4 | # Disable bluetooth service by default (allow to be contained in docker)
5 | ln -sf /dev/null ${IMAGE_ROOTFS}/etc/systemd/system/bluetooth.service
6 | }
7 |
8 | IMAGE_PREPROCESS_COMMAND += "do_populate_rootfs_bluetooth_src; "
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/wireguard/wireguard-module_%.bbappend:
--------------------------------------------------------------------------------
1 | # Only set default rprovides if kernel is different than linux-lmp, assuming
2 | # it is older than 5.6 (version in which the module is provided by the kernel)
3 | python __anonymous() {
4 | if d.getVar("KERNEL_BUILTIN_WIREGUARD") == "0":
5 | pn = d.getVar("PN")
6 | d.appendVar("RPROVIDES:" + pn, "kernel-module-wireguard")
7 | }
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bluetooth-attach/bluetooth-attach/hciattach-custom.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | set -e
4 |
5 | echo Setting up the High Speed HCI interface
6 | hciattach ${HCI_PORT} any 115200 flow
7 | hciconfig hci0 up
8 | hcitool -i hci0 cmd 0x3f 0x0009 0xc0 0xc6 0x2d 0x00
9 | killall hciattach
10 | sleep 2
11 | hciattach ${HCI_PORT} any -s ${HCI_SPEED} ${HCI_SPEED} flow
12 | hciconfig hci0 up
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/tpm-layer/recipes-tpm2/tpm2-tss/tpm2-tss_%.bbappend:
--------------------------------------------------------------------------------
1 | # Prefer /usr/lib directories as they can't be erased/modified by the user
2 | EXTRA_OECONF += " \
3 | --with-sysusersdir=${nonarch_libdir}/sysusers.d \
4 | --with-tmpfilesdir=${nonarch_libdir}/tmpfiles.d \
5 | "
6 |
7 | FILES:${PN} += " \
8 | ${nonarch_libdir}/sysusers.d \
9 | ${nonarch_libdir}/tmpfiles.d \
10 | "
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-connectivity/docker-network-ref/docker-network-ref/docker-network-ref.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Create docker-network-ref docker bridge network
3 | After=boot-complete.target
4 | Before=aktualizr-lite.service
5 | Requires=boot-complete.target
6 |
7 | [Service]
8 | Type=oneshot
9 | ExecStart=/usr/sbin/create-docker-ref-network.sh
10 |
11 | [Install]
12 | WantedBy=multi-user.target
13 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/conf/machine/qemuarm64-secureboot-ebbr.conf:
--------------------------------------------------------------------------------
1 | #@TYPE: Machine
2 | #@NAME: qemuarm64-secureboot-ebbr
3 | #@DESCRIPTION: Machine configuration for running an ARMv8 system on QEMU
4 | # following the EBBR requirements (UEFI)
5 |
6 | MACHINEOVERRIDES =. "qemuarm64-secureboot:"
7 |
8 | require conf/machine/qemuarm64-secureboot.conf
9 |
10 | MACHINE_FEATURES += "efi ebbr acpi pci usbhost"
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/grub/grub-efi_%.bbappend:
--------------------------------------------------------------------------------
1 | RDEPENDS:${PN}:class-target:remove:sota = "virtual/grub-bootconf"
2 |
3 | GRUB_BUILDIN += "reboot"
4 |
5 | # Create startup.nsh so it can be consumed by wic
6 | do_deploy:append:class-target() {
7 | DEST_IMAGE=$(echo ${GRUB_IMAGE} | sed -e 's/^grub-efi-//')
8 | echo 'fs0:\\EFI\\BOOT\\'${DEST_IMAGE} > startup.nsh
9 | install -m 755 ${B}/startup.nsh ${DEPLOYDIR}
10 | }
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/fioconfig/fioconfig/fioconfig.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Foundries.io configuration management daemon
3 | After=network.target
4 | ConditionPathExists=/var/sota/sota.toml
5 |
6 | [Service]
7 | EnvironmentFile=-/etc/default/fioconfig
8 | RestartSec=10
9 | Restart=always
10 | ExecStartPre=mkdir -p /var/run/secrets
11 | ExecStart=/usr/bin/fioconfig daemon
12 |
13 | [Install]
14 | WantedBy=multi-user.target
15 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-os-fio%.bbappend:
--------------------------------------------------------------------------------
1 | DEPENDS += "${@bb.utils.contains('MACHINE_FEATURES', 'fiovb', 'optee-fiovb', '' , d)}"
2 |
3 | FIOVB_UUID = "22250a54-0bf1-48fe-8002-7b20f1c9c9b1"
4 |
5 | EXTRA_OEMAKE += " \
6 | ${@bb.utils.contains('MACHINE_FEATURES', 'fiovb', \
7 | 'CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}${nonarch_base_libdir}/optee_armtz/${FIOVB_UUID}.stripped.elf"', \
8 | '', d)} \
9 | "
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/fioconfig/fioconfig/fioconfig-extract.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Foundries.io configuration management script to extract secrets at boot
3 | After=var.mount NetworkManager.service
4 | Before=fioconfig.service
5 | ConditionPathExists=/var/sota/config.encrypted
6 |
7 | [Service]
8 | Type=oneshot
9 | RemainAfterExit=true
10 | ExecStart=/usr/bin/fioconfig extract
11 |
12 | [Install]
13 | WantedBy=multi-user.target
14 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/device-tree/lmp-device-tree/overlays_rpi-7inch-flip.dts:
--------------------------------------------------------------------------------
1 | /* Device Tree overlay required to flip RaspberryPi 7" Touchscreen panel */
2 | /dts-v1/;
3 | /plugin/;
4 |
5 | / {
6 | compatible = "brcm,bcm2835", "brcm,bcm2708", "brcm,bcm2709";
7 |
8 | fragment@0 {
9 | target = <&lcdpi>;
10 | __overlay__ {
11 | compatible = "raspberrypi,7inch-touchscreen-panel";
12 | lcd-rotate = <2>;
13 | };
14 | };
15 | };
16 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/sysctl-net-queue-pfifo-fast/sysctl-net-queue-pfifo-fast/sysctl-net-queuing.conf:
--------------------------------------------------------------------------------
1 | # The default packet scheduler set by systemd is fq_codel, in order to
2 | # fight bufferbloat, but unfortunately this causes bad side effects on
3 | # Bluetooth 6LoWPAN networks.
4 | # Force pfifo_fast as the default packet scheduler until we're able to
5 | # debug why fq_codel is causing such broken behavior.
6 | net.core.default_qdisc = pfifo_fast
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/luks-reencryption/luks-reencryption/luks-reencryption.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Online LUKS2 disk re-encryption
3 | Wants=systemd-udevd.service systemd-udev-trigger.service
4 | After=systemd-remount-fs.service systemd-udevd.service
5 |
6 | [Service]
7 | Type=oneshot
8 | ExecStart=/usr/sbin/luks-reencryption
9 | ExecStartPost=/bin/systemctl disable luks-reencryption.service
10 |
11 | [Install]
12 | WantedBy=basic.target
13 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-ostree-scr/rpi/uEnv.txt.in:
--------------------------------------------------------------------------------
1 | bootlimit=3
2 | devnum=0
3 | devtype=mmc
4 | bootcmd_args=setenv bootargs coherent_pool=1M 8250.nr_uarts=1 console=tty1 console=ttyS0,115200 root=/dev/mmcblk0p2 rootfstype=ext4 rootwait rw
5 | bootcmd_load_k=fatload ${devtype} ${devnum}:1 ${kernel_addr_r} @@KERNEL_IMAGETYPE@@
6 | bootcmd_run=@@KERNEL_BOOTCMD@@ ${kernel_addr_r} - ${fdt_addr}
7 | bootcmd=run bootcmd_args; run bootcmd_load_k; run bootcmd_run
8 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/ima-inspect/ima-inspect_0.15.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Output IMA/EVM extended attributes in a human readable format"
2 | LICENSE = "GPL-2.0-or-later"
3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=a23a74b3f4caf9616230789d94217acb"
4 |
5 | DEPENDS += "attr ima-evm-utils tclap"
6 |
7 | SRC_URI = "git://github.com/mgerstner/ima-inspect.git;protocol=https;branch=master"
8 | SRCREV = "2e248ce53728f5b2bfc34a934a19636b84f8eb88"
9 |
10 | inherit autotools pkgconfig
11 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/qemuarm/lmp.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_ENV_IS_IN_FAT=y
2 | CONFIG_ENV_FAT_INTERFACE="virtio"
3 | CONFIG_ENV_FAT_DEVICE_AND_PART="0:1"
4 | CONFIG_BOOTCOMMAND="fatload virtio 0:1 ${scriptaddr} /boot.itb; source ${scriptaddr}; reset"
5 | CONFIG_BOOTCOUNT_LIMIT=y
6 | CONFIG_BOOTCOUNT_ENV=y
7 | CONFIG_BOOTCOUNT_BOOTLIMIT=3
8 | # CONFIG_ENV_IS_IN_FLASH is not set
9 | # CONFIG_MTD is not set
10 | # CONFIG_MTD_NOR_FLASH is not set
11 | CONFIG_BOOTSTD=y
12 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/custom-sota-client/files/systemd.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Custom SOTA Client
3 | After=network.target boot-complete.target
4 | Requires=boot-complete.target
5 | ConditionPathExists=|/var/sota/sota.toml
6 |
7 | [Service]
8 | User=root
9 | RestartSec=180
10 | Restart=always
11 | ExecStartPre=/usr/bin/mkdir -p /run/aktualizr
12 | Environment="TMPDIR=/run/aktualizr"
13 | ExecStart=/usr/bin/sotactl
14 |
15 | [Install]
16 | WantedBy=multi-user.target
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/base-files/base-files_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += "file://tmpfiles.conf"
4 |
5 | do_install:append () {
6 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
7 | install -D -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/${PN}.conf
8 | fi
9 | }
10 |
11 | FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/${PN}.conf"
12 |
13 | BASEFILESISSUEINSTALL = ""
14 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/dropbear/dropbear/dropbear@.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=SSH Per-Connection Server
3 | Wants=dropbearkey.service
4 | After=syslog.target dropbearkey.service
5 |
6 | [Service]
7 | Environment="DROPBEAR_KEY_DIR=/etc/dropbear"
8 | EnvironmentFile=-/etc/default/dropbear
9 | ExecStart=-@SBINDIR@/dropbear -i -r ${DROPBEAR_KEY_DIR}/dropbear_ecdsa_host_key $DROPBEAR_EXTRA_ARGS
10 | ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
11 | StandardInput=socket
12 | KillMode=process
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-fio/lmp-common.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_BOOTDELAY=-2
2 | # CONFIG_DISTRO_DEFAULTS is not set
3 | CONFIG_FIT_SIGNATURE_STRICT=y
4 | CONFIG_FIT_VERBOSE=y
5 | CONFIG_FIT=y
6 | CONFIG_RSA=y
7 | CONFIG_SPL_FIT_SIGNATURE_STRICT=y
8 | CONFIG_SPL_FIT_SIGNATURE=y
9 | CONFIG_USE_BOOTCOMMAND=y
10 | # CONFIG_VIDEO is not set
11 | # CONFIG_BOOTSTD is not set
12 | CONFIG_SPL_BOOTFIRMWARE_INFO=y
13 | CONFIG_BOOTFIRMWARE_INFO=y
14 | # CONFIG_ENV_MMC_USE_DT is not set
15 | CONFIG_SHA256=y
16 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/images/initramfs-ostree-lmp-recovery/start_adb.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | start_adb_enabled() {
6 | return 0
7 | }
8 |
9 | start_adb_run() {
10 | mount -t configfs none /sys/kernel/config
11 | test -c /dev/ptmx || mknod -m 666 /dev/ptmx c 5 2
12 | mkdir -p /dev/pts
13 | mount -t devpts devpts /dev/pts -ogid=5,mode=620
14 | /bin/android-gadget-setup
15 | /bin/android-gadget-start &
16 | /bin/adbd
17 | }
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-test_4.4.0.bb:
--------------------------------------------------------------------------------
1 | require optee-test-fio.inc
2 |
3 | SRCREV = "695231ef8987866663a9ed5afd8f77d1bae3dc08"
4 | LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560"
5 |
6 | # Due OpenSSL 3.0 deprecated warnings
7 | CFLAGS += "-Wno-error=deprecated-declarations"
8 | # error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute
9 | CFLAGS += "-Wno-error=unterminated-string-initialization"
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/sudo/sudo_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += "file://tmpfiles.conf"
4 |
5 | do_install:append() {
6 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
7 | install -D -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/sudo-vardir.conf
8 | (cd ${D}${localstatedir}; rmdir -v --parents lib/sudo/lectured)
9 | fi
10 | }
11 |
12 | FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/sudo-vardir.conf"
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/systemd/systemd-serialgetty.bbappend:
--------------------------------------------------------------------------------
1 | # FIXME:
2 | # This should be fixed within the oe-core archiver bbclass instead of in the recipe.
3 | # but I prefer we leave it as is, and when we switch everything to spdx and drop
4 | # the archiver bbclass, we can discard it as well.
5 | #
6 | # fix archiver
7 | # tar: /srv/oe/build/tmp-lmp/work/intel_corei7_64-lmp-linux/systemd-serialgetty/1.0/archiver-work//sources/systemd-serialgetty-1.0: Cannot open: No such file or directory
8 | S = "${UNPACKDIR}"
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/shadow/shadow_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += "file://tmpfiles.conf"
4 |
5 | do_install:append () {
6 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
7 | install -D -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/${PN}.conf
8 | (cd ${D}${localstatedir}; rmdir -v --parents spool/mail)
9 | fi
10 | }
11 |
12 | FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/${PN}.conf"
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/resize-helper/resize-helper/resize-helper.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Resize root filesystem to fit available disk space
3 | Wants=systemd-udevd.service systemd-udev-trigger.service
4 | After=systemd-remount-fs.service systemd-udevd.service luks-reencryption.service
5 |
6 | [Service]
7 | Type=oneshot
8 | ExecStartPre=-/bin/udevadm settle
9 | ExecStart=/usr/sbin/resize-helper
10 | ExecStartPost=/bin/systemctl disable resize-helper.service
11 |
12 | [Install]
13 | WantedBy=basic.target
14 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/collectd/collectd_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:"
2 |
3 | SRC_URI:append = " \
4 | file://tmpfiles.conf \
5 | file://collectd.conf \
6 | "
7 |
8 | PACKAGECONFIG = "rrdtool"
9 |
10 | do_install:append() {
11 | install -D -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/collectd.conf
12 | install -D -m 0644 ${UNPACKDIR}/collectd.conf ${D}${sysconfdir}/collectd.conf
13 | }
14 |
15 | FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/collectd.conf"
16 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/softhsm/softhsm_2.%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI:append = " \
4 | file://tmpfiles.conf \
5 | "
6 |
7 | do_install:append() {
8 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
9 | install -D -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/softhsm.conf
10 | (cd ${D}${localstatedir}; rmdir -v --parents lib/softhsm/tokens)
11 | fi
12 | }
13 |
14 | FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/softhsm.conf"
15 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/python/python3-func-timeout_4.3.5.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Support running any existing function with a given timeout"
2 | HOMEPAGE = "https://github.com/kata198/func_timeout"
3 | SECTION = "devel/python"
4 | LICENSE = "LGPL-3.0-only"
5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e6a600fd5e1d9cbde2d983680233ad02"
6 |
7 | inherit pypi setuptools3
8 |
9 | PYPI_PACKAGE = "func_timeout"
10 |
11 | SRC_URI[sha256sum] = "74cd3c428ec94f4edfba81f9b2f14904846d5ffccc27c92433b8b5939b5575dd"
12 |
13 | BBCLASSEXTEND = "native nativesdk"
14 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/libfyaml/libfyaml_0.6.3.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "A fancy 1.3 YAML and JSON parser/writer."
2 | HOMEPAGE = "https://github.com/pantoniou/libfyaml"
3 | LICENSE = "MIT"
4 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=6399094fbc639a289cfca2d660c010aa"
5 |
6 | SRC_URI = "https://github.com/pantoniou/libfyaml/releases/download/v${PV}/libfyaml-${PV}.tar.gz"
7 | SRC_URI[sha256sum] = "aba6e5b1667bb5a05318f0ad70c617345f2a9e5ce79b37ff1e5322162c9a033e"
8 |
9 | S = "${UNPACKDIR}/libfyaml-${PV}"
10 |
11 | inherit autotools pkgconfig
12 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/docker/python3-docker-vxcan/docker-vxcan.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Docker VXCAN plugin
3 | Before=docker.service
4 | After=network.target
5 |
6 | [Service]
7 | Type=notify
8 | UMask=0077
9 | ExecStartPre=/usr/bin/mkdir -p /run/docker/plugins
10 | ExecStart=/usr/bin/gunicorn --log-level DEBUG --umask 0077 -b unix:/run/docker/plugins/can4docker.sock can4docker.driver:APPLICATION
11 | ExecReload=/bin/kill -s HUP $MAINPID
12 | KillMode=mixed
13 | TimeoutStopSec=5
14 |
15 | [Install]
16 | WantedBy=multi-user.target
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bluetooth-attach/bluetooth-attach/btattach.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Bluetooth Serial Attach Initialization
3 | ConditionFileNotEmpty=/etc/bluetooth/btattach.conf
4 | After=rc-local.service
5 |
6 | [Service]
7 | EnvironmentFile=/etc/bluetooth/btattach.conf
8 | ExecStart=/usr/bin/btattach -B $HCITTY -S $HCISPEED -P $HCIPROTO
9 | # Assume interface 0 by default
10 | ExecStop=-/usr/bin/btmgmt --index 0 power off
11 | TimeoutStartSec=3
12 | Restart=always
13 | RestartSec=10
14 |
15 | [Install]
16 | WantedBy=multi-user.target
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/sysctl-hang-crash-helper/sysctl-hang-crash-helper_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "sysctl hang/crash helper settings"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch
6 |
7 | SRC_URI = "file://sysctl-panic.conf"
8 |
9 | S = "${UNPACKDIR}"
10 |
11 | do_install () {
12 | install -d ${D}${libdir}/sysctl.d
13 | install -m 0644 ${UNPACKDIR}/sysctl-panic.conf ${D}${libdir}/sysctl.d/60-panic.conf
14 | }
15 |
16 | FILES:${PN} += "${libdir}/sysctl.d/60-panic.conf"
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/wic/efidisk-sota.wks.in:
--------------------------------------------------------------------------------
1 | # short-description: Create an OTA-enabled EFI disk image
2 | # long-description: Creates an OTA-enabled EFI disk image that the user
3 | # can directly dd to boot media.
