Buildroot - Updating trust store using update-ca-certificates - embedded-linux

I am working on Buildroot to build custom Linux image. I am trying to add a custom CA to the trust store. I have copied the CA file to /usr/local/share/ca-certificates/ in the rootfs_overlay and also has a .crt extension. Now after executing make the CA is not added to the trust store in /etc/ssl/certs/ in the target. Anyways it's installed only in /usr/local/share/ca-certificates/ in the target. I thought the update-ca-certificates will add this during image build.
Can anyone please let me know what is missing here?
Thanks in advance

Related

how to add wirinigPi library on buildroot?

How to add wiringpi in Buildroot image ?
I followed the same steps as described here: How to add an out-of-tree package to buildroot? The download of the git archive functions correctly but the compilation of the library doesn't work. I tried to change the "sh build" command in the .mk file using an absolute path to where the archive was extracted (in output/build).
I also tried to change the build.sh included in WiringPi archive with absolute paths everytime cd was used beacause the make command used with buildroot wasn't executed in the same directory Can you help me write a correct .mk file that will compile wiringpi for my buildroot image using this git: https://github.com/WiringPi/WiringPi ?
WiringPi is/was already in buildroot packages, however, the whole library was deprecated by the author at some point. Due to this and apparently also because the WiringPi's author deleted all sources (according to this), it was moved to buildroot's legacy packages. However, that deprecation post is now removed by the WiringPi author (which is why the first link points to internet archives), so it could be that the sources are also restored and the WiringPi package from the legacy config works or could be made working with small modifications.
TLDR; Even if you could get it working, you should use something else.

How to include tools/commands in yocto image recipe?

I have a question regarding including different tools into Yocto image recipe. Currently I am building image recipe for my Avenger96 board. I have created a base image and it runs fine on the device. But when I try to do sgdisk after booting it says -sh: sgdisk: command not found. I understand that these commands are not available by default and need to install it.
But I am not sure how to do it given my board is not connected to internet. Can I include these commands/tools in image recipe? I want to use some other commands like ufw, etc but I have same issue with them too.
Can someone please let me know how to do this?
Your help will be much appreciated.
Thanks in advance.
P.S: I am using Ubuntu 20.04 with Yocto as build system.
sgdisk is present under recipe: meta/recipes-devtools/fdisk/gptdisk_xx.bb
For xx it depends on your poky version.
For dunfell this is the recipe here.
ufw is present in meta-openembedded/meta-networking/recipes-connectivity/ufw
So, make sure meta-openembedded/meta-networking is present in your bblayers.conf and to include both of them add the following line to local.conf or to your custom image file:
IMAGE_INSTALL_append = " gptfdisk ufw"
If you still do not find sgdisk try gptdisk-sgdisk.
If you want to add any recipe in the future, try to look for it in the official yocto git repositories in this link.
It is not recommended to add tools manually into the board, unless you are in the development process and you need to gain time, so here are some ideas for you:
Create an image for development that includes all dev features (gcc, g++, cmake, ..etc)
Include git and other fetching tools
Clone the tool's source code and compile it in the board
Or: bitbake the recipe with Yocto and copy the output binary directly to the image via ssh or other ways.

How to build a package from source?

I'm working on a Windows 7 computer at work and want to use the libpostal package. Unfortunately, it's apparently not available for Windows, so I'm trying to configure it through Cygwin and I'm SO close. The last step is to install snappy from Google. Again, not available on Windows...
My assumption (based on nothing) is that I can just download the tarball and build it from source, right? I tried that, and I think it worked? But a) I don't know how to tell, and b) if it did, I don't know how to tell ./configure in libpostal to find it.
In order to build it from source, I downloaded the tarball and saved it in the folder that Cygwin reads as my home, which is C:\cygwin64\home\brittenb\. From there, I ran bash autogen.sh, which created the ./configure that I needed. So I ran that and while some responses to the checks were no, it seemed to run fine. I then ran make and make install. Nothing seemed out of place, so my assumption is that it did what it was supposed to do. I just have no idea where to go from here.
Here is the output from ls after I run everything:
aclocal.m4 snappy.cc
AUTHORS snappy.h
autogen.sh snappy.lo
autom4te.cache snappy.o
ChangeLog snappy.pc
compile snappy.pc.in
config.guess snappy_unittest.cc
config.h snappy_unittest.exe
config.h.in snappy_unittest-snappy_unittest.o
config.log snappy_unittest-snappy-test.o
config.status snappy-c.cc
config.sub snappy-c.h
configure snappy-c.lo
configure.ac snappy-c.o
COPYING snappy-internal.h
depcomp snappy-sinksource.cc
format_description.txt snappy-sinksource.h
framing_format.txt snappy-sinksource.lo
INSTALL snappy-sinksource.o
install-sh snappy-stubs-internal.cc
libsnappy.la snappy-stubs-internal.h
libtool snappy-stubs-internal.lo
ltmain.sh snappy-stubs-internal.o
m4 snappy-stubs-public.h
Makefile snappy-stubs-public.h.in
Makefile.am snappy-test.cc
Makefile.in snappy-test.h
missing stamp-h1
NEWS testdata
README test-driver
ls /usr/local/bin shows nothing, but ls /usr/local/include shows:
snappy.h snappy-c.h snappy-sinksource.h snappy-stubs-public.h
So... my question: did it work? Why does ./configure in libpostal say it can't find snappy? Thanks in advance.
The snappy dependency has been removed as of release 1.0.0. I made changes to the source and make and config so that it will build on MinGW.
Get it in my repository:
https://github.com/BenK10/libpostal_windows
Note that this is not the complete source since not everything had to be changed. I would suggest merging my changes with the official libpostal distribution to make sure you've got everything. Also, there are some extra DLLEXPORTs in some source files that I haven't removed yet, and the part in the Makefile that builds the executables like address_parser.exe was removed because some porting is necessary to build those programs on Windows. You can write your own using the DLL you'll get in the Windows build and the original source as a reference.
Check the return code from make install ($?). If it is zero, make install succeeded.
snappy looks like a library, so maybe it doesn't install anything in /usr/local/bin. The library is probably installed into /usr/local/lib.