4 |
5 | part /boot --source bootimg_sota_efi --sourceparams="loader=${EFI_PROVIDER}" --rootfs-dir=${WORKDIR}/ota-boot --ondisk sda --active --align 1024 --use-uuid ${OSTREE_WKS_EFI_SIZE} --label boot
6 | part / --source otaimage --ondisk sda --part-name=otaroot --fstype=ext4 --align 1024 --use-uuid
7 |
8 | bootloader --source bootimg-sota-efi --timeout=1 --ptable gpt
9 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/qemuarm64/lmp.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_SYS_TEXT_BASE=0x60000000
2 | CONFIG_ENV_IS_IN_FAT=y
3 | CONFIG_ENV_FAT_INTERFACE="virtio"
4 | CONFIG_ENV_FAT_DEVICE_AND_PART="0:1"
5 | CONFIG_BOOTCOMMAND="fatload virtio 0:1 ${scriptaddr} /boot.itb; source ${scriptaddr}; reset"
6 | CONFIG_BOOTCOUNT_LIMIT=y
7 | CONFIG_BOOTCOUNT_ENV=y
8 | CONFIG_BOOTCOUNT_BOOTLIMIT=3
9 | CONFIG_CMD_NVEDIT_LOAD=y
10 | CONFIG_PREBOOT="virtio scan; env load"
11 | # CONFIG_ENV_IS_IN_FLASH is not set
12 | # CONFIG_MTD is not set
13 | # CONFIG_MTD_NOR_FLASH is not set
14 | CONFIG_BOOTSTD=y
15 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/device-tree/lmp-device-tree.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Linux microPlatform BSP device trees"
2 | DESCRIPTION = "Linux microPlatform BSP device trees available from within layer"
3 | SECTION = "bsp"
4 |
5 | LICENSE = "GPL-2.0-only"
6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
7 |
8 | inherit devicetree
9 |
10 | PROVIDES = "virtual/dtb"
11 |
12 | # Device tree and overlays to be provided by the BSP layer
13 | # E.g.:
14 | # SRC_URI:append:board = "file://overlays_board.dts"
15 | # COMPATIBLE_MACHINE_board = ".*"
16 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/dropbear/dropbear/dropbearkey.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=SSH Key Generation
3 | RequiresMountsFor=/var /var/lib
4 | ConditionPathExists=!/etc/dropbear/dropbear_ecdsa_host_key
5 | ConditionPathExists=!/var/lib/dropbear/dropbear_ecdsa_host_key
6 |
7 | [Service]
8 | Environment="DROPBEAR_KEY_DIR=/etc/dropbear"
9 | EnvironmentFile=-/etc/default/dropbear
10 | Type=oneshot
11 | ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_KEY_DIR}
12 | ExecStart=@SBINDIR@/dropbearkey -t ecdsa -f ${DROPBEAR_KEY_DIR}/dropbear_ecdsa_host_key
13 | RemainAfterExit=yes
14 | Nice=10
15 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/pkcs11test/pkcs11test_git.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "A PKCS#11 Test Suite"
2 | HOMEPAGE = "https://github.com/google/pkcs11test"
3 | SECTION = "tests"
4 | LICENSE = "Apache-2.0"
5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=175792518e4ac015ab6696d16c4f607e"
6 |
7 | SRC_URI = "git://github.com/foundriesio/pkcs11test.git;protocol=https;branch=dev"
8 | SRCREV = "57e1652b1995566e3f33bfa955856d7d0797cc83"
9 |
10 | do_compile() {
11 | oe_runmake
12 | }
13 |
14 | do_install() {
15 | install -d ${D}${bindir}
16 | install -m 0755 ${S}/pkcs11test ${D}${bindir}
17 | }
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/sbin-path-helper/sbin-path-helper_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Add all sbin dirs to PATH for root user"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch
6 |
7 | SRC_URI = "file://path-sbin.sh"
8 |
9 | S = "${UNPACKDIR}"
10 |
11 | do_install () {
12 | # Useful for development
13 | install -d ${D}${sysconfdir}/profile.d
14 | install -m 0644 ${UNPACKDIR}/path-sbin.sh ${D}${sysconfdir}/profile.d/path-sbin.sh
15 | }
16 |
17 | FILES:${PN} += "${sysconfdir}/profile.d/path-sbin.sh"
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lmp-device-auto-register/lmp-device-auto-register/lmp-device-auto-register.service.in:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Script to auto-register device into Factory
3 | Wants=network-online.target time-sync.target systemd-time-wait-sync.service
4 | After=network-online.target time-sync.target systemd-time-wait-sync.service
5 | ConditionPathExists=!/var/sota/sql.db
6 |
7 | [Service]
8 | Environment=USE_HOSTNAME=@@LMP_AUTO_REGISTER_USE_HOSTNAME@@
9 | Type=oneshot
10 | RemainAfterExit=true
11 | ExecStart=/usr/bin/lmp-device-auto-register
12 |
13 | [Install]
14 | WantedBy=multi-user.target
15 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/docker-credential-helper-fio/docker-credential-helper-fio_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Docker-credential helper to handle hub.foundries.io for registered devices"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch
6 |
7 | RDEPENDS:${PN} = "aktualizr-get"
8 |
9 | SRC_URI = "file://docker-credential-fio-helper"
10 | S = "${UNPACKDIR}"
11 |
12 | PACKAGE_ARCH = "${MACHINE_ARCH}"
13 |
14 | do_install() {
15 | install -d ${D}${bindir}
16 | install -m 0755 docker-credential-fio-helper ${D}${bindir}
17 | }
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/plug-and-trust-seteec/plug-and-trust-demos_4.02.00.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "NXP Plug and Trust Middleware Demos with SETEEC support"
2 | LICENSE = "Apache-2.0"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
4 |
5 | SRC_URI = "git://github.com/foundriesio/plug-and-trust-demos;branch=v04.02.00;protocol=https"
6 | SRCREV = "20ddccee11ffa915713b47b50efa89856b0a890c"
7 |
8 | DEPENDS = "plug-and-trust-seteec"
9 |
10 | inherit cmake dos2unix
11 |
12 | EXTRA_OECMAKE += "\
13 | -DSIMW_TOP_DIR=${WORKDIR}/recipe-sysroot/usr/include/se05x \
14 | "
15 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/base-files/base-files/rpi/fstab:
--------------------------------------------------------------------------------
1 | /dev/root / auto defaults 1 1
2 | proc /proc proc defaults 0 0
3 | devpts /dev/pts devpts mode=0620,gid=5 0 0
4 | tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0
5 | tmpfs /var/volatile tmpfs defaults 0 0
6 |
7 | # boot partition
8 | /dev/mmcblk0p1 /mnt/boot vfat x-systemd.automount,x-systemd.idle-timeout=2,noatime,sync 0 2
9 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/base-files/base-files/qemuarm/fstab:
--------------------------------------------------------------------------------
1 | /dev/root / auto defaults 1 1
2 | proc /proc proc defaults 0 0
3 | devpts /dev/pts devpts mode=0620,gid=5 0 0
4 | tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0
5 | tmpfs /var/volatile tmpfs defaults 0 0
6 |
7 | # boot partition
8 | /dev/vda1 /mnt/boot vfat x-systemd.automount,x-systemd.idle-timeout=2,noatime,sync 0 2
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-mini-image.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Minimal image that includes OTA+ support"
2 |
3 | require lmp-image-common.inc
4 |
5 | require ${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'lmp-feature-factory.inc', '', d)}
6 | require ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'lmp-feature-wayland.inc', '', d)}
7 | require lmp-feature-ota-utils.inc
8 | require lmp-feature-wireguard.inc
9 | require lmp-feature-sysctl-hang-crash-helper.inc
10 |
11 | require ${@bb.utils.contains('SOTA_CLIENT', 'aktualizr', 'lmp-service-ostree-pending-reboot.inc', '', d)}
12 |
13 | IMAGE_FEATURES += "ssh-server-dropbear"
14 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/base-files/base-files/beaglebone-yocto/fstab:
--------------------------------------------------------------------------------
1 | /dev/root / auto defaults 1 1
2 | proc /proc proc defaults 0 0
3 | devpts /dev/pts devpts mode=0620,gid=5 0 0
4 | tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0
5 | tmpfs /var/volatile tmpfs defaults 0 0
6 |
7 | # boot partition
8 | LABEL=boot /mnt/boot vfat x-systemd.automount,x-systemd.idle-timeout=2,noatime,sync 0 2
9 |
--------------------------------------------------------------------------------
/meta-lmp-base/conf/distro/lmp-base.conf:
--------------------------------------------------------------------------------
1 | require conf/distro/include/lmp.inc
2 |
3 | DISTRO = "lmp-base"
4 | DISTROOVERRIDES = "lmp:lmp-base"
5 | DISTRO_NAME = "Linux-microPlatform Base (no ostree)"
6 |
7 | IMAGE_LINGUAS ?= "en-us"
8 |
9 | INITRAMFS_FSTYPES = "cpio.gz"
10 |
11 | # By default we don't have any extra machine dependencies
12 | MACHINE_ESSENTIAL_EXTRA_RDEPENDS = ""
13 |
14 | # Facilitate kernel development by removing modsign by default
15 | DISTRO_FEATURES_DEFAULT:remove = "modsign"
16 |
17 | # Facilitate debugging
18 | DISTRO_FEATURES_DEFAULT:append = " minidebuginfo debuginfod lmpdebug"
19 |
20 | INITRD_IMAGE_LIVE ?= ""
21 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/base-files/base-files/nsswitch.conf:
--------------------------------------------------------------------------------
1 | # /etc/nsswitch.conf
2 | #
3 | # Example configuration of GNU Name Service Switch functionality.
4 | # If you have the `glibc-doc' and `info' packages installed, try:
5 | # `info libc "Name Service Switch"' for information about this file.
6 |
7 | passwd: files systemd
8 | group: files systemd
9 | shadow: files
10 | gshadow: files
11 |
12 | hosts: files dns
13 | networks: files
14 |
15 | protocols: db files
16 | services: db files
17 | ethers: db files
18 | rpc: db files
19 |
20 | netgroup: nis
21 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bluetooth-attach/bluetooth-attach/hciattach.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Non-Resident HCI-based Bluetooth Serial Attach Initialization
3 | ConditionFileNotEmpty=/etc/bluetooth/hciattach.conf
4 | ConditionFirmware=device-tree-compatible(@@HCI_ATTACH_BOARD@@)
5 | After=rc-local.service
6 |
7 | [Service]
8 | EnvironmentFile=/etc/bluetooth/hciattach.conf
9 | PassEnvironment=HCI_PORT HCI_SPEED
10 | ExecStart=/usr/bin/hciattach-custom.sh
11 | # Assume interface 0 by default
12 | ExecStop=-/usr/bin/hciconfig hci0 down
13 | RemainAfterExit=true
14 | Type=oneshot
15 |
16 | [Install]
17 | WantedBy=multi-user.target
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/sysctl-net-queue-pfifo-fast/sysctl-net-queue-pfifo-fast_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "sysctl set net queue to pfifo_fast"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch
6 |
7 | SRC_URI = "file://sysctl-net-queuing.conf"
8 |
9 | S = "${UNPACKDIR}"
10 |
11 | PACKAGE_ARCH = "${MACHINE_ARCH}"
12 |
13 | do_install () {
14 | install -d ${D}${libdir}/sysctl.d
15 | install -m 0644 ${UNPACKDIR}/sysctl-net-queuing.conf ${D}${libdir}/sysctl.d/90-net-queuing.conf
16 | }
17 |
18 | FILES:${PN} += "${libdir}/sysctl.d/90-net-queuing.conf"
19 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/beaglebone-yocto/lmp.cfg:
--------------------------------------------------------------------------------
1 | # CONFIG_ANDROID_BOOT_IMAGE is not set
2 | CONFIG_BOOTCOMMAND="run findfdt; if test ${devtype}1 = 1; then setenv devtype mmc; fi; if test ${devnum}x = x; then setenv devnum 0; fi; fatload ${devtype} ${devnum}:1 ${rdaddr} /boot.itb; setenv verify 1; source ${rdaddr}; reset"
3 | CONFIG_BOOTCOUNT_LIMIT=y
4 | CONFIG_BOOTCOUNT_ENV=y
5 | CONFIG_BOOTCOUNT_BOOTLIMIT=3
6 | CONFIG_USB_HOST_ETHER=y
7 | CONFIG_USB_ETHER_ASIX=y
8 | CONFIG_USB_ETHER_ASIX88179=y
9 | CONFIG_USB_ETHER_MCS7830=y
10 | CONFIG_USB_ETHER_SMSC95XX=y
11 | CONFIG_FIT_SIGNATURE=y
12 | # CONFIG_SPL_FIT_SIGNATURE is not set
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lmp-auto-hostname/lmp-auto-hostname/lmp-auto-hostname.service.in:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Linux microPlatform Auto Hostname Update
3 | DefaultDependencies=no
4 | Before=network-pre.target avahi-daemon.service
5 | After=local-fs.target dbus.service
6 |
7 | [Service]
8 | Environment=MACHINE=@@LMP_HOSTNAME_MACHINE@@ MODE=@@LMP_HOSTNAME_MODE@@ NETDEVICE=@@LMP_HOSTNAME_NETDEVICE@@ FIOVB_VAR=@@LMP_HOSTNAME_FIOVB_VAR@@
9 | ExecStart=/usr/bin/lmp-update-hostname
10 | ExecStartPost=/usr/bin/systemctl disable lmp-auto-hostname.service
11 | Type=oneshot
12 | RemainAfterExit=yes
13 |
14 | [Install]
15 | WantedBy=multi-user.target
16 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-connectivity/networkmanager/networkmanager_1.52.%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | # Disable firewalld-zone by default, but allow via packageconfig
4 | PACKAGECONFIG[firewalld-zone] = "-Dfirewalld_zone=true,-Dfirewalld_zone=false"
5 |
6 | SRC_URI:append = " \
7 | file://0001-85-nm-unmanaged.rules-do-not-manage-docker-bridges.patch \
8 | "
9 |
10 | do_install:append() {
11 | # NM is able to create /var/lib/NetworkManager on runtime
12 | (cd ${D}${localstatedir}; rmdir -v --parents lib/NetworkManager)
13 | }
14 |
15 | # FIXME: drop me on 1.54
16 | CFLAGS += "-Wno-error=incompatible-pointer-types"
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/linux-yocto_%.bbappend:
--------------------------------------------------------------------------------
1 | # any kernel recipe with fragment support, that sets LINUX_VERSION to one of the tested
2 | # values, will get the appropriate fragments included in their SRC_URI
3 |
4 | LINUX_MAJOR = "${@(d.getVar('LINUX_VERSION') or "x.y").split('.')[0]}"
5 | LINUX_MINOR = "${@(d.getVar('LINUX_VERSION') or "x.y").split('.')[1]}"
6 |
7 |
8 | KERNEL_META_TYPE = "${@'yocto' if d.getVar('SRC_URI').find('type=kmeta') > 0 else 'none'}"
9 |
10 | include ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', 'recipes-kernel/linux/linux-${KERNEL_META_TYPE}_${LINUX_MAJOR}.${LINUX_MINOR}_virtualization.inc', '', d)}
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-ostree-scr/uEnv.txt.in:
--------------------------------------------------------------------------------
1 | bootcmd_dtb=fatload ${devtype} ${devnum}:1 ${fdt_addr_r} /${fdtfile}
2 | bootcmd_otenv=ext4load ${devtype} ${devnum}:2 ${loadaddr} /boot/loader/uEnv.txt; env import -t ${loadaddr} ${filesize}
3 | bootcmd_load_k=ext4load ${devtype} ${devnum}:2 ${kernel_addr_r} "/boot"${kernel_image}
4 | bootcmd_load_r=ext4load ${devtype} ${devnum}:2 ${ramdisk_addr_r} "/boot"${ramdisk_image}; setenv ramdisk_size ${filesize}
5 | bootcmd_run=@@KERNEL_BOOTCMD@@ ${kernel_addr_r} ${ramdisk_addr_r}:${ramdisk_size} ${fdt_addr_r}
6 | bootcmd=run bootcmd_dtb; run bootcmd_otenv; run bootcmd_load_k; run bootcmd_load_r; run bootcmd_run
7 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/compose-apps-early-start/compose-apps-early-start/compose-apps-early-start.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Ensure apps are configured and running as early as possible
3 | Wants=docker.service
4 | After=docker.service
5 | Before=lmp-device-auto-register.service
6 | StartLimitBurst=2
7 | OnFailure=compose-apps-early-start-recovery.service
8 | ConditionPathExists=!/var/sota/sql.db
9 |
10 | [Service]
11 | Type=oneshot
12 | RemainAfterExit=true
13 | ExecStart=/usr/bin/compose-apps-early-start
14 | Restart=on-failure
15 | ExecStartPost=/usr/bin/systemctl disable compose-apps-early-start.service
16 |
17 | [Install]
18 | WantedBy=multi-user.target
19 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/systemd-watchdog-config/systemd-watchdog-config.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Systemd Watchdog Configuration Fragment"
2 | SECTION = "devel"
3 | LICENSE = "BSD-2-Clause"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f"
5 |
6 | inherit allarch
7 |
8 | SRC_URI = "file://watchdog.conf"
9 |
10 | S = "${UNPACKDIR}"
11 |
12 | PACKAGE_ARCH = "${MACHINE_ARCH}"
13 |
14 | do_install () {
15 | install -d ${D}${systemd_unitdir}/system.conf.d
16 | install -m 0644 ${S}/watchdog.conf ${D}${systemd_unitdir}/system.conf.d/10-watchdog.conf
17 | }
18 |
19 | FILES:${PN} = "${systemd_unitdir}/system.conf.d"
20 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Meta-LMP
2 | ================================
3 |
4 | Collection of layers used by the Linux microPlatform project.
5 |
6 | Contributing
7 | ------------
8 |
9 | Please submit any patches against the `meta-lmp-base` and `meta-lmp-bsp`
10 | layers by using the GitHub pull-request feature. Fork the repo, make a branch,
11 | do the work, then rebase from upstream and create the pull request.
12 |
13 | For some useful guidelines when submitting patches, please refer to:
14 | https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#preparing-changes-for-submission
15 |
16 | Pull requests will be discussed within the GitHub pull-request infrastructure.
17 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/haveged/haveged/haveged.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Entropy Daemon based on the HAVEGE algorithm
3 | Documentation=man:haveged(8) http://www.issihosts.com/haveged/
4 | DefaultDependencies=no
5 | After=systemd-tmpfiles-setup-dev.service
6 | Before=sysinit.target shutdown.target
7 |
8 | [Service]
9 | ExecStart=/usr/sbin/haveged --Foreground --verbose=1 -w 1024
10 | Restart=always
11 | SuccessExitStatus=137 143
12 | SecureBits=noroot-locked
13 | CapabilityBoundingSet=CAP_SYS_ADMIN
14 | PrivateTmp=true
15 | PrivateDevices=true
16 | PrivateNetwork=true
17 | ProtectSystem=full
18 | ProtectHome=true
19 |
20 | [Install]
21 | WantedBy=sysinit.target
22 |
--------------------------------------------------------------------------------
/meta-lmp-base/wic/sdimage-split-boot-sota.wks.in:
--------------------------------------------------------------------------------
1 | # short-description: Create OTA-enabled split boot SD card image
2 | # long-description: Creates a partitioned SD card image with OSTree
3 | # physical sysroot as a payload. Boot files are located in the
4 | # first vfat partition and ostree boot files are located in the
5 | # first ext4 partition..
6 |
7 | part firmware --source bootimg-partition --ondisk mmcblk --fstype=vfat --label boot --active --align 4096 --size 20
8 | part /boot --source rootfs --ondisk mmcblk --rootfs-dir=${WORKDIR}/ota-boot --fstype=ext4 --label otaboot --align 4096 ${OSTREE_WKS_BOOT_SIZE}
9 | part / --source otaimage --ondisk mmcblk --fstype=ext4 --align 4096
10 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-connectivity/bluez5/bluez5_5.85.bbappend:
--------------------------------------------------------------------------------
1 | # This enables using BSD library libedit for client/mesh features
2 |
3 | FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
4 |
5 | PACKAGECONFIG:append = " client "
6 |
7 | PACKAGECONFIG[readline] = "--with-readline=readline,,readline,,,libedit"
8 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit,,,readline"
9 | PACKAGECONFIG[client] = "--enable-client,--disable-client"
10 | PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh"
11 |
12 | SRC_URI += " \
13 | file://0001-build-add-initial-support-for-building-with-libedit.patch \
14 | file://0002-build-support-choosing-libedit-instead-readline.patch \
15 | "
16 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/systemd-journald-config/systemd-journald-config.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Systemd Journald Configuration Fragment"
2 | SECTION = "devel"
3 | LICENSE = "BSD-2-Clause"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f"
5 |
6 | inherit allarch
7 |
8 | SRC_URI = "file://forward-console.conf"
9 |
10 | S = "${UNPACKDIR}"
11 |
12 | PACKAGE_ARCH = "${MACHINE_ARCH}"
13 |
14 | do_install() {
15 | install -d ${D}${systemd_unitdir}/journald.conf.d
16 | install -m 0644 ${S}/forward-console.conf ${D}${systemd_unitdir}/journald.conf.d/10-forward-console.conf
17 | }
18 |
19 | FILES:${PN} = "${systemd_unitdir}/journald.conf.d"
20 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/nss-altfiles/nss-altfiles_git.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "NSS module which can read user information from files in an alternative location"
2 | LICENSE = "LGPL-2.1-only"
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=fb1949d8d807e528c1673da700aff41f"
4 |
5 | # Use upstream used and maintained by Flatcar
6 | SRC_URI = "git://github.com/kinvolk/nss-altfiles.git;protocol=https;branch=master"
7 |
8 | PV = "2.23.0+git"
9 | SRCREV = "9078c543ba7d2bc5011737675b3dddb882673ce7"
10 |
11 | inherit autotools-brokensep
12 |
13 | NSS_ALT_TYPES ?= "pwd,grp,spwd,sgrp"
14 |
15 | EXTRA_OECONF = " \
16 | --datadir=${libdir} \
17 | --prefix=${libdir} \
18 | --with-types=${NSS_ALT_TYPES} \
19 | "
20 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/fio-diag/fio-diag_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Foundries.io Diagnostic Tool for a Device"
2 | SECTION = "devel"
3 | LICENSE = "BSD-3-Clause"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
5 | HOMEPAGE = "https://github.com/foundriesio/lmp-tools/tree/master/device-scripts"
6 |
7 | SRCREV = "4096c9b825155273b2ec72dccbde45a904b7c9b5"
8 |
9 | SRC_URI = " \
10 | git://github.com/foundriesio/lmp-tools;protocol=https;branch=master;name=lmp-tools \
11 | "
12 |
13 | PACKAGE_ARCH = "${MACHINE_ARCH}"
14 |
15 | do_install () {
16 | install -d ${D}${sbindir}
17 | install -m 0755 ${S}/device-scripts/fio-diag.sh ${D}${sbindir}
18 | }
19 |
--------------------------------------------------------------------------------
/meta-lmp-base/classes/lmp-disable-gplv3.bbclass:
--------------------------------------------------------------------------------
1 | # General LMP build options for disabling usage of GPLv3 based components
2 | # and dependencies.
3 | RRECOMMENDS:packagegroup-base-vfat:remove = "dosfstools"
4 | PACKAGECONFIG:remove:pn-python3 = "readline"
5 | PACKAGECONFIG:remove:pn-curl = "libidn"
6 | PACKAGECONFIG:remove:pn-bluez5 = "readline mesh"
7 | PACKAGECONFIG:append:pn-bluez5 = " libedit "
8 | PACKAGECONFIG:remove:pn-iproute2 = "elf"
9 | PACKAGECONFIG:remove:pn-wireguard-tools = "bash-completion wg-quick"
10 | PACKAGECONFIG:remove:pn-networkmanager = "readline ifupdown"
11 | PACKAGECONFIG:remove:pn-systemd = "vconsole"
12 | PACKAGECONFIG:remove:pn-nftables = "readline"
13 | LMP_DISABLE_GPLV3 = "1"
14 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/images/initramfs-ostree-lmp-recovery/image_download.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | image_download_enabled() {
6 | # Disabled by default, to be replaced based on the target hardware
7 | return 1
8 | }
9 |
10 | image_download_run() {
11 | token=`fw_printenv -n osf_token`
12 | [ -z "$token" ] && fatal "Missing osf_token u-boot env definition"
13 | source /etc/os-release
14 | # Example for using wget to download via a token stored in u-boot env
15 | wget --header="OSF-TOKEN: $token" https://api.foundries.io/projects/${LMP_FACTORY}/lmp/builds/${IMAGE_VERSION}/runs/${LMP_MACHINE}/lmp-factory-image-${LMP_MACHINE}.wic.gz
16 | }
17 |
--------------------------------------------------------------------------------
/.github/workflows/backport.yaml:
--------------------------------------------------------------------------------
1 | name: Backport labeled merged pull requests
2 | on:
3 | pull_request_target:
4 | types: [closed]
5 | permissions:
6 | contents: write # so it can comment
7 | pull-requests: write # so it can create pull requests
8 | jobs:
9 | backport:
10 | name: Create backport PRs
11 | runs-on: ubuntu-latest
12 | # Only run when pull request is merged
13 | # or when a comment containing `/backport` is created
14 | if: github.event.pull_request.merged
15 | steps:
16 | - uses: actions/checkout@v4
17 | - name: Create backport PRs
18 | uses: korthout/backport-action@v3
19 | with:
20 | github_token: ${{ secrets.GITHUB_TOKEN }}
21 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/linux-lmp_6.1.bb:
--------------------------------------------------------------------------------
1 | include kmeta-linux-lmp-6.1.y.inc
2 |
3 | LINUX_VERSION ?= "6.1.102"
4 | KBRANCH = "linux-v6.1.y"
5 | SRCREV_machine = "4e3d958c2512b99faa4bf9fcd7890b0bbbeaa23c"
6 | SRCREV_meta = "${KERNEL_META_COMMIT}"
7 |
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
9 |
10 | SRC_URI = "git://github.com/foundriesio/linux.git;protocol=https;branch=${KBRANCH};name=machine; \
11 | ${KERNEL_META_REPO};protocol=${KERNEL_META_REPO_PROTOCOL};type=kmeta;name=meta;branch=${KERNEL_META_BRANCH};destsuffix=${KMETA} \
12 | "
13 |
14 | KMETA = "kernel-meta"
15 |
16 | require linux-lmp.inc
17 | include recipes-kernel/linux/linux-lmp-machine-custom.inc
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/linux-lmp_6.6.bb:
--------------------------------------------------------------------------------
1 | include kmeta-linux-lmp-6.6.y.inc
2 |
3 | LINUX_VERSION ?= "6.6.102"
4 | KBRANCH = "linux-6.6.y"
5 | SRCREV_machine = "41c95641970d32c0269d7855f33c1ca06d0c18ac"
6 | SRCREV_meta = "${KERNEL_META_COMMIT}"
7 |
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
9 |
10 | SRC_URI = "git://github.com/foundriesio/linux.git;protocol=https;branch=${KBRANCH};name=machine; \
11 | ${KERNEL_META_REPO};protocol=${KERNEL_META_REPO_PROTOCOL};type=kmeta;name=meta;branch=${KERNEL_META_BRANCH};destsuffix=${KMETA} \
12 | "
13 |
14 | KMETA = "kernel-meta"
15 |
16 | require linux-lmp.inc
17 | include recipes-kernel/linux/linux-lmp-machine-custom.inc
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/python/python3-plug-and-trust-ssscli_4.02.00.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "NXP Plug and Trust SSS Python command line tool"
2 | SECTION = "devel/python"
3 | LICENSE = "Apache-2.0"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
5 |
6 | SRC_URI = "git://github.com/foundriesio/plug-and-trust-ssscli;branch=v04.02.00;protocol=https"
7 | SRCREV = "3c3b7ba510c32461101c66e9d790a097a2c41657"
8 |
9 | S = "${WORKDIR}/git/src"
10 |
11 | inherit setuptools3
12 |
13 | RDEPENDS:${PN} += "plug-and-trust-seteec \
14 | ${PYTHON_PN}-click \
15 | ${PYTHON_PN}-logging \
16 | ${PYTHON_PN}-cryptography \
17 | "
18 |
19 | BBCLASSEXTEND = "native nativesdk"
20 |
--------------------------------------------------------------------------------
/meta-lmp-base/wic/image-efi-installer.wks.in:
--------------------------------------------------------------------------------
1 | # create an EFI compatible installer disk image
2 | # populate content to install using IMAGE_BOOT_FILES (e.g. rootfs)
3 |
4 | part /boot --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER},title=Install ${DISTRO_NAME} (${DISTRO_VERSION}),label=install-efi,initrd=${INITRD_IMAGE_LIVE}-${MACHINE}.${INITRAMFS_FSTYPES}" --ondisk sda --label install --active --align 1024 --use-uuid --size 100
5 |
6 | part /efi --source rootfs --ondisk sda --rootfs-dir=${WORKDIR}/ota-boot --fstype=ext4 --label otaboot --align 4096 ${OSTREE_WKS_BOOT_SIZE}
7 | part / --source bootimg-partition --ondisk sda --fstype=ext4 --label image --use-uuid --align 1024
8 |
9 | bootloader --ptable gpt --timeout=5
10 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-kernel/linux/linux-lmp-rpi_git.bb:
--------------------------------------------------------------------------------
1 | include recipes-kernel/linux/kmeta-linux-lmp-6.6.y.inc
2 |
3 | LINUX_VERSION ?= "6.6.63"
4 | KBRANCH = "rpi-6.6.y"
5 | SRCREV_machine = "e442e5c1ab6bff5b5460b4fc949beb72aaf77970"
6 | SRCREV_meta = "${KERNEL_META_COMMIT}"
7 |
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
9 |
10 | SRC_URI = "git://github.com/raspberrypi/linux.git;protocol=https;branch=${KBRANCH};name=machine; \
11 | ${KERNEL_META_REPO};protocol=${KERNEL_META_REPO_PROTOCOL};type=kmeta;name=meta;branch=${KERNEL_META_BRANCH};destsuffix=${KMETA} \
12 | "
13 |
14 | KMETA = "kernel-meta"
15 |
16 | require recipes-kernel/linux/linux-lmp.inc
17 |
18 | KERNEL_DTC_FLAGS += "-@ -H epapr"
19 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/wayland-cdi/wayland-cdi_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Sets up a CDI device entry for the Wayland display"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch systemd
6 |
7 | SRC_URI = "file://wayland-cdi.service \
8 | file://wayland-cdi-generate \
9 | "
10 |
11 | SYSTEMD_SERVICE:${PN} = "wayland-cdi.service"
12 | SYSTEMD_AUTO_ENABLE:${PN} = "enable"
13 |
14 | do_install() {
15 | install -d ${D}${bindir}
16 | install -m 0755 ${UNPACKDIR}/wayland-cdi-generate ${D}${bindir}/wayland-cdi-generate
17 |
18 | install -d ${D}${systemd_system_unitdir}
19 | install -m 0644 ${UNPACKDIR}/wayland-cdi.service ${D}${systemd_system_unitdir}
20 | }
21 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/fio-se05x-cli_git.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Foundries.io NXP SE05X Secure Element CLI"
2 | HOMEPAGE = "https://github.com/foundriesio/fio-se05x-cli"
3 | LICENSE = "BSD-3-Clause"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
5 |
6 | inherit pkgconfig
7 |
8 | DEPENDS = "optee-client openssl"
9 |
10 | SRC_URI = "git://github.com/foundriesio/fio-se05x-cli.git;protocol=https;branch=main"
11 | SRCREV = "6fd9c9329bb265b916c7fc14cb9447d198aceebf"
12 |
13 | TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
14 | EXTRA_OEMAKE = "TEEC_EXPORT=${TEEC_EXPORT}"
15 |
16 |
17 | do_install() {
18 | install -d ${D}${bindir}
19 | install -m 0755 ${S}/fio-se05x-cli ${D}${bindir}
20 | }
21 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/linux-lmp-rt_6.6.bb:
--------------------------------------------------------------------------------
1 | include kmeta-linux-lmp-6.6.y.inc
2 |
3 | LINUX_VERSION ?= "6.6.87"
4 | KBRANCH = "linux-v6.6.y-rt"
5 | SRCREV_machine = "a4080334e237c0ecb0ac4b3ecdc5ec2d8d6dbe31"
6 | SRCREV_meta = "${KERNEL_META_COMMIT}"
7 | LINUX_KERNEL_TYPE = "preempt-rt"
8 |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
10 |
11 | SRC_URI = "git://github.com/foundriesio/linux.git;protocol=https;branch=${KBRANCH};name=machine; \
12 | ${KERNEL_META_REPO};protocol=${KERNEL_META_REPO_PROTOCOL};type=kmeta;name=meta;branch=${KERNEL_META_BRANCH};destsuffix=${KMETA} \
13 | "
14 |
15 | KMETA = "kernel-meta"
16 |
17 | require linux-lmp.inc
18 | include recipes-kernel/linux/linux-lmp-machine-custom.inc
19 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/base-files/base-files/qemuarm64/fstab:
--------------------------------------------------------------------------------
1 | /dev/root / auto defaults 1 1
2 | proc /proc proc defaults 0 0
3 | devpts /dev/pts devpts mode=0620,gid=5 0 0
4 | tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0
5 | tmpfs /var/volatile tmpfs defaults 0 0
6 |
7 | # vfat boot partition
8 | /dev/vda1 /mnt/boot vfat x-systemd.automount,x-systemd.idle-timeout=2,noatime,sync 0 2
9 | # ostree boot partition
10 | /dev/vda2 /boot ext4 defaults 0 2
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/docker-cli-config/docker-cli-config_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Default system configuration file for Docker cli"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch
6 |
7 | SRC_URI = "file://config.json.in"
8 |
9 | S = "${UNPACKDIR}"
10 |
11 | PACKAGE_ARCH = "${MACHINE_ARCH}"
12 |
13 | FIO_HUB_URL ?= "hub.foundries.io"
14 |
15 | do_compile() {
16 | sed -e 's|@@HUB_URL@@|${FIO_HUB_URL}|g' \
17 | ${UNPACKDIR}/config.json.in > ${B}/config.json
18 | }
19 |
20 | do_install() {
21 | install -d ${D}${libdir}/docker
22 | install -m 0644 ${B}/config.json ${D}${libdir}/docker/config.json
23 | }
24 |
25 | FILES:${PN} += "${libdir}/docker"
26 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/initrdscripts/initramfs-module-install-efi_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | # Prefer gptfdisk instead of parted
4 | RDEPENDS:${PN}:remove = "parted dosfstools"
5 | RDEPENDS:${PN} += "efibootmgr gptfdisk systemd-crypt efivar"
6 |
7 | do_configure:append() {
8 | if [ "${OSTREE_OTA_EXT4_LUKS}" = "1" ]; then
9 | if [ -z "${OSTREE_OTA_EXT4_LUKS_PASSPHRASE}" ]; then
10 | bbfatal "Unable to find passphrase for LUKS-based ota-ext4 (define OSTREE_OTA_EXT4_LUKS_PASSPHRASE)"
11 | fi
12 | file="${S}/init-install-efi.sh"
13 | watermark="fiopassphrase"
14 | passphrase="${OSTREE_OTA_EXT4_LUKS_PASSPHRASE}"
15 | sed -i "s|${watermark}|${passphrase}|g" "$file"
16 | fi
17 | }
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-fioefi-env-rollback_1.0.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Aktualizr configuration snippet to enable Foundries.IO UEFI Capsule updates"
2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
3 | SECTION = "base"
4 | LICENSE = "MPL-2.0"
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
6 |
7 | inherit allarch
8 |
9 | SRC_URI = "file://sota-fioefi-env.toml"
10 |
11 | S = "${UNPACKDIR}"
12 |
13 | do_install() {
14 | install -m 0700 -d ${D}${libdir}/sota/conf.d
15 | install -m 0644 ${UNPACKDIR}/sota-fioefi-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml
16 | }
17 |
18 | FILES:${PN} = " \
19 | ${libdir}/sota/conf.d \
20 | ${libdir}/sota/conf.d/30-rollback.toml \
21 | "
22 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/tpm-layer/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI += " \
4 | file://0001-backend-do-not-initialize-fapi-when-not-enabled.patch \
5 | file://0002-db-don-t-warn-the-user-when-db-is-not-found.patch \
6 | file://0003-sign-skip-pkey-when-signing-during-sign_init.patch \
7 | file://tmpfiles.conf \
8 | "
9 |
10 | EXTRA_OECONF += "--with-storedir=${localstatedir}/tpm2_pkcs11"
11 |
12 | do_install:append() {
13 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
14 | install -D -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/tpm2-pkcs11.conf
15 | fi
16 | }
17 |
18 | FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/tpm2-pkcs11.conf"
19 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-core/images/initramfs-ostree-lmp-recovery.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | fakeroot do_populate_recovery_rootfs_custom () {
4 | install -m 0755 ${UNPACKDIR}/tee.sh ${IMAGE_ROOTFS}/recovery.d/80-tee
5 | # install custom recovery modules
6 | install -m 0755 ${UNPACKDIR}/start_adb.sh ${IMAGE_ROOTFS}/recovery.d/90-start_adb
7 |
8 | # install u-boot env config (fw_printenv / fw_setenv)
9 | install -m 0644 ${UNPACKDIR}/fw_env.config ${IMAGE_ROOTFS}/etc/
10 |
11 | # install system dir for adb
12 | install -d ${IMAGE_ROOTFS}/system/
13 | echo "ro.product.manufacturer=android" > ${IMAGE_ROOTFS}/system/build.prop
14 | echo "ro.product.model=${MACHINE}" >> ${IMAGE_ROOTFS}/system/build.prop
15 | }
16 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/luks-reencryption/luks-reencryption_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "LUKS2 online re-encryption"
2 | SECTION = "devel"
3 | LICENSE = "BSD-2-Clause"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f"
5 |
6 | inherit allarch systemd
7 |
8 | SRC_URI = "file://luks-reencryption \
9 | file://luks-reencryption.service \
10 | "
11 |
12 | S = "${UNPACKDIR}"
13 |
14 | do_install () {
15 | install -d ${D}${sbindir}
16 | install -m 0755 ${S}/luks-reencryption ${D}${sbindir}
17 |
18 | install -d ${D}${systemd_system_unitdir}
19 | install -m 0644 ${S}/luks-reencryption.service ${D}${systemd_system_unitdir}
20 | }
21 |
22 | SYSTEMD_SERVICE:${PN} = "luks-reencryption.service"
23 | SYSTEMD_AUTO_ENABLE:${PN} = "enable"
24 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-graphics/wayland/weston-init/lmp-wayland/weston.service.patch:
--------------------------------------------------------------------------------
1 | Upstream-Status: Inappropriate [lmp specific]
2 | ---
3 | weston.service | 5 ++++-
4 | 1 file changed, 4 insertions(+), 1 deletion(-)
5 |
6 | diff --git a/weston.service b/weston.service
7 | index b7e845e..0feb079 100644
8 | --- a/weston.service
9 | +++ b/weston.service
10 | @@ -34,7 +34,10 @@ ConditionPathExists=/dev/tty0
11 | # Requires systemd-notify.so Weston plugin.
12 | Type=notify
13 | EnvironmentFile=@sysconfdir@/default/weston
14 | -ExecStart=@bindir@/weston --modules=systemd-notify.so
15 | +ExecStart=@bindir@/weston --modules=systemd-notify.so $OPTARGS
16 | +
17 | +Restart=on-failure
18 | +RestartSec=10
19 |
20 | # Optional watchdog setup
21 | #TimeoutStartSec=60
22 | --
23 | 2.52.0
24 |
25 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-pkcs11-label.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Aktualizr configuration snippet to make sure pkcs#11 token is labeled properly"
2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
3 | SECTION = "base"
4 | LICENSE = "MPL-2.0"
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
6 |
7 | inherit allarch
8 |
9 | SRC_URI = "file://pkcs11-label.toml"
10 |
11 | INHIBIT_DEFAULT_DEPS = "1"
12 |
13 | PV = "1.0"
14 |
15 | S = "${UNPACKDIR}"
16 |
17 | do_install() {
18 | install -m 0700 -d ${D}${libdir}/sota/conf.d
19 | install -m 0644 ${UNPACKDIR}/pkcs11-label.toml ${D}${libdir}/sota/conf.d/46-pkcs11-label.toml
20 | }
21 |
22 | FILES:${PN} = " \
23 | ${libdir}/sota/conf.d/46-pkcs11-label.toml \
24 | "
25 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-fiovb-env-rollback.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Aktualizr configuration snippet to enable Foundries.IO verified boot bootcount function"
2 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr"
3 | SECTION = "base"
4 | LICENSE = "MPL-2.0"
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
6 |
7 | inherit allarch
8 |
9 | SRC_URI = "file://sota-fiovb-env.toml"
10 |
11 | PV = "1.0"
12 |
13 | S = "${UNPACKDIR}"
14 |
15 | do_install() {
16 | install -m 0700 -d ${D}${libdir}/sota/conf.d
17 | install -m 0644 ${UNPACKDIR}/sota-fiovb-env.toml ${D}${libdir}/sota/conf.d/30-rollback.toml
18 | }
19 |
20 | FILES:${PN} = " \
21 | ${libdir}/sota/conf.d \
22 | ${libdir}/sota/conf.d/30-rollback.toml \
23 | "
24 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/compose-apps-early-start/compose-apps-early-start/compose-apps-early-start-recovery:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | recover_compose_apps() {
4 | # Force compose down, restart docker and try again
5 |
6 | for app in `ls /var/sota/compose-apps` ; do
7 | cd /var/sota/compose-apps/${app}
8 | docker compose down
9 | done
10 |
11 | systemctl restart docker
12 | }
13 |
14 | recover_restorable_apps() {
15 | systemctl stop docker
16 | rm -rf /var/sota/compose-apps/*
17 | rm -rf /var/lib/docker
18 |
19 | systemctl start docker
20 | }
21 |
22 | if [ -d /var/sota/reset-apps ] ; then
23 | recover_restorable_apps
24 | else
25 | recover_compose_apps
26 | fi
27 |
28 | systemctl reset-failed compose-apps-early-start.service
29 | sleep 60
30 | systemctl restart compose-apps-early-start.service
31 |
--------------------------------------------------------------------------------
/meta-lmp-base/wic/sdimage-mbr-efi-sota.wks:
--------------------------------------------------------------------------------
1 | # short-description: Create OTA-enabled MBR SD card image compatible with UEFI
2 | # long-description: Creates a partitioned MBR SD card image compatible with UEFI,
3 | # using OSTree physical sysroot as a payload. Firmware related boot files located
4 | # in the first vfat partition (firmware) and UEFI related files and setup available
5 | # at the second vfat partition (id 0xef)
6 |
7 | part firmware --source bootimg_partition --fstype=vfat --system-id 0xf8 --label boot --active --align 4096 --size 32
8 | part /boot/efi --source bootimg_sota_efi --sourceparams="loader=grub-efi" --fstype=vfat --system-id 0xef --label efi --align 4096 --use-uuid --size 128M
9 | part / --source otaimage --fstype=ext4 --align 4096 --use-uuid
10 | bootloader --configfile="grub-ota.cfg"
11 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/pkcs11-se050-import_git.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Tool to import NXP SE050 Secure Objects into PKCS11 / OP-TEE"
2 | HOMEPAGE = "https://github.com/foundriesio/optee-se050-pkcs11-import"
3 | LICENSE = "BSD-3-Clause"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
5 |
6 | DEPENDS = "optee-os-tadevkit optee-client"
7 |
8 | SRC_URI = "git://github.com/foundriesio/optee-se050-pkcs11-import.git;protocol=https;branch=main"
9 | SRCREV = "575c71c4c5cb7b7273232e55b776f6ce984b4e67"
10 |
11 | TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
12 | EXTRA_OEMAKE = "TEEC_EXPORT=${TEEC_EXPORT}"
13 |
14 | do_install() {
15 | install -d ${D}${bindir}
16 | install -m 0755 ${S}/pkcs11-se050-import ${D}${bindir}
17 | }
18 |
19 | RDEPENDS:${PN} = "opensc"
20 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/docker-credential-helper-fio/files/docker-credential-fio-helper:
--------------------------------------------------------------------------------
1 | #!/bin/sh -e
2 |
3 | # Use stderr for logging err output in libaktualizr
4 | export LOG_STDERR=1
5 | SOTA_DIR="${SOTA_DIR-/var/sota}"
6 |
7 | LOGLEVEL="${CREDS_LOGLEVEL-4}"
8 |
9 | if [ "$1" = "get" ] ; then
10 | if [ $(id -u) != "0" ] ; then
11 | echo "ERROR: $0 must be run as root to access $SOTA_DIR"
12 | exit 1
13 | fi
14 | if [ ! -f ${SOTA_DIR}/sota.toml ] ; then
15 | echo "ERROR: Device does not appear to be registered under $SOTA_DIR"
16 | exit 1
17 | fi
18 | server=$(grep -m1 '^[[:space:]]*server' ${SOTA_DIR}/sota.toml | cut -d\" -f2)
19 | if [ -z $server ] ; then
20 | server="https://ota-lite.foundries.io:8443"
21 | fi
22 | exec /usr/bin/aktualizr-get --loglevel $LOGLEVEL -u ${server}/hub-creds/
23 | fi
24 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/tpm-layer/recipes-tpm/swtpm/swtpm_%.bbappend:
--------------------------------------------------------------------------------
1 | # BUG STATEMENT:
2 | # Upstream recipe is breaking due to a parsing error when static IDs are enabled:
3 | # ERROR: build/conf/../../layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb: argument -d/--home-dir: expected one argument
4 | # ERROR: build/conf/../../layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb: swtpm: Unable to parse arguments for USERADD_PARAM:swtpm '--system -g tss --home-dir --no-create-home --shell /bin/false swtpm':
5 | # ERROR: Failed to parse recipe: build/conf/../../layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb
6 | #
7 | # FIX:
8 | # Drop --home-dir
9 | #
10 | # TODO: Submit upstream
11 | USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} \
12 | --no-create-home --shell /bin/false ${BPN}"
13 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/collectd/collectd/collectd.conf:
--------------------------------------------------------------------------------
1 | FQDNLookup false
2 |
3 | LoadPlugin cpu
4 |
5 | ReportByState true
6 | ReportByCpu false
7 | ValuesPercentage true
8 |
9 |
10 | LoadPlugin df
11 |
12 | MountPoint "/"
13 | ReportInodes true
14 | ValuesPercentage true
15 |
16 |
17 | LoadPlugin interface
18 |
19 | Interface "lo"
20 | Interface "/^docker/"
21 | Interface "/^veth/"
22 | Interface "/^sit/"
23 | Interface "/^br/"
24 |
25 | IgnoreSelected true
26 |
27 |
28 | LoadPlugin load
29 |
30 | ReportRelative true
31 |
32 |
33 | LoadPlugin memory
34 |
35 | ValuesAbsolute true
36 | ValuesPercentage false
37 |
38 |
39 | LoadPlugin syslog
40 | LoadPlugin rrdtool
41 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/conf/layer.conf:
--------------------------------------------------------------------------------
1 | # We might have a conf and classes directory, append to BBPATH
2 | BBPATH .= ":${LAYERDIR}"
3 |
4 | # We have a recipes directory, add to BBFILES
5 | BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend"
6 |
7 | BBFILE_COLLECTIONS += "meta-lmp-bsp"
8 | BBFILE_PATTERN_meta-lmp-bsp := "^${LAYERDIR}/"
9 | BBFILE_PRIORITY_meta-lmp-bsp = "9"
10 |
11 | LAYERDEPENDS_meta-lmp-bsp = "core meta-lmp-base"
12 | LAYERSERIES_COMPAT_meta-lmp-bsp = "whinlatter"
13 |
14 | BBFILES_DYNAMIC += " \
15 | meta-arm:${LAYERDIR}/dynamic-layers/meta-arm/*/*/*.bb \
16 | meta-arm:${LAYERDIR}/dynamic-layers/meta-arm/*/*/*.bbappend \
17 | freescale-layer:${LAYERDIR}/dynamic-layers/freescale-layer/*/*/*.bb \
18 | freescale-layer:${LAYERDIR}/dynamic-layers/freescale-layer/*/*/*.bbappend \
19 | "
20 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-ostree-scr-fit/boot.its.in:
--------------------------------------------------------------------------------
1 | /dts-v1/;
2 |
3 | / {
4 | description = "Configuration to load non legacy U-Boot boot script";
5 | #address-cells = <1>;
6 | images {
7 | default = "bootscr";
8 | bootscr {
9 | description = "U-Boot boot script";
10 | data = /incbin/("boot.cmd");
11 | type = "script";
12 | os = "U-Boot";
13 | arch = "arm";
14 | compression = "none";
15 | hash-1 {
16 | algo = "@@FIT_HASH_ALG@@";
17 | };
18 | };
19 | };
20 | configurations {
21 | default = "config-1";
22 | config-1 {
23 | description = "Boot using U-Boot boot script";
24 | script = "bootscr";
25 | signature {
26 | algo = "@@FIT_HASH_ALG@@,rsa2048";
27 | key-name-hint = "@@UBOOT_SIGN_KEYNAME@@";
28 | sign-images = "script";
29 | };
30 | };
31 | };
32 | };
33 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/busybox/busybox_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI:append:lmp = " \
4 | file://less.cfg \
5 | file://shell.cfg \
6 | file://utils.cfg \
7 | file://removed.cfg \
8 | "
9 |
10 | # Remove syslog as it is not required with systemd
11 | SRC_URI:remove = "file://syslog.cfg"
12 |
13 | busybox_cfg_variable() {
14 | CONF_SED_SCRIPT="$CONF_SED_SCRIPT /^CONFIG_$1[ =]/d;"
15 | if test "$2" = "n"; then
16 | echo "# CONFIG_$1 is not set" >> ${S}/.config
17 | else
18 | echo "CONFIG_$1=$2" >> ${S}/.config
19 | fi
20 | }
21 |
22 | do_prepare_config:append() {
23 | CONF_SED_SCRIPT=""
24 |
25 | # No need for klogd as that is provided by systemd
26 | busybox_cfg_variable KLOGD n
27 |
28 | sed -i -e "${CONF_SED_SCRIPT}" ${S}/.config
29 | }
30 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/ima_policy_tcb/ima-policy-tcb_1.0.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "IMA sample tcb policy"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
4 |
5 | # This policy file will get installed as /etc/ima/ima-policy.