Cannot install web agent for openam due to missing dll libraries from openssl

When following the tutorial to install openAM, one of the steps is to create a web agent using the command
agentadmin.exe --i
But I get stuck on the second step:
Configuration file [c:\Apache\conf\httpd.conf]: c:\xampp\apache\conf\httpd.conf
init_ssl(): ssleay32.dll is not available (error: 193)
init_ssl(): libeay32.dll is not available (error: 193)
I've tried downloading openssl from gnuwin32, also from slproweb, with or without placing those files inside \web_agents\apache24_agent\lib. Even looking on another web I found that I should replace ssleay32.dll, libeay32.dll and openssl.exe from \xampp\apache\bin and I did that.
The "Troubleshooting" section of openAM asks for installing KB2533623 , but when I try to install it from the .msu my system says that this is already installed.
All without success.
Any suggestion?
Try patching KB2758857 since it replaces KB2533623. Also, just to ensure it isn't a PATH issue with the user you're logged in as, find those two OpenSSL dll's and copy them to your system folder (c:\windows\system32) [https://msdn.microsoft.com/en-us/library/7d83bc18.aspx]. Last, I would be sure you're using the latest OpenAM Web Policy Agent [4.0.0].

Can't open config file: /usr/local/ssl/openssl.cnf on Windows [duplicate]

This question already has answers here:
Unable to load config info from /usr/local/ssl/openssl.cnf on Windows
(15 answers)
Closed 6 years ago.
I have installed OpenSSL 64. I want to use a certificate for my nodejs https server. I ran the following command:
openssl genrsa -out subdomain.domain.com.key 1024
But I have got the error:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
.........++++++
.........................................++++++
unable to write 'random state'
e is 65537 (0x10001)
How can I resolve it?
Is this the right command?
The solution is running this command:
set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
or
set OPENSSL_CONF=[path-to-OpenSSL-install-dir]\bin\openssl.cfg
in the command prompt before using openssl command.
Let openssl know for sure where to find its .cfg file.
Alternatively you could set the same variable OPENSSL_CONF in the Windows environment variables.
NOTE: This can happen when using the OpenSSL binary distribution from Shining Light Productions (a compiled + installer version of the official OpenSSL that is free to download & use). This distribution is "semi-officially" linked from OpenSSL's site as a "service primarily for operating systems where there are no pre-compiled OpenSSL packages".
I've SSL on Apache2.4.4 and executing this code at first, did the trick:
set OPENSSL_CONF=C:\wamp\bin\apache\Apache2.4.4\conf\openssl.cnf
then execute the rest codes..
/usr/local/ssl/openssl.cnf
A path like this means the program has been compiled with either Cygwin or MSYS. If you must use this openssl then you will need an interpreter that understands those paths, like Bash, which is provided by Cygwin or MSYS.
Another option would be to download or compile a Windows Native version of openssl. Using that the program would instead require a path like
C:\Users\Steven\ssl\openssl.cnf
which would be better suited for the Command Prompt.
In my case I used the binaries from Shining Light and the environment variables were already updated. But still had the issue until I ran a command window with elevated privileges.
When you open the CMD window be sure to run it as Administrator. (Right click the Command Prompt in Start menu and choose "Run as administrator")
I think it can't read the files due to User Account Control.
SOLUTION!
just set -config parameter location correctly, i.e :
openssl .................... -config C:\bin\apache\apache2.4.9\conf\openssl.cnf
Not sure what is the difference between .cfg & .cnf
In my server I couldn't find .cfg or .cnf
I had created a new file for the same and placed it in the following folder /usr/local/ssl/bin
executed the
.\openssl genrsa -des3 -out <key name>.key 2048
went great..
Simply install Win64 OpenSSL v1.0.2a or Win32 OpenSSL v1.0.2a, you can download these from http://slproweb.com/products/Win32OpenSSL.html. Works out of the box, no configuration needed.

Resources