6 | # It is located via the normal file search path, so a .bbappend
7 | # to this recipe can just point towards one of its own files.
8 | IMA_POLICY = "ima_policy_tcb"
9 |
10 | SRC_URI = " \
11 | file://${IMA_POLICY} \
12 | "
13 |
14 | S = "${UNPACKDIR}"
15 |
16 | inherit features_check
17 | REQUIRED_DISTRO_FEATURES = "ima"
18 |
19 | do_install () {
20 | install -d ${D}/${sysconfdir}/ima
21 | install ${UNPACKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy
22 | }
23 |
24 | FILES:${PN} = "${sysconfdir}/ima"
25 | RDEPENDS:${PN} = "ima-evm-utils"
26 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/fioefi/fioefi_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Foundries.IO UEFI Firmware Update control script"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | SRC_URI = "file://fioefi.sh.in"
6 | RDEPENDS:${PN} = " lmp-boot-firmware"
7 |
8 | S = "${UNPACKDIR}"
9 |
10 | do_compile() {
11 | # Check if the file wasn't created by soc-specific do_compile() prepend
12 | if [ ! -e ${B}/fioefi ]; then
13 | sed -e 's/@@INCLUDE_SOC_FUNCTIONS@@//g' ${S}/fioefi.sh.in > ${B}/fioefi
14 | fi
15 | }
16 |
17 | do_install () {
18 | install -d ${D}${bindir}
19 | install -m 0755 ${B}/fioefi ${D}${bindir}/fioefi
20 | ln -sf fioefi ${D}${bindir}/fioefi_printenv
21 | ln -sf fioefi ${D}${bindir}/fioefi_setenv
22 | ln -sf fioefi ${D}${bindir}/fioefi_delenv
23 | }
24 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-multimedia/alsa/alsa-utils_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | # Try to restore sound configuration from /usr/lib/alsa/asound.state
4 | # if /var/lib/alsa/asound.state is unavailable.
5 | SRC_URI += "\
6 | file://0001-alsactl-add-fallback-for-restoring-from-asound.state.patch \
7 | file://tmpfiles.conf \
8 | "
9 | EXTRA_OECONF:append = " --with-init-asound-state-dir=${prefix}/lib/alsa"
10 |
11 | do_install:append() {
12 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
13 | install -D -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/alsa_utils.conf
14 | (cd ${D}; vardir=${localstatedir#*/}; rmdir -v --parents ${vardir}/lib/alsa)
15 | fi
16 | }
17 |
18 | FILES:alsa-utils-alsactl += "${nonarch_libdir}/tmpfiles.d/alsa_utils.conf"
19 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/busybox/busybox/shell.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_FEATURE_REVERSE_SEARCH=y
2 | CONFIG_FEATURE_TAB_COMPLETION=y
3 | CONFIG_FEATURE_USERNAME_COMPLETION=y
4 | CONFIG_FEATURE_EDITING_FANCY_PROMPT=y
5 | CONFIG_SH_IS_ASH=y
6 | # CONFIG_SH_IS_HUSH is not set
7 | # CONFIG_SH_IS_NONE is not set
8 | # CONFIG_BASH_IS_ASH is not set
9 | # CONFIG_BASH_IS_HUSH is not set
10 | CONFIG_BASH_IS_NONE=y
11 | CONFIG_ASH=y
12 | CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
13 | CONFIG_ASH_INTERNAL_GLOB=y
14 | CONFIG_ASH_BASH_COMPAT=y
15 | CONFIG_ASH_BASH_SOURCE_CURDIR=y
16 | CONFIG_ASH_BASH_NOT_FOUND_HOOK=y
17 | CONFIG_ASH_JOB_CONTROL=y
18 | CONFIG_ASH_ALIAS=y
19 | CONFIG_ASH_RANDOM_SUPPORT=y
20 | CONFIG_ASH_EXPAND_PRMT=y
21 | CONFIG_ASH_IDLE_TIMEOUT=y
22 | CONFIG_ASH_MAIL=y
23 | CONFIG_ASH_ECHO=y
24 | CONFIG_ASH_PRINTF=y
25 | CONFIG_ASH_TEST=y
26 | CONFIG_ASH_HELP=y
27 | CONFIG_ASH_GETOPTS=y
28 | CONFIG_ASH_CMDCMD=y
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/allow-local-auths.patch:
--------------------------------------------------------------------------------
1 | Allow using local auths instead of generating them as part of the build.
2 |
3 | Upstream-Status: Inappropriate [lmp specific]
4 |
5 | diff --git a/Make.rules b/Make.rules
6 | index d34b2f8..d7b0c7e 100644
7 | --- a/Make.rules
8 | +++ b/Make.rules
9 | @@ -98,8 +98,12 @@ endif
10 | getcert = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo "-c PK.crt -k PK.key"; else echo "-c KEK.crt -k KEK.key"; fi)
11 | getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else echo db; fi)
12 |
13 | +ifeq ($(USE_LOCAL_AUTHS),1)
14 | +%.auth:
15 | +else
16 | %.auth: %.esl PK.crt KEK.crt sign-efi-sig-list
17 | $(SIGN_EFI_SIG_LIST) $(call getcert,$*) $(call getvar,$*) $< $@
18 | +endif
19 |
20 | %-update.auth: %.esl PK.crt KEK.crt sign-efi-sig-list
21 | $(SIGN_EFI_SIG_LIST) -a $(call getcert,$*) $(call getvar,$*) $< $@
22 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr/aktualizr-lite.service.in:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Aktualizr Lite SOTA Client
3 | After=network.target boot-complete.target
4 | Requires=boot-complete.target
5 | ConditionPathExists=|/var/sota/sota.toml
6 | # this should be StartLimitBurst * RestartSec + 1
7 | StartLimitIntervalSec=541
8 | StartLimitBurst=3
9 | StartLimitAction=reboot
10 |
11 | [Service]
12 | User=root
13 | RestartSec=180
14 | Restart=always
15 | ExecStartPre=/usr/bin/mkdir -p /run/aktualizr
16 | Environment="TMPDIR=/run/aktualizr"
17 | Environment="COMPOSE_HTTP_TIMEOUT=@@COMPOSE_HTTP_TIMEOUT@@"
18 | Environment="REGISTRY_AUTH_FILE=@@DOCKER_CRED_HELPER_CFG@@"
19 | # Allowed values are in the [1, 10] range. Aklite adjusts value to the corresponding limit if the specified value is higher or lower than [1, 10].
20 | ExecStart=/usr/bin/aktualizr-lite daemon
21 |
22 | [Install]
23 | WantedBy=multi-user.target
24 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/ostree/ostree_%.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | # Disable PTEST for ostree as it requires options that are not enabled when
4 | # building with meta-updater and meta-lmp.
5 | PTEST_ENABLED = "0"
6 |
7 | SRC_URI:append = " \
8 | file://0001-Allow-updating-files-in-the-boot-directory.patch \
9 | file://0002-u-boot-add-bootdir-to-the-generated-uEnv.txt.patch \
10 | file://0003-Add-support-for-directories-instead-of-symbolic-link.patch \
11 | file://0004-Add-support-for-systemd-boot-bootloader.patch \
12 | file://0005-ostree-decrease-default-grub.cfg-timeout-and-set-def.patch \
13 | file://0006-Add-support-systemd-boot-automatic-boot-assesment.patch \
14 | file://0008-sysroot-deploy-systemd-boot-efi-to-ESP-partition.patch \
15 | file://0001-deploy-only-set-aboot-abootcfg-when-found.patch \
16 | "
17 |
18 | PACKAGECONFIG:remove = "static"
19 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/resize-helper/resize-helper_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Rootfs disk resize-helper"
2 | SECTION = "devel"
3 | LICENSE = "BSD-2-Clause"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f"
5 |
6 | inherit allarch systemd
7 |
8 | RDEPENDS:${PN} += "e2fsprogs-resize2fs gptfdisk util-linux-fdisk util-linux-blockdev util-linux-partx util-linux-findmnt"
9 |
10 | SRC_URI = "file://resize-helper \
11 | file://resize-helper.service \
12 | "
13 |
14 | S = "${UNPACKDIR}"
15 |
16 | PACKAGE_ARCH = "${MACHINE_ARCH}"
17 |
18 | do_install () {
19 | install -d ${D}${sbindir}
20 | install -m 0755 ${S}/resize-helper ${D}${sbindir}
21 |
22 | install -d ${D}${systemd_system_unitdir}
23 | install -m 0644 ${S}/resize-helper.service ${D}${systemd_system_unitdir}
24 | }
25 |
26 | SYSTEMD_SERVICE:${PN} = "resize-helper.service"
27 | SYSTEMD_AUTO_ENABLE:${PN} = "enable"
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/Fix-help2man-failure.patch:
--------------------------------------------------------------------------------
1 | From 546b8c36301bdcf540b3b027fd25baa9cff2abdc Mon Sep 17 00:00:00 2001
2 | From: Lans Zhang
3 | Date: Wed, 23 Mar 2016 19:44:51 +0800
4 | Subject: [PATCH] Fix help2man failure
5 |
6 | Add --no-discard-stderr to work around the error.
7 |
8 | Upstream-Status: Inactive-Upstream
9 |
10 | Signed-off-by: Lans Zhang
11 | ---
12 | Make.rules | 2 +-
13 | 1 file changed, 1 insertion(+), 1 deletion(-)
14 |
15 | diff --git a/Make.rules b/Make.rules
16 | index 4aa7650..21926b0 100644
17 | --- a/Make.rules
18 | +++ b/Make.rules
19 | @@ -142,4 +142,4 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
20 | $(AR) rcv $@ $^
21 |
22 | doc/%.1: doc/%.1.in %
23 | - $(HELP2MAN) --no-info -i $< -o $@ ./$*
24 | + $(HELP2MAN) --no-discard-stderr --no-info -i $< -o $@ ./$*
25 | --
26 | 1.9.1
27 |
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/aktualizr/aktualizr-callback_1.0.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Aktualizr configuration snippet to enable Foundries.IO callback function"
2 | SECTION = "base"
3 | LICENSE = "MPL-2.0"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad"
5 |
6 | inherit allarch
7 |
8 | SRC_URI = "\
9 | file://90-handle-callback.toml \
10 | file://callback-handler \
11 | "
12 |
13 | S = "${UNPACKDIR}"
14 |
15 | do_install() {
16 | install -m 0700 -d ${D}${libdir}/sota/conf.d
17 | install -m 0755 -d ${D}${bindir}
18 | install -m 0644 ${UNPACKDIR}/90-handle-callback.toml ${D}${libdir}/sota/conf.d/90-handle-callback.toml
19 | install -m 0755 ${UNPACKDIR}/callback-handler ${D}${bindir}/callback-handler
20 | }
21 |
22 | FILES:${PN} = " \
23 | ${libdir}/sota/conf.d/90-handle-callback.toml \
24 | ${bindir}/callback-handler \
25 | "
26 |
27 | RDEPENDS:${PN} = "aktualizr-lite"
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/Fix-the-wrong-dependency-for-blacklist.esl.patch:
--------------------------------------------------------------------------------
1 | From 52228c24af681463d73d5bd8454872b3e811855b Mon Sep 17 00:00:00 2001
2 | From: Lans Zhang
3 | Date: Tue, 15 Mar 2016 21:07:31 +0800
4 | Subject: [PATCH] Fix the wrong dependency for %-blacklist.esl
5 |
6 | Upstream-Status: Pending
7 |
8 | Signed-off-by: Lans Zhang
9 | ---
10 | Make.rules | 2 +-
11 | 1 file changed, 1 insertion(+), 1 deletion(-)
12 |
13 | diff --git a/Make.rules b/Make.rules
14 | index 48b02e4..08a2489 100644
15 | --- a/Make.rules
16 | +++ b/Make.rules
17 | @@ -77,7 +77,7 @@ endif
18 | %.hash: %.efi hash-to-efi-sig-list
19 | ./hash-to-efi-sig-list $< $@
20 |
21 | -%-blacklist.esl: %.crt cert-to-efi-hash-list
22 | +%-blacklist.esl: %.crt cert-to-efi-sig-list
23 | ./cert-to-efi-sig-list $< $@
24 |
25 | %-hash-blacklist.esl: %.crt cert-to-efi-hash-list
26 | --
27 | 1.9.1
28 |
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/build-keys-for-lockdown-only.patch:
--------------------------------------------------------------------------------
1 | Only build keys relevant for LockDown.efi
2 |
3 | Upstream-Status: Inappropriate [lmp specific]
4 |
5 | diff --git a/Makefile b/Makefile
6 | index 9638c52..ede2bf9 100644
7 | --- a/Makefile
8 | +++ b/Makefile
9 | @@ -13,7 +13,7 @@ KEYS = PK KEK DB
10 | EXTRAKEYS = DB1 DB2
11 | EXTERNALKEYS = ms-uefi ms-kek
12 |
13 | -ALLKEYS = $(KEYS) $(EXTRAKEYS) $(EXTERNALKEYS)
14 | +ALLKEYS = $(KEYS)
15 |
16 | KEYAUTH = $(ALLKEYS:=.auth)
17 | KEYUPDATEAUTH = $(ALLKEYS:=-update.auth) $(ALLKEYS:=-pkupdate.auth)
18 | @@ -26,9 +26,7 @@ include Make.rules
19 |
20 | EFISIGNED = $(patsubst %.efi,%-signed.efi,$(EFIFILES))
21 |
22 | -all: $(EFIFILES) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) DBX.auth \
23 | - $(KEYUPDATEAUTH) $(KEYBLACKLISTAUTH) $(KEYHASHBLACKLISTAUTH)
24 | -
25 | +all: $(EFIFILES) $(BINARIES) $(MANPAGES) $(KEYAUTH) DBX.auth
26 |
27 | install: all
28 | $(INSTALL) -m 755 -d $(MANDIR)
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/fio-docker-fsck/fio-docker-fsck_git.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "A tool to check and fix an image&layer store of the docker daemon"
2 | HOMEPAGE = "https://github.com/foundriesio/fio-docker-fsck"
3 | SECTION = "devel"
4 | LICENSE = "BSD-3-Clause"
5 | LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=6da28bf14f8fa478195ced00edf4ab7b"
6 |
7 | GO_IMPORT = "github.com/foundriesio/fio-docker-fsck"
8 | GO_IMPORT_PROTO ?= "https"
9 | SRC_URI = " \
10 | git://${GO_IMPORT};protocol=${GO_IMPORT_PROTO};branch=${SRCBRANCH};destsuffix=${GO_SRCURI_DESTSUFFIX} \
11 | file://fio-docker-fsck.service \
12 | "
13 | SRCREV = "c939707c8f424cfd02c8d3c42605ffdb3439d653"
14 | SRCBRANCH = "main"
15 |
16 | UPSTREAM_CHECK_COMMITS = "1"
17 |
18 | SYSTEMD_SERVICE:${PN} = "fio-docker-fsck.service"
19 |
20 | inherit go-mod systemd
21 |
22 | do_install:append() {
23 | install -d ${D}${systemd_system_unitdir}
24 | install -m 0644 ${UNPACKDIR}/fio-docker-fsck.service ${D}${systemd_system_unitdir}/
25 | }
26 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lshw/files/0001-disable-docbook2man.patch:
--------------------------------------------------------------------------------
1 | From 544df0f5fd99925a3ce568c777413e0c31cb0028 Mon Sep 17 00:00:00 2001
2 | From: Jose Quaresma
3 | Date: Mon, 2 Jan 2023 15:32:39 +0000
4 | Subject: [PATCH] build: Do not build .sgml file
5 |
6 | It needs docbook2man tool which we do not have recipe for
7 |
8 | Upstream-Status: Inappropriate [needs native docbook2man tool]
9 |
10 | Signed-off-by: Jose Quaresma
11 | ---
12 | src/Makefile | 2 +-
13 | 1 file changed, 1 insertion(+), 1 deletion(-)
14 |
15 | diff --git a/src/Makefile b/src/Makefile
16 | index ac726d0..af6281d 100644
17 | --- a/src/Makefile
18 | +++ b/src/Makefile
19 | @@ -102,7 +102,7 @@ $(PACKAGENAME)-compressed: $(PACKAGENAME)-static
20 | upx -9 -o $@ $<
21 |
22 | $(PACKAGENAME).1: $(PACKAGENAME).sgml
23 | - docbook2man $<
24 | + @echo "Needs docbook2man"
25 |
26 | pci.ids:
27 | wget http://pciids.sourceforge.net/pci.ids
28 | --
29 | 2.25.1
30 |
31 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/Fix-help2man-error.patch:
--------------------------------------------------------------------------------
1 | From f2e4ff4e63f4a5f8a4452c970ca271091eeaec7d Mon Sep 17 00:00:00 2001
2 | From: Lans Zhang
3 | Date: Sun, 18 Jun 2017 23:35:09 +0800
4 | Subject: [PATCH] Fix help2man error
5 |
6 | This issue may be caused by the poky compiler.
7 |
8 | Upstream-Status: Inactive-Upstream
9 |
10 | Signed-off-by: Lans Zhang
11 | ---
12 | Make.rules | 4 +++-
13 | 1 file changed, 3 insertions(+), 1 deletion(-)
14 |
15 | diff --git a/Make.rules b/Make.rules
16 | index 38c7a22..bda5518 100644
17 | --- a/Make.rules
18 | +++ b/Make.rules
19 | @@ -140,5 +140,7 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
20 | %.a:
21 | $(AR) rcv $@ $^
22 |
23 | +HELP2MAN_PROG_PREFIX ?= .
24 | +
25 | doc/%.1: doc/%.1.in %
26 | - $(HELP2MAN) --no-discard-stderr --no-info -i $< -o $@ ./$*
27 | + $(HELP2MAN) --no-discard-stderr --no-info -i $< -o $@ $(HELP2MAN_PROG_PREFIX)/$*
28 | --
29 | 2.7.5
30 |
31 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/custom-sota-client/custom-sota-client_git.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "Custom SOTA Client example based on the aktualizr-lite C++ API"
2 | SECTION = "base"
3 | LICENSE = "BSD-3-Clause"
4 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=504a5c2455c8bb2fc5b7667833ab1a68"
5 |
6 | inherit pkgconfig cmake systemd
7 |
8 | SRC_URI = "\
9 | git://github.com/foundriesio/sotactl;protocol=https;branch=${BRANCH} \
10 | file://systemd.service \
11 | "
12 |
13 | BRANCH = "main"
14 | SRCREV = "f15dc438a31f7c7316d4f1ab08a58567bfd50fb3"
15 |
16 | DEPENDS = "jsoncpp boost aktualizr"
17 |
18 | SYSTEMD_PACKAGES += "${PN}"
19 | SYSTEMD_SERVICE:${PN} = "${PN}.service"
20 |
21 | do_install:append() {
22 | install -d ${D}${sysconfdir}/sota/conf.d/
23 | install -d ${D}${systemd_system_unitdir}
24 | install -m 0644 ${UNPACKDIR}/systemd.service ${D}${systemd_system_unitdir}/${PN}.service
25 | }
26 |
27 | FILES:${PN} += "\
28 | ${sysconfdir}/sota/conf.d \
29 | ${systemd_system_unitdir}/${PN}.service \
30 | "
31 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/ostree-kernel-initramfs/ostree-kernel-initramfs_%.bbappend:
--------------------------------------------------------------------------------
1 | PACKAGES += "ostree-recovery-initramfs"
2 | ALLOW_EMPTY:ostree-recovery-initramfs = "1"
3 | FILES:ostree-recovery-initramfs = "${nonarch_base_libdir}/ostree-boot"
4 |
5 | INHIBIT_DEFAULT_DEPS = "1"
6 |
7 | do_install:append() {
8 | ostreeboot=${D}${nonarch_base_libdir}/ostree-boot
9 | install -d $ostreeboot
10 |
11 | if [ -n "${INITRAMFS_RECOVERY_IMAGE}" ]; then
12 | if [ "${KERNEL_IMAGETYPE}" = "fitImage" ]; then
13 | cp ${DEPLOY_DIR_IMAGE}/fitImage-${INITRAMFS_RECOVERY_IMAGE}-${MACHINE}-${KERNEL_FIT_LINK_NAME} $ostreeboot/recovery.img
14 | else
15 | cp ${DEPLOY_DIR_IMAGE}/${INITRAMFS_RECOVERY_IMAGE}-${MACHINE}.${INITRAMFS_FSTYPES} $ostreeboot/recovery.img
16 | fi
17 | fi
18 | }
19 |
20 | INITRAMFS_RECOVERY_IMAGE ?= ""
21 | do_install[depends] += "virtual/kernel:do_deploy ${@['${INITRAMFS_RECOVERY_IMAGE}:do_image_complete', ''][d.getVar('INITRAMFS_RECOVERY_IMAGE') == '']}"
22 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/mcumgr/mcumgr_git.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "Management library for 32-bit MCUs"
2 | HOMEPAGE = "https://github.com/apache/mynewt-mcumgr"
3 | SECTION = "devel"
4 | LICENSE = "Apache-2.0"
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
6 |
7 | GO_IMPORT = "github.com/apache/mynewt-mcumgr-cli/mcumgr"
8 | SRC_URI = "git://github.com/apache/mynewt-mcumgr-cli;protocol=https;branch=master"
9 | SRCREV = "5c56bd24066c780aad5836429bfa2ecc4f9a944c"
10 |
11 | UPSTREAM_CHECK_COMMITS = "1"
12 | PV = "v0.0.1+git"
13 |
14 | inherit go
15 |
16 | # OE build default do_compile recipe is creating oddly broken binary
17 | # To fix this, let's use the same as manual build steps
18 | # NOTE: The binary is much larger than default recipe
19 | do_compile() {
20 | cd ${S}/src/${GO_IMPORT}/mcumgr
21 | mkdir -p ${B}/${GO_BUILD_BINDIR}
22 | ${GO} build -o ${B}/${GO_BUILD_BINDIR}/mcumgr mcumgr.go
23 | chmod u+w -R ${B}
24 | }
25 |
26 | RDEPENDS:${PN}-dev += "bash"
27 | RDEPENDS:${PN}-staticdev += "bash"
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-extended/ostree/ostree/0005-ostree-decrease-default-grub.cfg-timeout-and-set-def.patch:
--------------------------------------------------------------------------------
1 | From 85b18f5cf031c9bc32e1e5d5b26fad6f179da867 Mon Sep 17 00:00:00 2001
2 | From: Ricardo Salveti
3 | Date: Tue, 20 Feb 2018 21:09:02 -0300
4 | Subject: [PATCH] ostree: decrease default grub.cfg timeout and set default
5 |
6 | Upstream-Status: Inappropriate [lmp specific]
7 |
8 | Signed-off-by: Jose Quaresma
9 | ---
10 | src/boot/grub2/ostree-grub-generator | 4 ++--
11 | 1 file changed, 2 insertions(+), 2 deletions(-)
12 |
13 | diff --git a/src/boot/grub2/ostree-grub-generator b/src/boot/grub2/ostree-grub-generator
14 | index d1436b6..3caebda 100644
15 | --- a/src/boot/grub2/ostree-grub-generator
16 | +++ b/src/boot/grub2/ostree-grub-generator
17 | @@ -99,8 +99,8 @@ populate_header()
18 | {
19 | cat >> ${new_grub2_cfg} < /dev/null`
22 | printf "%s%s%s" "${UBOOT_LOCALVERSION}" +g $head > ${S}/.scmversion
23 | printf "%s%s%s" "${UBOOT_LOCALVERSION}" +g $head > ${B}/.scmversion
24 | else
25 | printf "%s" "${UBOOT_LOCALVERSION}" > ${S}/.scmversion
26 | printf "%s" "${UBOOT_LOCALVERSION}" > ${B}/.scmversion
27 | fi
28 | }
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/ostreeuploader/ostreeuploader_git.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "Tools used to push an ostree repo to and check if it is synced with OSTreeHub"
2 | HOMEPAGE = "https://github.com/foundriesio/ostreeuploader"
3 | SECTION = "devel"
4 | LICENSE = "Apache-2.0"
5 | LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=6da28bf14f8fa478195ced00edf4ab7b"
6 |
7 | GO_IMPORT = "github.com/foundriesio/ostreeuploader"
8 | GO_IMPORT_PROTO ?= "https"
9 | SRC_URI = "git://${GO_IMPORT};protocol=${GO_IMPORT_PROTO};branch=master;destsuffix=${GO_SRCURI_DESTSUFFIX}"
10 | SRCREV = "5cd2cf990d85a8459c7e9a3f156894d009485e86"
11 |
12 | UPSTREAM_CHECK_COMMITS = "1"
13 |
14 | BBCLASSEXTEND = "native"
15 |
16 | inherit go-mod
17 |
18 | go_do_compile() {
19 | cd ${B}/src/github.com/foundriesio/ostreeuploader
20 | make
21 | }
22 |
23 | do_install() {
24 | install -d ${D}${bindir}
25 | install -m 0755 ${B}/src/github.com/foundriesio/ostreeuploader/bin/fiopush ${D}${bindir}
26 | install -m 0755 ${B}/src/github.com/foundriesio/ostreeuploader/bin/fiocheck ${D}${bindir}
27 | }
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/sbsigntool/sbsigntool/0002-docs-Don-t-build-man-pages.patch:
--------------------------------------------------------------------------------
1 | From 27abd536c0e2f2ee0b4fa373e636076e58ed4510 Mon Sep 17 00:00:00 2001
2 | From: Ilias Apalodimas
3 | Date: Wed, 10 Mar 2021 15:52:52 +0200
4 | Subject: [PATCH] docs: Don't build man pages
5 |
6 | Man pages not needed on embedded targets
7 |
8 | Upstream-Status: Inappropriate [embedded specific]
9 |
10 | Signed-off-by: Ilias Apalodimas
11 | ---
12 | docs/Makefile.am | 5 -----
13 | 1 file changed, 5 deletions(-)
14 |
15 | diff --git a/docs/Makefile.am b/docs/Makefile.am
16 | index 89ed110..6918dd8 100644
17 | --- a/docs/Makefile.am
18 | +++ b/docs/Makefile.am
19 | @@ -1,9 +1,4 @@
20 |
21 | -man1_MANS = sbsign.1 sbverify.1 sbattach.1 sbvarsign.1 sbsiglist.1 \
22 | - sbkeysync.1
23 | -
24 | -EXTRA_DIST = sbsign.1.in sbverify.1.in sbattach.1.in \
25 | - sbvarsign.1.in sbsiglist.1.in sbkeysync.1.in
26 | CLEANFILES = $(man1_MANS)
27 |
28 | $(builddir)/%.1: $(srcdir)/%.1.in $(top_builddir)/src/%
29 | --
30 | 2.25.1
31 |
32 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/base-passwd/base-passwd/0001-Add-missing-groups-from-systemd-basic.conf.patch:
--------------------------------------------------------------------------------
1 | From 065dc1f3a6d8938be22c0111332c4786d534f05c Mon Sep 17 00:00:00 2001
2 | From: Ricardo Salveti
3 | Date: Mon, 31 May 2021 17:51:16 -0300
4 | Subject: [PATCH] Add missing groups from systemd basic.conf
5 |
6 | Add missing groups from systemd sysusers.d/basic.conf to avoid having
7 | them being generated during first boot.
8 |
9 | Upstream-Status: Inappropriate [enable feature]
10 |
11 | Signed-off-by: Ricardo Salveti
12 | Signed-off-by: Jose Quaresma
13 | ---
14 | group.master | 2 ++
15 | 1 file changed, 2 insertions(+)
16 |
17 | diff --git a/group.master b/group.master
18 | index a0f9daf..308eb66 100644
19 | --- a/group.master
20 | +++ b/group.master
21 | @@ -37,8 +37,10 @@ kvm:*:47:
22 | sgx:*:48:
23 | staff:*:50:
24 | games:*:60:
25 | +render:*:61:
26 | shutdown:*:70:
27 | wheel:*:80:
28 | clock:*:81:
29 | +nobody:*:99:
30 | users:*:100:
31 | nogroup:*:65534:
32 | --
33 | 2.52.0
34 |
35 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/linux/linux-lmp.inc:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "Common Foundries.io Linux microPlatform Kernel"
2 |
3 | PV = "${LINUX_VERSION}+git"
4 |
5 | DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
6 | DEPENDS += "openssl-native util-linux-native"
7 |
8 | inherit kernel siteinfo
9 | require recipes-kernel/linux/linux-yocto.inc
10 | require ${@bb.utils.contains_any('DISTRO_FEATURES', 'integrity', 'recipes-kernel/linux/linux_ima.inc', '', d)}
11 |
12 | KCONFIG_MODE = "--alldefconfig"
13 |
14 | LINUX_VERSION_EXTENSION ?= "-lmp-${LINUX_KERNEL_TYPE}"
15 |
16 | # Kernel config
17 | KERNEL_CONFIG_NAME ?= "${KERNEL_PACKAGE_NAME}-config-${KERNEL_ARTIFACT_NAME}"
18 | KERNEL_CONFIG_LINK_NAME ?= "${KERNEL_PACKAGE_NAME}-config"
19 |
20 | # This is needed to apply an optee overlay
21 | KERNEL_DTC_FLAGS += "-@"
22 |
23 | do_deploy:append() {
24 | # Publish final kernel config with a proper datetime-based link
25 | cp -a ${B}/.config ${DEPLOYDIR}/${KERNEL_CONFIG_NAME}
26 | ln -sf ${KERNEL_CONFIG_NAME} ${DEPLOYDIR}/${KERNEL_CONFIG_LINK_NAME}
27 | }
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/wayland-cdi/files/wayland-cdi-generate:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | cditmp="/run/cdi/.wayland.yaml.tmp"
4 |
5 | mkdir -p /run/cdi
6 | cat >${cditmp} <>${cditmp} <>${cditmp} <>${cditmp} < docker-auto-prune.timer
20 | }
21 |
22 | do_install() {
23 | install -d ${D}${systemd_system_unitdir}
24 | install -m 0644 ${UNPACKDIR}/docker-auto-prune.service ${D}${systemd_system_unitdir}
25 | install -m 0644 ${B}/docker-auto-prune.timer ${D}${systemd_system_unitdir}
26 | }
27 |
28 | FILES:${PN} += "${systemd_system_unitdir}/docker-auto-prune.service"
29 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/COPYING.MIT:
--------------------------------------------------------------------------------
1 | Permission is hereby granted, free of charge, to any person obtaining a copy
2 | of this software and associated documentation files (the "Software"), to deal
3 | in the Software without restriction, including without limitation the rights
4 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
5 | copies of the Software, and to permit persons to whom the Software is
6 | furnished to do so, subject to the following conditions:
7 |
8 | The above copyright notice and this permission notice shall be included in
9 | all copies or substantial portions of the Software.
10 |
11 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
17 | THE SOFTWARE.
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/COPYING.MIT:
--------------------------------------------------------------------------------
1 | Permission is hereby granted, free of charge, to any person obtaining a copy
2 | of this software and associated documentation files (the "Software"), to deal
3 | in the Software without restriction, including without limitation the rights
4 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
5 | copies of the Software, and to permit persons to whom the Software is
6 | furnished to do so, subject to the following conditions:
7 |
8 | The above copyright notice and this permission notice shall be included in
9 | all copies or substantial portions of the Software.
10 |
11 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
17 | THE SOFTWARE.
18 |
--------------------------------------------------------------------------------
/meta-lmp-base/conf/distro/include/arm-defaults.inc:
--------------------------------------------------------------------------------
1 | # This function changes the default tune for machines which
2 | # are based on armv7a or armv7ve to use common tune value, note
3 | # that we enforce hard-float which is default on Linux microPlatform.
4 | # If you have one of those machines which are armv7a or armv7ve but
5 | # can't support hard-float, please change tune = 'armv7athf' to
6 | # tune = 'armv7at' below but then this is for your own distro.
7 |
8 | def arm_tune_handler(d):
9 | features = d.getVar('TUNE_FEATURES').split()
10 | if 'armv7a' in features or 'armv7ve' in features:
11 | tune = 'armv7athf'
12 | if 'bigendian' in features:
13 | tune += 'b'
14 | if 'vfpv3' in features:
15 | tune += '-vfpv3'
16 | if 'vfpv3d16' in features:
17 | tune += '-vfpv3d16'
18 | if 'neon' in features:
19 | tune += '-neon'
20 | if 'vfpv4' in features:
21 | tune += '-vfpv4'
22 | else:
23 | tune = d.getVar('DEFAULTTUNE')
24 | return tune
25 |
26 | DEFAULTTUNE:lmp := "${@arm_tune_handler(d)}"
27 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-client-fio.inc:
--------------------------------------------------------------------------------
1 | SUMMARY = "OP-TEE Client API"
2 | DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE"
3 | HOMEPAGE = "https://www.op-tee.org/"
4 |
5 | LICENSE = "BSD-2-Clause"
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
7 |
8 | inherit systemd cmake pkgconfig useradd
9 |
10 | DEPENDS = "util-linux-libuuid"
11 |
12 | SRC_URI = " \
13 | git://github.com/OP-TEE/optee_client.git;protocol=https;branch=master \
14 | "
15 |
16 | UPSTREAM_CHECK_GITTAGREGEX = "^(?P\d+(\.\d+)+)$"
17 |
18 | EXTRA_OECMAKE = " \
19 | -DBUILD_SHARED_LIBS=ON \
20 | -DRPMB_EMU=OFF \
21 | -DCFG_TEE_FS_PARENT_PATH='${localstatedir}/tee' \
22 | -DCFG_TEE_GROUP='teeclnt' \
23 | -DCFG_TEEPRIV_GROUP='teeclnt' \
24 | -DCFG_TEE_SUPPL_USER='root' \
25 | -DCFG_TEE_SUPPL_GROUP='root' \
26 | "
27 | EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
28 |
29 | SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
30 |
31 | USERADD_PACKAGES = "${PN}"
32 | GROUPADD_PARAM:${PN} = "--system teeclnt"
33 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/systemd/systemd/0001-tmpfiles-tmp.conf-reduce-cleanup-age-to-half.patch:
--------------------------------------------------------------------------------
1 | From 630120ddd9a8b73f47392e04d7eea50fd0b0945c Mon Sep 17 00:00:00 2001
2 | From: Ricardo Salveti
3 | Date: Mon, 21 Sep 2020 11:37:18 -0300
4 | Subject: [PATCH] tmpfiles/tmp.conf: reduce cleanup-age to half
5 |
6 | Cleanup tmp at every 5 days and var/tmp at every 15 days, half of the
7 | default values as we don't want the tmp space to grow too much.
8 |
9 | Upstream-Status: Inappropriate [lmp specific]
10 |
11 | Signed-off-by: Ricardo Salveti
12 | ---
13 | tmpfiles.d/tmp.conf | 4 ++--
14 | 1 file changed, 2 insertions(+), 2 deletions(-)
15 |
16 | diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
17 | index 0052719b78..baba840b73 100644
18 | --- a/tmpfiles.d/tmp.conf
19 | +++ b/tmpfiles.d/tmp.conf
20 | @@ -8,5 +8,5 @@
21 | # See tmpfiles.d(5) for details.
22 |
23 | # Clear tmp directories separately, to make them easier to override
24 | -q /tmp 1777 root root 10d
25 | -q /var/tmp 1777 root root 30d
26 | +q /tmp 1777 root root 5d
27 | +q /var/tmp 1777 root root 15d
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-sota/lmp-device-register/lmp-device-register_git.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Linux microPlatform OSF OTA+ device registration tool"
2 | HOMEPAGE = "https://github.com/foundriesio/lmp-device-register"
3 | LICENSE = "MIT"
4 | LIC_FILES_CHKSUM = "file://COPYING.MIT;md5=838c366f69b72c5df05c96dff79b35f2"
5 |
6 | DEPENDS = "boost curl glib-2.0 libp11 openssl"
7 |
8 | SRCREV = "eabec626c8bd059073625917670ae94d6477728e"
9 |
10 | SRC_URI = "git://github.com/foundriesio/lmp-device-register.git;protocol=https;branch=main"
11 |
12 | LMP_DEVICE_API ?= "https://api.foundries.io/ota/devices/"
13 | LMP_OAUTH_API ?= "https://app.foundries.io/oauth"
14 |
15 | PACKAGECONFIG ?= "composeapp"
16 | PACKAGECONFIG[composeapp] = "-DDOCKER_COMPOSE_APP=ON,-DDOCKER_COMPOSE_APP=OFF,"
17 | PACKAGECONFIG[production] = "-DPRODUCTION=ON,-DPRODUCTION=OFF,"
18 |
19 | inherit cmake pkgconfig
20 |
21 | RDEPENDS:${PN} += "${SOTA_CLIENT}"
22 |
23 | EXTRA_OECMAKE += "\
24 | -DGIT_COMMIT=${SRCREV} \
25 | -DHARDWARE_ID=${MACHINE} \
26 | -DDEVICE_API=${LMP_DEVICE_API} \
27 | -DOAUTH_API=${LMP_OAUTH_API} \
28 | -DSOTA_CLIENT=${SOTA_CLIENT} \
29 | "
30 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/composeapp/composectl_git.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "A CLI utility to manage compose apps"
2 | HOMEPAGE = "https://github.com/foundriesio/composeapp"
3 | SECTION = "devel"
4 | LICENSE = "BSD-3-Clause"
5 | LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=504a5c2455c8bb2fc5b7667833ab1a68"
6 |
7 | GO_IMPORT = "github.com/foundriesio/composeapp"
8 | GO_IMPORT_PROTO ?= "https"
9 | SRCBRANCH = "v95"
10 | SRCREV = "862e6bee1d6596a80855c43c19f0655870e2d505"
11 | SRC_URI = "git://${GO_IMPORT};protocol=${GO_IMPORT_PROTO};branch=${SRCBRANCH};destsuffix=${GO_SRCURI_DESTSUFFIX}"
12 | UPSTREAM_CHECK_COMMITS = "1"
13 |
14 | inherit go-mod
15 |
16 | GO_INSTALL = "${GO_IMPORT}/cmd/composectl"
17 | GO_EXTRA_LDFLAGS = "\
18 | -X '${GO_IMPORT}/cmd/composectl/cmd.storeRoot=/var/sota/reset-apps' \
19 | -X '${GO_IMPORT}/cmd/composectl/cmd.composeRoot=/var/sota/compose-apps' \
20 | -X '${GO_IMPORT}/cmd/composectl/cmd.baseSystemConfig=/usr/lib/docker' \
21 | -X '${GO_IMPORT}/cmd/composectl/cmd.commit=${SRCREV}' \
22 | "
23 | do_install:append() {
24 | cd ${D}/${bindir}
25 | ln -sf composectl aklite-apps
26 | }
27 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/alsa-state/alsa-state/alsa-state-init:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 | #
3 | # Copyright Matthias Hentges (c) 2007
4 | # SPDX-License-Identifier: GPL-2.0-or-later
5 | #
6 | # Filename: alsa-state
7 |
8 | # source function library
9 | . /etc/init.d/functions
10 |
11 | asound_restore(){
12 | echo "ALSA: Restoring mixer settings..."
13 | if test -x /usr/sbin/alsactl -a -e #VARSTATEDIR#/asound.state
14 | then
15 | /usr/sbin/alsactl -f #VARSTATEDIR#/asound.state restore &
16 | else
17 | if test -x /usr/sbin/alsactl -a -e #SYSSTATEDIR#/asound.state
18 | then
19 | /usr/sbin/alsactl -f #SYSSTATEDIR#/asound.state restore &
20 | fi
21 | fi
22 | }
23 |
24 | asound_store(){
25 | echo "ALSA: Storing mixer settings..."
26 | if test -x /usr/sbin/alsactl
27 | then
28 | /usr/sbin/alsactl -f #VARSTATEDIR#/asound.state store
29 | fi
30 | }
31 |
32 | case "$1" in
33 | start) asound_restore ;;
34 | stop) asound_store ;;
35 | status)
36 | status /usr/sbin/alsactl;
37 | exit $?
38 | ;;
39 | *)
40 | echo "Usage: /etc/init.d/alsa-state {start|stop|status}"
41 | exit 1
42 | ;;
43 | esac
44 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/docker/python3-docker-vxcan_1.0.2.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Docker NetworkDriver plugin providing CAN connectivity"
2 | HOMEPAGE = "https://github.com/jhaws1982/docker-vxcan.git"
3 | LICENSE = "MIT"
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
5 |
6 | inherit setuptools3 systemd
7 |
8 | SRC_URI = "git://github.com/jhaws1982/docker-vxcan.git;branch=master;protocol=https \
9 | file://docker-vxcan.service \
10 | "
11 | SRCREV = "54e7dd42d5d39fb3cf30a9c479081865fca42534"
12 |
13 | S = "${WORKDIR}/git"
14 | B = "${S}"
15 |
16 | RDEPENDS:${PN} += "\
17 | can-utils \
18 | ${PYTHON_PN}-gunicorn \
19 | ${PYTHON_PN}-flask \
20 | ${PYTHON_PN}-pyroute2 \
21 | ${PYTHON_PN}-sqlite3 \
22 | ${PYTHON_PN}-docker \
23 | ${PYTHON_PN}-docker-pycreds \
24 | "
25 |
26 | do_install:append() {
27 | install -d ${D}${systemd_system_unitdir}
28 | install -m 0644 ${WORKDIR}/docker-vxcan.service ${D}${systemd_system_unitdir}/
29 | }
30 |
31 | SYSTEMD_AUTO_ENABLE:${PN} = "enable"
32 | SYSTEMD_SERVICE:${PN} = "docker-vxcan.service"
33 | FILES:${PN} += "${systemd_system_unitdir}"
34 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/os-release/os-release.bbappend:
--------------------------------------------------------------------------------
1 | OS_RELEASE_FIELDS += "HOME_URL SUPPORT_URL DEFAULT_HOSTNAME LMP_MACHINE LMP_FACTORY LMP_FACTORY_TAG IMAGE_ID IMAGE_VERSION"
2 | OS_RELEASE_UNQUOTED_FIELDS += "IMAGE_ID IMAGE_VERSION"
3 |
4 | # Default values when not built via our factory CI
5 | LMP_DEVICE_FACTORY ?= "lmp"
6 | LMP_DEVICE_REGISTER_TAG ?= "master"
7 | LMP_FACTORY_IMAGE ??= "lmp-factory-image"
8 | H_BUILD ??= "local-image"
9 |
10 | DEFAULT_HOSTNAME = "${MACHINE}"
11 | HOME_URL = "https://foundries.io/"
12 | SUPPORT_URL = "https://support.foundries.io/"
13 | LMP_MACHINE = "${MACHINE}"
14 | LMP_FACTORY = "${LMP_DEVICE_FACTORY}"
15 | LMP_FACTORY_TAG = "${LMP_DEVICE_REGISTER_TAG}"
16 | IMAGE_ID = "${LMP_FACTORY_IMAGE}"
17 | IMAGE_VERSION = "${H_BUILD}"
18 |
19 | PACKAGE_ARCH = "${MACHINE_ARCH}"
20 | # to set the PACKAGE_ARCH we need to bypass
21 | # the allarch_package_arch_handler from allarch.bbclass
22 | python allarch_package_arch_handler () {
23 | pass
24 | }
25 |
26 | inherit deploy
27 |
28 | do_deploy () {
29 | install -d ${DEPLOYDIR}
30 | install -m 0644 os-release ${DEPLOYDIR}
31 | }
32 |
33 | addtask do_deploy after do_install
34 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/systemd/systemd-boot_%.bbappend:
--------------------------------------------------------------------------------
1 | # Ostree handles the default boot configuration
2 | RDEPENDS:${PN}:remove:sota = "virtual-systemd-bootconf"
3 |
4 | # Install systemd-boot at expected path for tools such as bootctl
5 | do_install:append() {
6 | install -d ${D}${nonarch_base_libdir}/systemd/boot/efi
7 | install ${B}/src/boot/systemd-boot*.efi ${D}${nonarch_base_libdir}/systemd/boot/efi
8 | }
9 |
10 | FILES:${PN} += "${nonarch_base_libdir}/systemd/boot/efi"
11 |
12 | do_efi_sign() {
13 | if [ "${UEFI_SIGN_ENABLE}" = "1" ]; then
14 | if [ ! -f "${UEFI_SIGN_KEYDIR}/DB.key" -o ! -f "${UEFI_SIGN_KEYDIR}/DB.crt" ]; then
15 | bbfatal "UEFI_SIGN_KEYDIR or DB.key/crt is invalid"
16 | fi
17 |
18 | for efi in `find ${B}/src/boot -name '*.efi'`; do
19 | sbsign --key ${UEFI_SIGN_KEYDIR}/DB.key --cert ${UEFI_SIGN_KEYDIR}/DB.crt $efi
20 | sbverify --cert ${UEFI_SIGN_KEYDIR}/DB.crt $efi.signed
21 | mv $efi.signed $efi
22 | done
23 | fi
24 | }
25 | do_efi_sign[depends] += "sbsigntool-native:do_populate_sysroot"
26 | do_efi_sign[vardeps] += "UEFI_SIGN_ENABLE UEFI_SIGN_KEYDIR"
27 | addtask efi_sign after do_compile before do_install do_deploy
28 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/sbsigntool/sbsigntool/0006-Makefile.am-do-not-use-Werror.patch:
--------------------------------------------------------------------------------
1 | From 8c8fc325b3146e2e6032821460690f61703daf22 Mon Sep 17 00:00:00 2001
2 | From: Yi Zhao
3 | Date: Wed, 20 Oct 2021 15:31:05 +0800
4 | Subject: [PATCH] Makefile.am: do not use -Werror
5 |
6 | Do not use -Werror to disable openssl 3.0 deprecation warnings turning
7 | into errors.
8 |
9 | Upstream-Status: Pending
10 |
11 | Signed-off-by: Yi Zhao
12 | ---
13 | src/Makefile.am | 2 +-
14 | 1 file changed, 1 insertion(+), 1 deletion(-)
15 |
16 | diff --git a/src/Makefile.am b/src/Makefile.am
17 | index b32befc..16fbfe7 100644
18 | --- a/src/Makefile.am
19 | +++ b/src/Makefile.am
20 | @@ -11,7 +11,7 @@ endif
21 | common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \
22 | ../lib/ccan.git/ccan/read_write_all/read_write_all.c efivars.h $(coff_headers)
23 | common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS)
24 | -common_CFLAGS = -I$(top_srcdir)/lib/ccan/ -Werror
25 | +common_CFLAGS = -I$(top_srcdir)/lib/ccan/
26 |
27 | sbsign_SOURCES = sbsign.c $(common_SOURCES)
28 | sbsign_LDADD = $(common_LDADD)
29 | --
30 | 2.25.1
31 |
32 |
--------------------------------------------------------------------------------
/meta-lmp-base/classes/kernel-lmp-efi.bbclass:
--------------------------------------------------------------------------------
1 | inherit kernel-artifact-names
2 |
3 | # Simple kernel image signing (no unified kernel image)
4 | do_efi_sign() {
5 | if [ "${UEFI_SIGN_ENABLE}" = "1" ]; then
6 | if [ ! -f "${UEFI_SIGN_KEYDIR}/DB.key" -o ! -f "${UEFI_SIGN_KEYDIR}/DB.crt" ]; then
7 | bbfatal "UEFI_SIGN_KEYDIR or DB.key/crt is invalid"
8 | fi
9 |
10 | for imageType in ${KERNEL_IMAGETYPES}; do
11 | if [ -s ${B}/${KERNEL_OUTPUT_DIR}/$imageType.stripped ]; then
12 | kernel=${B}/${KERNEL_OUTPUT_DIR}/$imageType.stripped
13 | else
14 | kernel=${B}/${KERNEL_OUTPUT_DIR}/$imageType
15 | fi
16 | if ! sbsign --key ${UEFI_SIGN_KEYDIR}/DB.key --cert ${UEFI_SIGN_KEYDIR}/DB.crt $kernel; then
17 | bbfatal "Failed to sign kernel: ${kernel}"
18 | fi
19 | if ! sbverify --cert ${UEFI_SIGN_KEYDIR}/DB.crt $kernel.signed; then
20 | bbfatal "sbverify failed for kernel: ${kernel}.signed"
21 | fi
22 | mv $kernel.signed $kernel
23 | done
24 | fi
25 | }
26 | do_efi_sign[depends] += "sbsigntool-native:do_populate_sysroot"
27 | do_efi_sign[vardeps] += "UEFI_SIGN_ENABLE UEFI_SIGN_KEYDIR"
28 | addtask efi_sign before do_deploy after do_bundle_initramfs
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/bt-6lowpan-setup/bt-6lowpan-setup_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Setup BT 6LoWPAN network / modules"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch
6 |
7 | SRC_URI = " \
8 | file://bt-6lowpan.network.in \
9 | file://modules-6lowpan.conf \
10 | "
11 |
12 | S = "${UNPACKDIR}"
13 |
14 | PACKAGE_ARCH = "${MACHINE_ARCH}"
15 |
16 | # Allow build time customizations by the user
17 | BT_6LOWPAN_INTERFACE ?= "bt0"
18 | BT_6LOWPAN_NETWORK ?= ""
19 |
20 | do_compile() {
21 | if [ ! -z "${BT_6LOWPAN_NETWORK}" ]; then
22 | sed -e 's/@@BT_6LOWPAN_NETWORK@@/${BT_6LOWPAN_NETWORK}/' \
23 | ${S}/bt-6lowpan.network.in > bt-6lowpan.network
24 | fi
25 | }
26 |
27 | do_install() {
28 | if [ -f "${S}/bt-6lowpan.network" ]; then
29 | install -d ${D}${systemd_unitdir}/network
30 | install -m 0644 ${B}/bt-6lowpan.network ${D}${systemd_unitdir}/network/60-bt-6lowpan.network
31 | fi
32 | install -d ${D}${libdir}/modules-load.d
33 | install -m 0644 ${UNPACKDIR}/modules-6lowpan.conf ${D}${libdir}/modules-load.d/6lowpan.conf
34 | }
35 |
36 | FILES:${PN} += "${libdir}/modules-load.d"
37 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/compose-apps-early-start/compose-apps-early-start.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "A systemd oneshot helper to start compose apps as early as possible"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | SRC_URI = " \
6 | file://compose-apps-early-start-recovery.service \
7 | file://compose-apps-early-start.service \
8 | file://compose-apps-early-start-recovery \
9 | file://compose-apps-early-start \
10 | "
11 |
12 | S = "${UNPACKDIR}"
13 |
14 | inherit systemd
15 |
16 | SYSTEMD_SERVICE:${PN} = "compose-apps-early-start.service"
17 |
18 | do_install() {
19 | install -d ${D}${systemd_system_unitdir}
20 | install -m 0644 ${UNPACKDIR}/compose-apps-early-start.service ${D}${systemd_system_unitdir}/
21 | install -m 0644 ${UNPACKDIR}/compose-apps-early-start-recovery.service ${D}${systemd_system_unitdir}/
22 | install -d ${D}${bindir}
23 | install -m 0755 ${UNPACKDIR}/compose-apps-early-start ${D}${bindir}/
24 | install -m 0755 ${UNPACKDIR}/compose-apps-early-start-recovery ${D}${bindir}/
25 | }
26 |
27 | FILES:${PN} += "${systemd_system_unitdir}/*.service"
28 | RDEPENDS:${PN} += "composectl"
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/sbsigntool/sbsigntool/0004-src-Makefile.am-Add-read_write_all.c-to-common_SOURC.patch:
--------------------------------------------------------------------------------
1 | From 98365ce5ecf835841344bf1b6ec34f00223a4ca5 Mon Sep 17 00:00:00 2001
2 | From: Robert Yang
3 | Date: Thu, 17 Jun 2021 08:05:25 +0000
4 | Subject: [PATCH] src/Makefile.am: Add read_write_all.c to common_SOURCES
5 |
6 | It is required by image.c.
7 |
8 | Fixed:
9 | src/image.c:659: undefined reference to `write_all'
10 |
11 | Upstream-Status: Pending
12 |
13 | Signed-off-by: Robert Yang
14 | ---
15 | src/Makefile.am | 2 +-
16 | 1 file changed, 1 insertion(+), 1 deletion(-)
17 |
18 | diff --git a/src/Makefile.am b/src/Makefile.am
19 | index 38f93ff..b32befc 100644
20 | --- a/src/Makefile.am
21 | +++ b/src/Makefile.am
22 | @@ -9,7 +9,7 @@ AM_CFLAGS += -DOPENSSL_API_COMPAT=0x10100000L
23 | endif
24 |
25 | common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \
26 | - efivars.h $(coff_headers)
27 | + ../lib/ccan.git/ccan/read_write_all/read_write_all.c efivars.h $(coff_headers)
28 | common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS)
29 | common_CFLAGS = -I$(top_srcdir)/lib/ccan/ -Werror
30 |
31 | --
32 | 2.25.1
33 |
34 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/ima_policy_tcb/files/ima_policy_tcb:
--------------------------------------------------------------------------------
1 | # PROC_SUPER_MAGIC = 0x9fa0
2 | dont_measure fsmagic=0x9fa0
3 | # SYSFS_MAGIC = 0x62656572
4 | dont_measure fsmagic=0x62656572
5 | # DEBUGFS_MAGIC = 0x64626720
6 | dont_measure fsmagic=0x64626720
7 | # TMPFS_MAGIC = 0x1021994
8 | dont_measure fsmagic=0x1021994
9 | # DEVPTS_SUPER_MAGIC=0x1cd1
10 | dont_measure fsmagic=0x1cd1
11 | # BINFMTFS_MAGIC=0x42494e4d
12 | dont_measure fsmagic=0x42494e4d
13 | # SECURITYFS_MAGIC=0x73636673
14 | dont_measure fsmagic=0x73636673
15 | # SELINUX_MAGIC=0xf97cff8c
16 | dont_measure fsmagic=0xf97cff8c
17 | # SMACK_MAGIC=0x43415d53
18 | dont_measure fsmagic=0x43415d53
19 | # CGROUP_SUPER_MAGIC=0x27e0eb
20 | dont_measure fsmagic=0x27e0eb
21 | # CGROUP2_SUPER_MAGIC=0x63677270
22 | dont_measure fsmagic=0x63677270
23 | # NSFS_MAGIC=0x6e736673
24 | dont_measure fsmagic=0x6e736673
25 | # EFIVARFS_MAGIC=0xde5e81e4
26 | dont_measure fsmagic=0xde5e81e4
27 |
28 | measure func=MMAP_CHECK mask=MAY_EXEC
29 | measure func=BPRM_CHECK mask=MAY_EXEC
30 | measure func=FILE_CHECK mask=^MAY_READ euid=0
31 | measure func=FILE_CHECK mask=^MAY_READ uid=0
32 | measure func=MODULE_CHECK
33 | measure func=FIRMWARE_CHECK
34 | measure func=POLICY_CHECK
35 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/docker-compose/docker-compose-switch_1.0.5.bb:
--------------------------------------------------------------------------------
1 | HOMEPAGE = "https://github.com/docker/compose-switch"
2 | SUMMARY = "Compose Switch is a replacement to the Compose V1 \
3 | docker-compose (python) executable. It translates the command \
4 | line into Compose V2 docker compose then run the latter."
5 | SECTION = "devel"
6 | LICENSE = "Apache-2.0"
7 | LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
8 |
9 | SRC_URI = "git://github.com/docker/compose-switch.git;branch=master;protocol=https"
10 | SRCREV = "00ad39bc37dac1248501aad29be97dc904cf87de"
11 |
12 | UPSTREAM_CHECK_COMMITS = "1"
13 |
14 | GO_IMPORT = "github.com/docker/compose-switch"
15 |
16 | inherit go-mod update-alternatives
17 |
18 | GO_EXTRA_LDFLAGS = "-w -X ${GO_IMPORT}/internal.Version=${PV}"
19 |
20 | go_do_compile() {
21 | export TMPDIR="${GOTMPDIR}"
22 | mkdir -p ${B}/${GO_BUILD_BINDIR}
23 | ${GO} build ${GOBUILDFLAGS} -o ${B}/${GO_BUILD_BINDIR}/docker-compose ./main.go
24 | }
25 |
26 | ALTERNATIVE:${PN} = "docker-compose"
27 | ALTERNATIVE_PRIORITY = "100"
28 | ALTERNATIVE_LINK_NAME[docker-compose] = "${base_bindir}/docker-compose"
29 |
30 | RDEPENDS:${PN} += "docker-compose"
31 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/ptest-runner/ptest-runner/ptest-lmp-runner.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # LMP has a read-only rootfs, so we can't execute ptest-runner directly
4 | # as most test cases expect to be able to write data to the disk.
5 | #
6 | # As a workaround, copy over all ptests available at /usr/lib into a
7 | # writable directory, and use that as reference with ptest-runner.
8 |
9 | set -e
10 |
11 | # List of ptests to run, separated by spaces (empty means all)
12 | PTESTS=${PTESTS}
13 |
14 | PTEST_DIR=${HOME}/ptests
15 | rm -fr ${PTEST_DIR}
16 |
17 | # Tests are available under /usr/lib//ptest
18 | find /usr/lib -name run-ptest | while read pkg; do
19 | pkg_path=$(echo ${pkg} | sed -e "s/\/ptest\/run-ptest//")
20 | ptest=$(basename ${pkg_path})
21 | mkdir -p ${PTEST_DIR}/${ptest}/
22 | cp -r ${pkg_path}/ptest/ ${PTEST_DIR}/${ptest}/
23 | done
24 |
25 | # Print available tests before executing them
26 | ptest-runner -d ${PTEST_DIR} -l
27 |
28 | # Run desired ptests
29 | echo
30 | if [ -n "${PTESTS}" ]; then
31 | echo "Running ptests: ${PTESTS}"
32 | else
33 | echo "Running all ptests available at ${PTEST_DIR}"
34 | fi
35 | echo
36 |
37 | ptest-runner -x ptest-run.xml -d ${PTEST_DIR} ${PTESTS}
38 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lmp-device-auto-register/lmp-device-auto-register.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "A systemd oneshot helper to auto register a device"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | RDEPENDS:${PN} += "lmp-device-register"
6 |
7 | SRC_URI = " \
8 | file://lmp-device-auto-register.service.in \
9 | file://lmp-device-auto-register \
10 | file://api-token \
11 | "
12 |
13 | S = "${UNPACKDIR}"
14 |
15 | inherit systemd
16 |
17 | SYSTEMD_SERVICE:${PN} = "lmp-device-auto-register.service"
18 | LMP_AUTO_REGISTER_USE_HOSTNAME ?= ""
19 |
20 | do_compile() {
21 | sed -e 's/@@LMP_AUTO_REGISTER_USE_HOSTNAME@@/${LMP_AUTO_REGISTER_USE_HOSTNAME}/' \
22 | ${UNPACKDIR}/lmp-device-auto-register.service.in > ${B}/lmp-device-auto-register.service
23 | }
24 |
25 | do_install() {
26 | install -d ${D}${systemd_system_unitdir}
27 | install -m 0644 ${B}/lmp-device-auto-register.service ${D}${systemd_system_unitdir}/
28 | install -d ${D}${bindir}
29 | install -m 0755 ${UNPACKDIR}/lmp-device-auto-register ${D}${bindir}/
30 | install -d ${D}${sysconfdir}
31 | install -m 0600 ${UNPACKDIR}/api-token ${D}${sysconfdir}/lmp-device-register-token
32 | }
33 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-connectivity/docker-network-ref/docker-network-ref_1.0.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Auto creation of the `docker-network-ref` docker bridge network"
2 | LICENSE = "BSD-2-Clause"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f"
4 |
5 | inherit systemd
6 |
7 | SYSTEMD_AUTO_ENABLE = "enable"
8 | SYSTEMD_SERVICE:${PN} = "docker-network-ref.service"
9 |
10 | SRC_URI = " \
11 | file://create-docker-ref-network.sh.in \
12 | file://docker-network-ref.service \
13 | "
14 |
15 | S = "${UNPACKDIR}"
16 |
17 | DOCKER_NETWORK_NAME ?= "docker-network-ref"
18 |
19 | do_compile() {
20 | sed -e 's|@@DOCKER_NETWORK_NAME@@|${DOCKER_NETWORK_NAME}|g' \
21 | ${UNPACKDIR}/create-docker-ref-network.sh.in > ${B}/create-docker-ref-network.sh
22 | }
23 |
24 | do_install() {
25 | install -d ${D}${systemd_unitdir}/system
26 | install -m 0644 ${UNPACKDIR}/docker-network-ref.service ${D}${systemd_unitdir}/system
27 | install -d ${D}${sbindir}
28 | install -m 0755 ${B}/create-docker-ref-network.sh ${D}${sbindir}/
29 | }
30 |
31 | FILES:${PN} = " \
32 | ${systemd_unitdir}/system/docker-network-ref.service \
33 | ${sbindir}/create-docker-ref-network.sh \
34 | "
35 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-kernel/jool/jool_git.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "Jool is an Open Source SIIT and NAT64 for Linux"
2 | SUMMARY = "SIIT and NAT64 for Linux"
3 | HOMEPAGE = "https://www.jool.mx"
4 | SECTION = "kernel/network"
5 | LICENSE = "GPL-2.0-only"
6 | LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
7 |
8 | SRC_URI = "git://github.com/NICMx/Jool.git;protocol=https;branch=main"
9 |
10 | PV = "4.1.10"
11 | SRCREV = "47334c9124b7a2e3253fb279e6c33acb9c2b09a6"
12 |
13 | inherit module
14 |
15 | EXTRA_OEMAKE += 'ARCH="${ARCH}" CROSS_COMPILE="${TARGET_PREFIX}" \
16 | KERNEL_DIR="${STAGING_KERNEL_DIR}" KERNEL_VERSION="${KERNEL_VERSION}" \
17 | '
18 |
19 | do_compile() {
20 | for module in common nat64 siit; do
21 | oe_runmake -C "${S}/src/mod/${module}" CC="${KERNEL_CC}" LD="${KERNEL_LD}" \
22 | AR="${KERNEL_AR}" O=${STAGING_KERNEL_BUILDDIR}
23 | done
24 | }
25 |
26 | do_install() {
27 | for module in common nat64 siit; do
28 | oe_runmake DEPMOD=echo MODLIB="${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}" \
29 | -C "${S}/src/mod/${module}" CC="${KERNEL_CC}" LD="${KERNEL_LD}" \
30 | AR="${KERNEL_AR}" O=${STAGING_KERNEL_BUILDDIR} modules_install
31 | done
32 | }
33 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/lmp-el2go-auto-register/lmp-el2go-auto-register.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "A systemd oneshot helper to auto register a device using EdgeLock2GO"
2 | HOMEPAGE = "https://github.com/foundriesio/lmp-el2go-auto-register"
3 | SECTION = "devel"
4 | LICENSE = "MIT"
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
6 |
7 | SRC_URI = "git://github.com/foundriesio/lmp-el2go-auto-register.git;protocol=https;branch=main \
8 | file://default.env \
9 | file://root.crt \
10 | "
11 | SRCREV = "302d47ee8e8daaa3febbfe3b4b27f80d16bb4aee"
12 |
13 | RDEPENDS:${PN} += "python3-core opensc fio-se05x-cli"
14 |
15 | inherit systemd
16 |
17 | SYSTEMD_SERVICE:${PN} = "lmp-el2go-auto-register.service"
18 |
19 | do_install() {
20 | install -d ${D}${systemd_system_unitdir}
21 | install -m 0644 ${S}/lmp-el2go-auto-register.service ${D}${systemd_system_unitdir}
22 | install -d ${D}${bindir}
23 | install -m 0755 ${S}/lmp-el2go-auto-register ${D}${bindir}
24 | install -d ${D}${sysconfdir}/default
25 | install -m 0644 ${UNPACKDIR}/default.env ${D}${sysconfdir}/default/lmp-el2go-auto-register
26 | install -d ${D}${datadir}/lmp-el2go-auto-register
27 | install -m 0644 ${UNPACKDIR}/root.crt ${D}${datadir}/lmp-el2go-auto-register
28 | }
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/dynamic-layers/tpm-layer/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11/0002-db-don-t-warn-the-user-when-db-is-not-found.patch:
--------------------------------------------------------------------------------
1 | From f584251d2ba5225bb415750ec10f22b60ff9dfce Mon Sep 17 00:00:00 2001
2 | From: Ricardo Salveti
3 | Date: Sat, 11 Mar 2023 13:02:38 -0300
4 | Subject: [PATCH 2/3] db: don't warn the user when db is not found
5 |
6 | Expected code path when db needs to be initialized (first run).
7 |
8 | Upstream-Status: Inappropriate [lmp specific]
9 |
10 | Signed-off-by: Ricardo Salveti
11 | Signed-off-by: Jose Quaresma
12 | ---
13 | src/lib/db.c | 2 +-
14 | 1 file changed, 1 insertion(+), 1 deletion(-)
15 |
16 | diff --git a/src/lib/db.c b/src/lib/db.c
17 | index 8304ec4..8fa9e95 100644
18 | --- a/src/lib/db.c
19 | +++ b/src/lib/db.c
20 | @@ -1480,7 +1480,7 @@ static CK_RV db_get_version(sqlite3 *db, unsigned *version) {
21 | sqlite3_stmt *stmt;
22 | int rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
23 | if (rc != SQLITE_OK) {
24 | - LOGW("Cannot prepare version query: %s\n", sqlite3_errmsg(global.db));
25 | + LOGV("Cannot prepare version query: %s\n", sqlite3_errmsg(global.db));
26 | *version = DB_EMPTY;
27 | return CKR_OK;
28 | }
29 | --
30 | 2.50.1
31 |
32 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/0001-Enable-RISC-V-build.patch:
--------------------------------------------------------------------------------
1 | From 8f6402f69f8366777861a56c53ae9893b27fbbad Mon Sep 17 00:00:00 2001
2 | From: Heinrich Schuchardt
3 | Date: Fri, 30 Jul 2021 17:20:18 +0200
4 | Subject: [PATCH 1/1] Enable RISC-V build
5 |
6 | Set necessary Makefile variables for architecture riscv64.
7 |
8 | Upstream-Status: Inactive-Upstream
9 |
10 | Signed-off-by: Heinrich Schuchardt
11 | ---
12 | Make.rules | 7 +++++++
13 | 1 file changed, 7 insertions(+)
14 |
15 | diff --git a/Make.rules b/Make.rules
16 | index 903a5a4..69bd3bd 100644
17 | --- a/Make.rules
18 | +++ b/Make.rules
19 | @@ -10,6 +10,8 @@ else ifeq ($(ARCH),aarch64)
20 | ARCH3264 =
21 | else ifeq ($(ARCH),arm)
22 | ARCH3264 =
23 | +else ifeq ($(ARCH),riscv64)
24 | +ARCH3264 =
25 | else
26 | $(error unknown architecture $(ARCH))
27 | endif
28 | @@ -56,6 +58,11 @@ ifeq ($(ARCH),aarch64)
29 | FORMAT = -O binary
30 | endif
31 |
32 | +ifeq ($(ARCH),riscv64)
33 | + LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a
34 | + FORMAT = -O binary
35 | +endif
36 | +
37 | %.efi: %.so
38 | $(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic -j .dynsym \
39 | -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \
40 | --
41 | 2.31.1
42 |
43 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/cryptfs_tpm2:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2022 Fondries.IO
2 | # SPDX-License-Identifier: MIT
3 |
4 | cryptfs_check_tpm2() {
5 | [ ! -d /sys/firmware/efi/efivars ] && fatal "EFI vars sysfs mount point not found"
6 |
7 | # Check for SecureBoot support as PCR 7 differs based on its state
8 | efi_secure=`efivar --name=8be4df61-93ca-11d2-aa0d-00e098032b8c-SecureBoot --print-decimal`
9 | efi_mode=`efivar --name=8be4df61-93ca-11d2-aa0d-00e098032b8c-SetupMode --print-decimal`
10 | if [ "${efi_secure}" -ne 1 ] || [ "${efi_mode}" -ne 0 ]; then
11 | fatal "UEFI SecureBoot not enabled (required due PCR 7)"
12 | fi
13 |
14 | [ ! -e /sys/class/tpm ] && fatal "Linux TPM subsystem not found"
15 |
16 | ! systemd-cryptenroll --tpm2-device=list | grep -q "^/dev" &&
17 | fatal "Make sure a valid TPM 2.0 device is available, aborting."
18 | }
19 |
20 | cryptfs_check_token_tpm2() {
21 | :
22 | }
23 |
24 | cryptfs_pre_tpm2() {
25 | :
26 | }
27 |
28 | cryptfs_post_tpm2() {
29 | :
30 | }
31 |
32 | cryptfs_enroll_tpm2() {
33 | root_dev=$1
34 |
35 | # Use auto, assuming there is only one TPM 2.0 device on the target hardware
36 | PASSWORD=`cat /run/cryptsetup/passphrase` PIN=foo systemd-cryptenroll ${root_dev} --tpm2-device=auto --tpm2-pcrs=7 --wipe-slot=password
37 | }
38 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/Makefile-do-not-build-signed-efi-image.patch:
--------------------------------------------------------------------------------
1 | From 923b9cb2bfe81ff29a29d46bfc4e3fe172e0e5ae Mon Sep 17 00:00:00 2001
2 | From: Yunguo Wei
3 | Date: Tue, 17 Jan 2017 17:24:51 +0800
4 | Subject: [PATCH] Makefile: do not build signed efi image
5 |
6 | Upstream-Status: Inactive-Upstream
7 |
8 | Signed-off-by: Yunguo Wei
9 | ---
10 | Makefile | 5 ++---
11 | 1 file changed, 2 insertions(+), 3 deletions(-)
12 |
13 | diff --git a/Makefile b/Makefile
14 | index addb593..a1fc538 100644
15 | --- a/Makefile
16 | +++ b/Makefile
17 | @@ -1,5 +1,4 @@
18 | -EFIFILES = HelloWorld.efi LockDown.efi Loader.efi ReadVars.efi UpdateVars.efi \
19 | - KeyTool.efi HashTool.efi SetNull.efi ShimReplace.efi
20 | +EFIFILES = LockDown.efi
21 | BINARIES = cert-to-efi-sig-list sig-list-to-certs sign-efi-sig-list \
22 | hash-to-efi-sig-list efi-readvar efi-updatevar cert-to-efi-hash-list \
23 | flash-var
24 | @@ -27,7 +26,7 @@ include Make.rules
25 |
26 | EFISIGNED = $(patsubst %.efi,%-signed.efi,$(EFIFILES))
27 |
28 | -all: $(EFISIGNED) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
29 | +all: $(EFIFILES) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
30 | $(KEYUPDATEAUTH) $(KEYBLACKLISTAUTH) $(KEYHASHBLACKLISTAUTH)
31 |
32 |
33 | --
34 | 2.7.4
35 |
36 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/base-files/base-files/profile:
--------------------------------------------------------------------------------
1 | # /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
2 | # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
3 |
4 | PATH="/usr/local/bin:/usr/bin:/bin"
5 | EDITOR="vi" # needed for packages like cron, git-commit
6 | [ "$TERM" ] || TERM="vt100" # Basic terminal capab. For screen etc.
7 |
8 | # Add /sbin & co to $PATH for every user
9 | PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
10 |
11 | # Set the prompt for bash and ash (no other shells known to be in use here)
12 | if [ -n "$PS1" ]; then
13 | if [ $(id -u) -eq 0 ]; then
14 | PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
15 | else
16 | PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
17 | fi
18 | fi
19 |
20 | if [ -d /etc/profile.d ]; then
21 | for i in /etc/profile.d/*.sh; do
22 | if [ -f $i -a -r $i ]; then
23 | . $i
24 | fi
25 | done
26 | unset i
27 | fi
28 |
29 | # Make sure we are on a serial console (i.e. the device used starts with
30 | # /dev/tty[A-z]), otherwise we confuse e.g. the eclipse launcher which tries do
31 | # use ssh
32 | case $(tty 2>/dev/null) in
33 | /dev/tty[A-z]*) [ -x @BINDIR@/resize ] && @BINDIR@/resize >/dev/null;;
34 | esac
35 |
36 | export PATH PS1 OPIEDIR QPEDIR QTDIR EDITOR TERM
37 |
38 | umask 022
39 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-fio/qemuarm64/lmp-ebbr.cfg:
--------------------------------------------------------------------------------
1 | CONFIG_FIT=y
2 | CONFIG_FIT_VERBOSE=y
3 | CONFIG_SYS_TEXT_BASE=0x60000000
4 | CONFIG_ENV_IS_IN_FAT=y
5 | CONFIG_ENV_FAT_INTERFACE="virtio"
6 | CONFIG_ENV_FAT_DEVICE_AND_PART="0:1"
7 | # CONFIG_ENV_IS_IN_FLASH is not set
8 | # CONFIG_BOOTCOMMAND is not set
9 |
10 | CONFIG_MTD=y
11 | CONFIG_DM_MTD=y
12 | CONFIG_MTD_NOR_FLASH=y
13 |
14 | CONFIG_EFI_PARTITION=y
15 | CONFIG_BOOTM_EFI=y
16 | CONFIG_CMD_BOOTEFI=y
17 | CONFIG_CMD_BOOTEFI_HELLO_COMPILE=y
18 | CONFIG_CMD_BOOTEFI_HELLO=y
19 | CONFIG_CMD_BOOTEFI_SELFTEST=y
20 | CONFIG_CMD_EFIDEBUG=y
21 | CONFIG_CMD_GPT=y
22 | CONFIG_CMD_NVEDIT_INFO=y
23 | CONFIG_CMD_NVEDIT_EFI=y
24 | CONFIG_EFI_LOADER=y
25 | CONFIG_EFI_VARIABLE_FILE_STORE=y
26 | CONFIG_EFI_DEVICE_PATH_TO_TEXT=y
27 | CONFIG_EFI_LOADER_HII=y
28 | CONFIG_EFI_UNICODE_COLLATION_PROTOCOL2=y
29 | CONFIG_EFI_UNICODE_CAPITALIZATION=y
30 | CONFIG_EFI_HAVE_RUNTIME_RESET=y
31 |
32 | CONFIG_DM_RTC=y
33 | CONFIG_EFI_GET_TIME=y
34 | CONFIG_EFI_SET_TIME=y
35 | CONFIG_RTC_EMULATION=y
36 |
37 | CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
38 | CONFIG_EFI_CAPSULE_FIRMWARE=y
39 | CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
40 | CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
41 | CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
42 | CONFIG_EFI_CAPSULE_ON_DISK=y
43 | # CONFIG_EFI_CAPSULE_ON_DISK_EARLY is not set
44 | CONFIG_EFI_IGNORE_OSINDICATIONS=y
45 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/systemd/systemd/systemd-networkd-wait-online.service.in-use-any-by-d.patch:
--------------------------------------------------------------------------------
1 | From 9a4ee35be630d1f0be5d28d52e3e030e087cda77 Mon Sep 17 00:00:00 2001
2 | From: Ricardo Salveti
3 | Date: Tue, 2 Jul 2019 21:01:15 -0300
4 | Subject: [PATCH] systemd-networkd-wait-online.service.in: use --any by default
5 |
6 | Use --any by default when waiting for a network interface to be fully
7 | configured, otherwise it blocks until all the available interfaces are
8 | in the configured state.
9 |
10 | Upstream-Status: Inappropriate [lmp specific]
11 |
12 | Signed-off-by: Ricardo Salveti
13 | Signed-off-by: Jose Quaresma
14 | ---
15 | units/systemd-networkd-wait-online.service.in | 2 +-
16 | 1 file changed, 1 insertion(+), 1 deletion(-)
17 |
18 | diff --git a/units/systemd-networkd-wait-online.service.in b/units/systemd-networkd-wait-online.service.in
19 | index 7768121f5f..7d26e04fe3 100644
20 | --- a/units/systemd-networkd-wait-online.service.in
21 | +++ b/units/systemd-networkd-wait-online.service.in
22 | @@ -19,7 +19,7 @@ Before=network-online.target shutdown.target
23 |
24 | [Service]
25 | Type=oneshot
26 | -ExecStart={{LIBEXECDIR}}/systemd-networkd-wait-online
27 | +ExecStart={{LIBEXECDIR}}/systemd-networkd-wait-online --any
28 | RemainAfterExit=yes
29 |
30 | [Install]
31 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-ostree-scr-fit/beaglebone-yocto/boot.cmd:
--------------------------------------------------------------------------------
1 | # Default boot type and device
2 | setenv bootlimit 3
3 |
4 | setenv bootcmd_resetvars 'setenv kernel_image; setenv bootargs; setenv kernel_image2; setenv bootargs2'
5 | setenv bootcmd_otenv 'run bootcmd_resetvars; ext4load ${devtype} ${devnum}:2 ${loadaddr} /boot/loader/uEnv.txt; env import -t ${loadaddr} ${filesize} kernel_image bootargs kernel_image2 bootargs2'
6 | setenv bootcmd_load_f 'ext4load ${devtype} ${devnum}:2 ${rdaddr} "/boot"${kernel_image}'
7 | setenv bootcmd_run 'bootm ${rdaddr}#conf-${fdtfile}'
8 | setenv bootcmd_rollbackenv 'setenv kernel_image ${kernel_image2}; setenv bootargs ${bootargs2}'
9 | setenv bootcmd_set_rollback 'if test ! "${rollback}" = "1"; then setenv rollback 1; setenv upgrade_available 0; saveenv; fi'
10 | setenv bootostree 'run bootcmd_load_f; run bootcmd_run'
11 | setenv altbootcmd 'run bootcmd_otenv; run bootcmd_set_rollback; if test -n "${kernel_image2}"; then run bootcmd_rollbackenv; fi; run bootostree; reset'
12 |
13 | # Mmc device used for environment needs to be in sync with u-boot config
14 | if test ! -e mmc 0:1 uboot.env; then saveenv; fi
15 |
16 | if test "${rollback}" = "1"; then run altbootcmd; else run bootcmd_otenv; run bootostree; if test ! "${upgrade_available}" = "1"; then setenv upgrade_available 1; saveenv; fi; reset; fi
17 |
18 | reset
19 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/ostree_recovery:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2022 Foundries.IO Ltd.
3 | # Licensed on MIT
4 |
5 | ostree_recovery_enabled() {
6 | return 0
7 | }
8 |
9 | ostree_recovery_run() {
10 | RECOVERY_MODULES_DIR=/recovery.d
11 |
12 | # Load and run recovery modules same way as done for initramfs
13 | for m in `ls $RECOVERY_MODULES_DIR/ | sort -n`; do
14 | # Skip backup files
15 | if [ "`echo $m | sed -e 's/\~$//'`" != "$m" ]; then
16 | continue
17 | fi
18 |
19 | module=`basename $m | cut -d'-' -f 2`
20 | debug "Loading recovery module $module"
21 |
22 | # pre hooks
23 | for h in $MODULE_PRE_HOOKS; do
24 | debug "Calling recovery module hook (pre): $h"
25 | eval "$h pre $module"
26 | debug "Finished recovery module hook (pre): $h"
27 | done
28 |
29 | # process module
30 | . $RECOVERY_MODULES_DIR/$m
31 |
32 | if ! eval "${module}_enabled"; then
33 | debug "Skipping recovery module $module"
34 | continue
35 | fi
36 |
37 | debug "Running recovery ${module}_run"
38 | eval "${module}_run"
39 |
40 | # post hooks
41 | for h in $MODULE_POST_HOOKS; do
42 | debug "Calling recovery module hook (post): $h"
43 | eval "$h post $module"
44 | debug "Finished recovery module hook (post): $h"
45 | done
46 | done
47 |
48 | msg "Forcing reboot after recovery"
49 | sync && reboot -f
50 | }
51 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-ostree-scr-fit/rpi/boot.cmd:
--------------------------------------------------------------------------------
1 | # Default boot type and device
2 | setenv bootlimit 3
3 | setenv devtype mmc
4 | setenv devnum 0
5 |
6 | setenv bootcmd_resetvars 'setenv kernel_image; setenv bootargs; setenv kernel_image2; setenv bootargs2'
7 | setenv bootcmd_otenv 'run bootcmd_resetvars; ext4load ${devtype} ${devnum}:2 ${scriptaddr} /boot/loader/uEnv.txt; env import -t ${scriptaddr} ${filesize} kernel_image bootargs kernel_image2 bootargs2'
8 | setenv bootcmd_load_f 'ext4load ${devtype} ${devnum}:2 ${ramdisk_addr_r} "/boot"${kernel_image}'
9 | setenv bootcmd_run 'bootm ${ramdisk_addr_r}:kernel-1 ${ramdisk_addr_r}:ramdisk-1 ${fdt_addr}'
10 | setenv bootcmd_rollbackenv 'setenv kernel_image ${kernel_image2}; setenv bootargs ${bootargs2}'
11 | setenv bootcmd_set_rollback 'if test ! "${rollback}" = "1"; then setenv rollback 1; setenv upgrade_available 0; saveenv; fi'
12 | setenv bootostree 'run bootcmd_load_f; run bootcmd_run'
13 | setenv altbootcmd 'run bootcmd_otenv; run bootcmd_set_rollback; if test -n "${kernel_image2}"; then run bootcmd_rollbackenv; fi; run bootostree; reset'
14 |
15 | if test ! -e ${devtype} ${devnum}:1 uboot.env; then saveenv; fi
16 |
17 | if test "${rollback}" = "1"; then run altbootcmd; else run bootcmd_otenv; run bootostree; if test ! "${upgrade_available}" = "1"; then setenv upgrade_available 1; saveenv; fi; reset; fi
18 |
19 | reset
20 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/luks-reencryption/luks-reencryption/luks-reencryption:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright (C) 2023 Foundries.IO
3 | # SPDX-License-Identifier: BSD-2-Clause
4 |
5 | # Exit on error
6 | set -e
7 |
8 | [ $(whoami) = "root" ] || { echo "E: You must be root" && exit 1; }
9 |
10 | DEVICE=$(lsblk -f | awk '/crypto_LUKS/ {print $1; exit}' | awk '{sub(/^[^a-zA-Z]*/, ""); print}')
11 | DEVICE="/dev/${DEVICE}"
12 |
13 | # Avoid using the PIN for OP-TEE supported PKCS#11 user authentication
14 | export CKTEEC_LOGIN_TYPE=user
15 |
16 | # Back up the LUKS header (name must match the one in initramfs)
17 | LUKS_HEADER_BACKUP=luks.bin
18 |
19 | if cryptsetup luksDump ${DEVICE} | grep -q "online-reencrypt"; then
20 | # Preemptively check if the volume needs to be repaired
21 | yes "YES" | cryptsetup -v repair ${DEVICE}
22 | # Resume reencryption
23 | if ! cryptsetup reencrypt --resume-only ${DEVICE}; then
24 | exit 1
25 | fi
26 |
27 | # Backup header file
28 | if ! cryptsetup luksHeaderBackup ${DEVICE} --header-backup-file /boot/${LUKS_HEADER_BACKUP}; then
29 | echo "WARNING: failed to create the LUKS backup header"
30 | fi
31 | else
32 | if [ ! -e /boot/${LUKS_HEADER_BACKUP} ]; then
33 | if ! cryptsetup luksHeaderBackup ${DEVICE} --header-backup-file /boot/${LUKS_HEADER_BACKUP}; then
34 | echo "WARNING: failed to create the LUKS backup header"
35 | fi
36 | fi
37 | fi
38 |
--------------------------------------------------------------------------------
/meta-lmp-bsp/recipes-bsp/u-boot/u-boot-ostree-scr-fit/qemuarm/boot.cmd:
--------------------------------------------------------------------------------
1 | # Default boot type and device
2 | setenv bootlimit 3
3 | setenv devtype virtio
4 | setenv devnum 0
5 |
6 | setenv bootcmd_resetvars 'setenv kernel_image; setenv bootargs; setenv kernel_image2; setenv bootargs2'
7 | setenv bootcmd_otenv 'run bootcmd_resetvars; ext4load ${devtype} ${devnum}:2 ${scriptaddr} /boot/loader/uEnv.txt; env import -t ${scriptaddr} ${filesize} kernel_image bootargs kernel_image2 bootargs2'
8 | setenv bootcmd_load_f 'ext4load ${devtype} ${devnum}:2 ${ramdisk_addr_r} "/boot"${kernel_image}'
9 | setenv bootcmd_run 'bootm ${ramdisk_addr_r}#conf-1 ${ramdisk_addr_r}#conf-1 ${fdt_addr}'
10 | setenv bootcmd_rollbackenv 'setenv kernel_image ${kernel_image2}; setenv bootargs ${bootargs2}'
11 | setenv bootcmd_set_rollback 'if test ! "${rollback}" = "1"; then setenv rollback 1; setenv upgrade_available 0; saveenv; fi'
12 | setenv bootostree 'run bootcmd_load_f; run bootcmd_run'
13 | setenv altbootcmd 'run bootcmd_otenv; run bootcmd_set_rollback; if test -n "${kernel_image2}"; then run bootcmd_rollbackenv; fi; run bootostree; reset'
14 |
15 | if test ! -e ${devtype} ${devnum}:1 uboot.env; then saveenv; fi
16 |
17 | if test "${rollback}" = "1"; then run altbootcmd; else run bootcmd_otenv; run bootostree; if test ! "${upgrade_available}" = "1"; then setenv upgrade_available 1; saveenv; fi; reset; fi
18 |
19 | reset
20 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-ostree-scr.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "Boot script for launching OSTree based images with u-boot"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
4 |
5 | INHIBIT_DEFAULT_DEPS = "1"
6 |
7 | DEPENDS = "u-boot-mkimage-native"
8 |
9 | SRC_URI = " \
10 | file://boot.cmd \
11 | file://uEnv.txt.in \
12 | "
13 |
14 | KERNEL_BOOTCMD ??= "bootz"
15 | KERNEL_BOOTCMD:aarch64 ?= "booti"
16 |
17 | S = "${UNPACKDIR}"
18 |
19 | inherit deploy
20 |
21 | do_configure[noexec] = "1"
22 |
23 | do_compile() {
24 | cp ${S}/boot.cmd ${B}/boot.cmd
25 | sed -e 's/@@KERNEL_BOOTCMD@@/${KERNEL_BOOTCMD}/' \
26 | -e 's/@@KERNEL_IMAGETYPE@@/${KERNEL_IMAGETYPE}/' \
27 | "${S}/uEnv.txt.in" > uEnv.txt
28 | mkimage -A arm -T script -C none -n "Ostree boot script" -d boot.cmd boot.scr
29 | }
30 |
31 | do_deploy() {
32 | install -d ${DEPLOYDIR}
33 | install -m 0644 boot.scr ${DEPLOYDIR}/boot.scr-${MACHINE}-${PV}
34 | ln -sf boot.scr-${MACHINE}-${PV} ${DEPLOYDIR}/boot.scr-${MACHINE}
35 | ln -sf boot.scr-${MACHINE}-${PV} ${DEPLOYDIR}/boot.scr
36 | install -m 0644 uEnv.txt ${DEPLOYDIR}
37 | }
38 |
39 | addtask do_deploy after do_compile before do_build
40 |
41 | PACKAGE_ARCH = "${MACHINE_ARCH}"
42 |
43 | PROVIDES += "u-boot-default-script"
44 | RPROVIDES:${PN} += "u-boot-default-script"
45 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-samples/images/lmp-base-console-image.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "Base console image which includes OTA Lite, Docker, and OpenSSH support"
2 |
3 | require lmp-image-common.inc
4 |
5 | require ${@bb.utils.contains('DISTRO_FEATURES', 'sota', 'lmp-feature-factory.inc', '', d)}
6 | require ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'lmp-feature-wayland.inc', '', d)}
7 | require lmp-feature-wireguard.inc
8 | require lmp-feature-docker.inc
9 | require lmp-feature-bluetooth.inc
10 | require lmp-feature-wifi.inc
11 | require lmp-feature-ota-utils.inc
12 | require lmp-feature-softhsm.inc
13 | require lmp-feature-jobserv.inc
14 |
15 | require ${@bb.utils.contains('MACHINE_FEATURES', 'optee', 'lmp-feature-optee.inc', '', d)}
16 | require ${@bb.utils.contains('MACHINE_FEATURES', 'se05x', 'lmp-feature-se05x.inc', '', d)}
17 | require ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'lmp-feature-tpm2.inc', '', d)}
18 | require ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'lmp-feature-efi.inc', '', d)}
19 | require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'lmp-feature-ima.inc', '', d)}
20 | require ${@bb.utils.contains('DISTRO_FEATURES', 'lmpdebug', 'lmp-feature-debug.inc', '', d)}
21 |
22 | IMAGE_FEATURES += "ssh-server-openssh"
23 |
24 | CORE_IMAGE_BASE_INSTALL += " \
25 | kernel-modules \
26 | networkmanager-nmcli \
27 | git \
28 | packagegroup-core-full-cmdline-extended \
29 | "
30 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-fiovb_git.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "OP-TEE Foundries.IO Verified Boot Client Application"
2 | HOMEPAGE = "https://github.com/foundriesio/optee-fiovb"
3 | LICENSE = "BSD-2-Clause"
4 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=92d506fc36dda404ceb608cdc34b7a99"
5 |
6 | DEPENDS = "optee-client optee-os-tadevkit"
7 |
8 | require optee-fio.inc
9 |
10 | SRC_URI = "git://github.com/foundriesio/optee-fiovb.git;protocol=https;branch=master"
11 | SRCREV = "d65977034839e01fc69c9577071059b84ea08f1d"
12 |
13 | PACKAGE_ARCH = "${MACHINE_ARCH}"
14 |
15 | EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
16 | HOST_CROSS_COMPILE=${HOST_PREFIX} \
17 | TA_CROSS_COMPILE=${HOST_PREFIX} \
18 | "
19 |
20 | do_compile() {
21 | oe_runmake -C ${S}/fiovb
22 | }
23 |
24 | do_install () {
25 | # TA
26 | install -d ${D}${nonarch_base_libdir}/optee_armtz
27 | install -m 0444 ${S}/fiovb/ta/*.ta ${D}${nonarch_base_libdir}/optee_armtz
28 | install -m 0444 ${S}/fiovb/ta/*.stripped.elf ${D}${nonarch_base_libdir}/optee_armtz
29 |
30 | # Host tools
31 | install -d ${D}${bindir}
32 | install -m 0755 ${S}/fiovb/host/fiovb ${D}${bindir}/fiovb
33 | ln -sf fiovb ${D}${bindir}/fiovb_printenv
34 | ln -sf fiovb ${D}${bindir}/fiovb_setenv
35 | ln -sf fiovb ${D}${bindir}/fiovb_delenv
36 | }
37 |
38 | FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/"
39 |
--------------------------------------------------------------------------------
/meta-lmp-base/classes/lmp-staging.bbclass:
--------------------------------------------------------------------------------
1 | # Foundries LmP staging area
2 | #
3 | # This class will implement some pending patches that we have
4 | # and some workarounds needed in LmP.
5 | #
6 | # Copyright 2022-2023 (C) Foundries.IO LTD
7 |
8 | LMPSTAGING_INHERIT_KERNEL_MODSIGN = ""
9 |
10 | LMPSTAGING_LOCK_TO_AVOID_OOM = "clang-native rust-native rust-llvm-native"
11 |
12 | python __anonymous() {
13 | pn = d.getVar('PN')
14 |
15 | if bb.data.inherits_class('module', d):
16 | d.appendVar('DEPENDS', ' virtual/kernel')
17 | if 'modsign' in d.getVar('DISTRO_FEATURES'):
18 | d.setVar('LMPSTAGING_INHERIT_KERNEL_MODSIGN', 'kernel-modsign')
19 |
20 | if bb.data.inherits_class('go-mod', d):
21 | d.setVarFlag('do_compile', 'network', '1')
22 |
23 | if pn in d.getVar('LMPSTAGING_LOCK_TO_AVOID_OOM').split():
24 | d.appendVarFlag('do_compile', 'lockfiles', " ${TMPDIR}/lmp-hack-avoid-oom-do_compile.lock")
25 | }
26 |
27 | inherit_defer ${LMPSTAGING_INHERIT_KERNEL_MODSIGN}
28 |
29 | BB_HASHCHECK_FUNCTION:lmp = "lmp_sstate_checkhashes"
30 | def lmp_sstate_checkhashes(sq_data, d, **kwargs):
31 | if 'summary' not in kwargs or kwargs.get('summary'):
32 | mirrors = d.getVar("SSTATE_MIRRORS")
33 | if mirrors:
34 | mirrors = " ".join(mirrors.split())
35 | bb.plain("SState mirrors: %s" % mirrors)
36 | return sstate_checkhashes(sq_data, d, **kwargs)
37 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-test/0001-regression-1000-disable-1039.patch:
--------------------------------------------------------------------------------
1 | From 9c6fd3bba91930deaf7d86f4af1739999e805934 Mon Sep 17 00:00:00 2001
2 | From: Jorge Ramirez-Ortiz
3 | Date: Wed, 20 Nov 2024 17:43:27 +0100
4 | Subject: [PATCH] regression 1000: disable 1039
5 |
6 | This test requires the TA to be signed with a key located
7 | in the optee_test repository.
8 |
9 | We can not do that with LmP currently - and it is probably not
10 | worth the effort at this time
11 |
12 | Upstream-Status: Inappropriate [lmp specific]
13 |
14 | Signed-off-by: Jorge Ramirez-Ortiz
15 | ---
16 | host/xtest/regression_1000.c | 2 ++
17 | 1 file changed, 2 insertions(+)
18 |
19 | diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c
20 | index 9981d01..226e5dc 100644
21 | --- a/host/xtest/regression_1000.c
22 | +++ b/host/xtest/regression_1000.c
23 | @@ -3269,6 +3269,7 @@ out:
24 | ADBG_CASE_DEFINE(regression, 1038, xtest_tee_test_1038,
25 | "Test MTE (Memory Tag Extension)");
26 |
27 | +#if 0
28 | static void xtest_tee_test_1039(ADBG_Case_t *c)
29 | {
30 | TEEC_Session session = { };
31 | @@ -3291,6 +3292,7 @@ static void xtest_tee_test_1039(ADBG_Case_t *c)
32 | }
33 | ADBG_CASE_DEFINE(regression, 1039, xtest_tee_test_1039,
34 | "Test subkey verification");
35 | +#endif
36 |
37 | struct test_1040_thread_arg {
38 | TEEC_Result res;
39 | --
40 | 2.34.1
41 |
42 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/u-boot/u-boot-base-scr.bb:
--------------------------------------------------------------------------------
1 | DESCRIPTION = "Boot script for launching lmp base images with u-boot (no ostree)"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
4 |
5 | DEPENDS = "u-boot-mkimage-native"
6 |
7 | SRC_URI = " \
8 | file://boot.cmd \
9 | file://uEnv.txt.in \
10 | "
11 |
12 | KERNEL_BOOTCMD ??= "bootz"
13 | KERNEL_BOOTCMD:aarch64 ?= "booti"
14 |
15 | S = "${UNPACKDIR}"
16 |
17 | inherit deploy
18 |
19 | do_compile() {
20 | sed -e 's/@@KERNEL_BOOTCMD@@/${KERNEL_BOOTCMD}/' \
21 | "${WORKDIR}/uEnv.txt.in" > uEnv.txt
22 | mkimage -A arm -T script -C none -n "LMP base boot script" -d "${WORKDIR}/boot.cmd" boot.scr
23 | }
24 |
25 | do_deploy() {
26 | install -d ${DEPLOYDIR}
27 | install -m 0644 boot.scr ${DEPLOYDIR}/boot.scr-${MACHINE}-${PV}
28 | ln -sf boot.scr-${MACHINE}-${PV} ${DEPLOYDIR}/boot.scr-${MACHINE}
29 | ln -sf boot.scr-${MACHINE}-${PV} ${DEPLOYDIR}/boot.scr
30 | install -m 0644 uEnv.txt ${DEPLOYDIR}
31 | }
32 |
33 | do_install() {
34 | mkdir -p ${D}/boot
35 | install -m 0644 boot.scr ${D}/boot.scr
36 | install -m 0644 uEnv.txt ${D}/boot/uEnv.txt
37 | }
38 |
39 | FILES:${PN} += " \
40 | boot.scr \
41 | boot/uEnv.txt \
42 | "
43 | addtask do_deploy after do_compile before do_build
44 |
45 | PROVIDES += "u-boot-default-script"
46 | RPROVIDES:${PN} += "u-boot-default-script"
47 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-devtools/python/python3-pyroute2/0001-fix-vxcan-peer.patch:
--------------------------------------------------------------------------------
1 | diff --git a/pyroute2/netlink/rtnl/ifinfmsg/__init__.py b/pyroute2/netlink/rtnl/ifinfmsg/__init__.py
2 | index 02fc6df..7b1e59d 100644
3 | --- a/pyroute2/netlink/rtnl/ifinfmsg/__init__.py
4 | +++ b/pyroute2/netlink/rtnl/ifinfmsg/__init__.py
5 | @@ -901,6 +901,8 @@ class ifinfbase(object):
6 | 'ip6gre': ip6gre_data,
7 | 'ip6gretap': ip6gre_data,
8 | 'veth': veth_data,
9 | + # FIXME: VXCAN uses peer like veth
10 | + 'vxcan': veth_data,
11 | 'bridge': bridge_data}
12 | # expand supported interface types
13 | data_map.update(data_plugins)
14 | diff --git a/pyroute2/netlink/rtnl/req.py b/pyroute2/netlink/rtnl/req.py
15 | index da6397a..9bbd395 100644
16 | --- a/pyroute2/netlink/rtnl/req.py
17 | +++ b/pyroute2/netlink/rtnl/req.py
18 | @@ -745,8 +745,8 @@ class IPLinkRequest(IPRequest):
19 | if key in self.specific:
20 | self.info_data.append((self.specific[key], value))
21 | return True
22 | - elif key == 'peer' and self.kind == 'veth':
23 | - # FIXME: veth hack
24 | + elif key == 'peer' and self.kind in ['veth', 'vxcan']:
25 | + # FIXME: veth and vxcan hack
26 | if isinstance(value, dict):
27 | attrs = []
28 | for k, v in value.items():
29 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-graphics/wayland/weston-init.bbappend:
--------------------------------------------------------------------------------
1 | FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
2 |
3 | SRC_URI:append:lmp-wayland = " \
4 | file://utilities-terminal.png \
5 | file://background.jpg \
6 | file://weston.env \
7 | file://weston.service.patch \
8 | file://tmpfiles.conf \
9 | "
10 |
11 | FILES:${PN}:append:lmp-wayland = " \
12 | ${datadir}/weston \
13 | ${nonarch_libdir}/tmpfiles.d/weston.conf \
14 | "
15 |
16 | INI_UNCOMMENT_ASSIGNMENTS = " \
17 | ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland=true', '', d)} \
18 | "
19 |
20 | uncomment() {
21 | if ! grep -q "^#$1" $2 && ! grep -q "^$1" $2; then
22 | bbwarn "Commented setting '#$1' not found in file $2"
23 | fi
24 | sed -i -e 's,^#'"$1"','"$1"',g' $2
25 | }
26 |
27 | do_install:append:lmp-wayland() {
28 | install -d ${D}${datadir}/weston/backgrounds
29 | install -d ${D}${datadir}/weston/icon
30 | install -d ${D}${nonarch_libdir}/tmpfiles.d
31 |
32 | install -m 0644 ${UNPACKDIR}/utilities-terminal.png ${D}${datadir}/weston/icon/utilities-terminal.png
33 | install -m 0644 ${UNPACKDIR}/background.jpg ${D}${datadir}/weston/backgrounds/background.jpg
34 | install -m 0644 ${UNPACKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/weston.conf
35 |
36 | for assignment in ${INI_UNCOMMENT_ASSIGNMENTS}; do
37 | uncomment "$assignment" ${D}${sysconfdir}/xdg/weston/weston.ini
38 | done
39 | }
40 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-support/ostree-pending-reboot/ostree-pending-reboot_0.1.bb:
--------------------------------------------------------------------------------
1 | SUMMARY = "OStree Pending Reboot service"
2 | LICENSE = "MIT"
3 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
4 |
5 | inherit allarch systemd
6 |
7 | SRC_URI = " \
8 | file://ostree-pending-reboot.service \
9 | file://ostree-pending-reboot.timer.in \
10 | "
11 |
12 | S = "${UNPACKDIR}"
13 |
14 | # Value is in minutes (default to check for reboot every 5 minutes)
15 | OSTREE_PENDING_REBOOT_CHECK_MINUTES ?= "5"
16 |
17 | PACKAGES += "${PN}-timer"
18 | SYSTEMD_PACKAGES = "${PN} ${PN}-timer"
19 | SYSTEMD_SERVICE:${PN} = "ostree-pending-reboot.service"
20 | SYSTEMD_SERVICE:${PN}-timer = "ostree-pending-reboot.timer"
21 | SYSTEMD_AUTO_ENABLE:${PN}-timer = "enable"
22 |
23 | do_compile() {
24 | sed -e 's/@@OSTREE_PENDING_REBOOT_CHECK_MINUTES@@/${OSTREE_PENDING_REBOOT_CHECK_MINUTES}/' \
25 | ${UNPACKDIR}/ostree-pending-reboot.timer.in > ostree-pending-reboot.timer
26 | }
27 |
28 | do_install () {
29 | install -d ${D}${systemd_system_unitdir}
30 | install -m 0644 ${UNPACKDIR}/ostree-pending-reboot.service ${D}${systemd_system_unitdir}
31 | install -m 0644 ${B}/ostree-pending-reboot.timer ${D}${systemd_system_unitdir}
32 | }
33 |
34 | FILES:${PN} += "${systemd_system_unitdir}/ostree-pending-reboot.service"
35 | FILES:${PN} += "${systemd_system_unitdir}/ostree-pending-reboot.timer"
36 | FILES:${PN} += "${systemd_unitdir}/system-preset"
37 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-os-tadevkit_4.4.0.bb:
--------------------------------------------------------------------------------
1 | # tadevkit requires a matching version on the base recipe.
2 | # control recipe prioritization with DEFAULT_PREFERENCE, as other
3 | # layers (e.g., meta-arm) may provide different OP-TEE versions.
4 | DEFAULT_PREFERENCE = "${@bb.utils.contains('PREFERRED_PROVIDER_virtual/optee-os', 'optee-os', '-1', '0', d)}"
5 |
6 | # Compatible with optee-os-fio and optee-os from meta-arm
7 | include ${@bb.utils.contains('PREFERRED_PROVIDER_virtual/optee-os', 'optee-os', 'recipes-security/optee/optee-os_${PV}.bb', '', d)}
8 | include ${@bb.utils.contains('PREFERRED_PROVIDER_virtual/optee-os', 'optee-os-fio', 'recipes-security/optee/optee-os-fio_${PV}.bb', '', d)}
9 |
10 | SUMMARY = "OP-TEE Trusted OS TA devkit"
11 | DESCRIPTION = "OP-TEE TA devkit for build TAs"
12 | HOMEPAGE = "https://www.op-tee.org/"
13 |
14 | LICENSE ?= "BSD-2-Clause"
15 | LIC_FILES_CHKSUM ?= "file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f"
16 |
17 | # Needed due provides from optee-os-fio (for virtual/optee-os)
18 | PROVIDES = "${PN}"
19 |
20 | do_install() {
21 | #install TA devkit
22 | install -d ${D}${includedir}/optee/export-user_ta/
23 | for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
24 | cp -aR $f ${D}${includedir}/optee/export-user_ta/
25 | done
26 | }
27 |
28 | do_deploy() {
29 | echo "Do not inherit do_deploy from optee-os."
30 | }
31 |
32 | FILES:${PN} = "${includedir}/optee/"
33 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/Add-static-keyword-for-IsValidVariableHeader.patch:
--------------------------------------------------------------------------------
1 | From 960a5fc7c58c875827797b6f4afed2684acc2cde Mon Sep 17 00:00:00 2001
2 | From: Lans Zhang
3 | Date: Sun, 12 Jun 2016 13:45:54 +0800
4 | Subject: [PATCH] Add static keyword for IsValidVariableHeader()
5 |
6 | Upstream-Status: Pending
7 |
8 | GCC does not inline any functions when not optimizing (-O0 specified) unless
9 | you specify "always_inline" attribute for the function.
10 |
11 | By default, GCC complies with C89 standard for c code, which means
12 | "inline" equals to "extern inline" and thus the definition is used only for
13 | inlining with the assembly code actually generated.
14 |
15 | Therefore, "static inline" is used for both purposes. If -O0 is specified,
16 | GCC will generate the assembly code as long as the function is referred.
17 |
18 | Signed-off-by: Lans Zhang
19 | ---
20 | include/variableformat.h | 2 +-
21 | 1 files changed, 1 insertions(+), 1 deletions(-)
22 |
23 | diff --git a/include/variableformat.h b/include/variableformat.h
24 | index 32cde05..45d0ebb 100644
25 | --- a/include/variableformat.h
26 | +++ b/include/variableformat.h
27 | @@ -109,7 +109,7 @@ typedef struct {
28 |
29 | #pragma pack()
30 |
31 | -inline BOOLEAN
32 | +static inline BOOLEAN
33 | IsValidVariableHeader (VARIABLE_HEADER *vh) {
34 | if (vh == NULL || vh->StartId != VARIABLE_DATA)
35 | return FALSE;
36 | --
37 | 1.7.1
38 |
39 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/docker/files/0001-dockerd-daemon-use-default-system-config-when-none-i.patch:
--------------------------------------------------------------------------------
1 | From d6b65b4d6929af8b1b9e0adaa4945dd1b4b7872c Mon Sep 17 00:00:00 2001
2 | From: Ricardo Salveti
3 | Date: Mon, 3 Dec 2018 16:26:18 -0200
4 | Subject: [PATCH 1/5] dockerd: daemon: use default system config when none is
5 | available
6 |
7 | This allows the system image to provide a default daemon.json file while
8 | still allowing the user to overwrite via /etc/docker/daemon.json.
9 |
10 | Upstream-Status: Pending
11 |
12 | Signed-off-by: Ricardo Salveti
13 | Signed-off-by: Jose Quaresma
14 | ---
15 | daemon/command/daemon.go | 6 ++++++
16 | 1 file changed, 6 insertions(+)
17 |
18 | diff --git a/daemon/command/daemon.go b/daemon/command/daemon.go
19 | index d25c5b05b0..0b5c97a2df 100644
20 | --- a/daemon/command/daemon.go
21 | +++ b/daemon/command/daemon.go
22 | @@ -551,6 +551,12 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
23 | }
24 | opts.setDefaultOptions()
25 |
26 | + // UNIX: use default system daemon config file if provided is not available
27 | + defaultSystemDaemonConfigFile := "/usr/lib/docker/daemon.json"
28 | + if _, err := os.Stat(opts.configFile); os.IsNotExist(err) {
29 | + opts.configFile = defaultSystemDaemonConfigFile
30 | + }
31 | +
32 | conf := opts.daemonConfig
33 | flags := opts.flags
34 | conf.Debug = opts.Debug
35 | --
36 | 2.51.2
37 |
38 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-containers/docker/files/docker.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Docker Application Container Engine
3 | Documentation=https://docs.docker.com
4 | After=network-online.target docker.socket firewalld.service containerd.service fio-docker-fsck.service
5 | Wants=network-online.target containerd.service
6 | Requires=docker.socket
7 | StartLimitBurst=3
8 | StartLimitIntervalSec=60
9 |
10 | [Service]
11 | Type=notify
12 | # the default is not to use systemd for cgroups because the delegate issues still
13 | # exists and systemd currently does not support the cgroup feature set required
14 | # for containers run by docker
15 | ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
16 | ExecReload=/bin/kill -s HUP $MAINPID
17 | TimeoutSec=0
18 | RestartSec=2
19 | Restart=always
20 |
21 | # Having non-zero Limit*s causes performance problems due to accounting overhead
22 | # in the kernel. We recommend using cgroups to do container-local accounting.
23 | LimitNOFILE=infinity
24 | LimitNPROC=infinity
25 | LimitCORE=infinity
26 |
27 | # Comment TasksMax if your systemd version does not support it.
28 | # Only systemd 226 and above support this option.
29 | TasksMax=infinity
30 |
31 | # set delegate yes so that systemd does not reset the cgroups of docker containers
32 | Delegate=yes
33 |
34 | # kill only the docker process, not all processes in the cgroup
35 | KillMode=process
36 | OOMScoreAdjust=-500
37 |
38 | [Install]
39 | WantedBy=multi-user.target
40 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-security/optee/optee-client/0001-FIO-extras-pkcs11-change-UUID-to-avoid-conflict-with.patch:
--------------------------------------------------------------------------------
1 | From 350b702d9ee108f183a594ad6791edd9290a2db1 Mon Sep 17 00:00:00 2001
2 | From: Ricardo Salveti
3 | Date: Wed, 27 Oct 2021 13:46:55 -0300
4 | Subject: [PATCH] [FIO extras] pkcs11: change UUID to avoid conflict with SKS
5 |
6 | Upstream pkcs11 TA shares the same UUID as previously used by SKS, but
7 | they are not compatible with each other from the storage perspective, so
8 | change UUID to avoid conflict and facilitate the transition by the user
9 | by allowing both TAs to be installed at the same time.
10 |
11 | Upstream-Status: Pending
12 |
13 | Signed-off-by: Ricardo Salveti
14 | ---
15 | libckteec/include/pkcs11_ta.h | 4 ++--
16 | 1 file changed, 2 insertions(+), 2 deletions(-)
17 |
18 | diff --git a/libckteec/include/pkcs11_ta.h b/libckteec/include/pkcs11_ta.h
19 | index 36cc7b4..bb1d3b2 100644
20 | --- a/libckteec/include/pkcs11_ta.h
21 | +++ b/libckteec/include/pkcs11_ta.h
22 | @@ -9,8 +9,8 @@
23 | #include
24 | #include
25 |
26 | -#define PKCS11_TA_UUID { 0xfd02c9da, 0x306c, 0x48c7, \
27 | - { 0xa4, 0x9c, 0xbb, 0xd8, 0x27, 0xae, 0x86, 0xee } }
28 | +#define PKCS11_TA_UUID { 0x7f10a757, 0x4139, 0x4eae, \
29 | + { 0x90, 0xc9, 0xf2, 0xb2, 0xeb, 0x11, 0x81, 0x39} }
30 |
31 | /* PKCS11 trusted application version information */
32 | #define PKCS11_TA_VERSION_MAJOR 0
33 | --
34 | 2.33.0
35 |
36 |
--------------------------------------------------------------------------------
/meta-lmp-base/recipes-bsp/efitools/efitools/Don-t-build-PreLoader.efi.patch:
--------------------------------------------------------------------------------
1 | From 95e167f432f1a6d8c96aeca73871122806007c9f Mon Sep 17 00:00:00 2001
2 | From: Lans Zhang
3 | Date: Thu, 28 Apr 2016 11:21:33 +0800
4 | Subject: [PATCH] Don't build PreLoader.efi
5 |
6 | Upstream-Status: Pending
7 |
8 | The upstream has an obvious build failure:
9 | | PreLoader.c:45:2: error: too few arguments to function 'security_policy_install'
10 | | status = security_policy_install();
11 | | ^
12 | | In file included from PreLoader.c:14:0:
13 | | /buildarea3/jzhang0/projects/wrl8/intel-x86-64-gwp-scp/bitbake_build/tmp/work/x86_64-linux/efitools-native/1.7.0+gitAUTOINC+20a8fdc4ec-r0/git/include/security_policy.h:4:1: note: declared here
14 | | security_policy_install(BOOLEAN (*override)(void), POLICY_FUNCTION allow, POLICY_FUNCTION deny);
15 | | ^
16 |
17 | We are waiting for the upstream fix and remove this workaround in next
18 | refresh.
19 |
20 | Signed-off-by: Lans Zhang
21 | ---
22 | Makefile | 2 +-
23 | 1 file changed, 1 insertion(+), 1 deletion(-)
24 |
25 | diff --git a/Makefile b/Makefile
26 | index b3bb73a..da363a6 100644
27 | --- a/Makefile
28 | +++ b/Makefile
29 | @@ -5,7 +5,7 @@ BINARIES = cert-to-efi-sig-list sig-list-to-certs sign-efi-sig-list \
30 | flash-var
31 |
32 | ifeq ($(ARCH),x86_64)
33 | -EFIFILES += PreLoader.efi
34 | +#EFIFILES += PreLoader.efi
35 | endif
36 |
37 | MSGUID = 77FA9ABD-0359-4D32-BD60-28F4E78F784B
38 | --
39 | 1.9.1
40 |
41 |
--------------------------------------------------------------------------------