Yocto, Meta-selinux does not work on raspberry pi 3 - raspberry-pi3

I realize a yocto image for a raspberry pi 3. I want to install selinux on the image with the Meta-selinux. The compilation works, but selinux remains disabled even if it is in enforcing or permissive mode in the / etc / selinux / config file. I also tried adding "selinux = 1 security = selinux" in the cmdline.txt file of the bootloader, but selinux is still disabled.
Here is what I added in my local.conf:
RPI_USE_U_BOOT = "1"
ENABLE_UART = "1"
INHERIT += "rm_work"
DISTRO_FEATURES_append = " acl xattr pam selinux"
PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
IMAGE_INSTALL_append = " packagegroup-core-selinux"
Here is what I added in my bblayers.conf:
BBLAYERS ?= " \
/home/.../poky/meta \
/home/.../meta-poky \
/home/.../meta-yocto-bsp \
/home/.../meta-openembedded/meta-oe \
/home/.../meta-openembedded/meta-networking \
/home/.../meta-openembedded/meta-multimedia \
/home/.../meta-openembedded/meta-python \
/home/.../meta-selinux \
/home/.../meta-raspberrypi \
"
Thank you for your help.

Related

Yocto do_install action not performed

here is my bbappend file.
LICENSE = "MIT"
IMAGE_LINGUAS = " "
# User preferences
inherit extrausers
# Change root password (note the capital -P)
EXTRA_USERS_PARAMS = "\
usermod -P toor root; \
useradd -P michael -G sudo michael; \
useradd -P nfi -G sudo nfi; \
"
# uncomment the line %sudo ALL=(ALL) ALL in /etc/sudoers
modify_sudoers() {
sed 's/# %sudo/%sudo/' < ${IMAGE_ROOTFS}${sysconfdir}/sudoers > ${IMAGE_ROOTFS}${sysconfdir}/sudoers.tmp
mv ${IMAGE_ROOTFS}${sysconfdir}/sudoers.tmp ${IMAGE_ROOTFS}${sysconfdir}/ROOTFS
}
sudoers_POSTPROCESS_COMMAND_append = " modify_sudoers;"
IMAGE_INSTALL = "base-files \
base-passwd \
busybox \
mtd-utils \
mtd-utils-ubifs \
libconfig \
swupdate \
swupdate-www \
${#bb.utils.contains('SWUPDATE_INIT', 'tiny', 'virtual/initscripts-swupdate', 'initscripts systemd', d)} \
util-linux-sfdisk \
mmc-utils \
e2fsprogs-resize2fs \
lua \
debugconfigs \
"
IMAGE_FSTYPES = "ext4.gz.u-boot ext4 cpio.gz.u-boot"
PACKAGE_EXCLUDE += " jailhouse kernel-module-jailhouse libncursesw5 libpanelw5 libpython3 python3* perl* apt dpkg "
SRC_URI += "file://set-ttymxc0-permissions.sh"
do_install() {
install -d ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/set-ttymxc0-permissions.sh ${D}${sysconfdir}/init.d/
}
addtask install after do_build
I am using SWUpdate. I can build their kernel and run it on my device. However I cannot login as root or any user I have created. It seems this could be related to user permissions in the getty serial terminal ttymxc0. So I am attempting to add a script to init.d. The script contains
#!/bin/sh
# Set permissions on ttymxc0
chmod 660 /dev/ttymxc0
chown root:tty /dev/ttymxc0
The bitbake file I am appending to is swupdate-image.bb. This file does not do much. It does not have a do_install section. So I am attempting to add one. However it is never run. Can anyone speculate as to why?
You actually noticed that the file swupdate-image.bb require an other file swupdate-image.inc.
You should pay attention to this line:
${#bb.utils.contains('SWUPDATE_INIT', 'tiny', 'virtual/initscripts-swupdate', 'initscripts systemd', d)} \
${#bb.utils.contains() is a (Python) function. Basically it will check the SWUPDATE_INIT variable, if there is a match with tiny then it will return virtual/initscripts-swupdate to IMAGE_INSTALL. Else, it will return initscripts systemd to IMAGE_INSTALL.
So you should only set your variable SWUPDATE_INIT= "tiny" in a .bbappend file.
Adding this should install rcS.swupdate in your final image according to initscripts-swupdate recipe:
https://github.com/sbabic/meta-swupdate/blob/master/recipes-core/initscripts-swupdate/initscripts-swupdate-usb.bb
N.B: I have noticed that you added resize2fs. If you want to add this binary make sure that the right kernel flag is set ! You will more likely need to create a .bbappend file and add the following :
EXTRA_OECONF_append_class-target = " --enable-resizer"

Output training losses over iterations/epochs to file from trainer.py in HuggingFace Transfrormers

In the Transformer's library framework, by HuggingFace only the evaluation step metrics are outputted to a file named eval_resuls_{dataset}.txt in the "output_dir" when running run_glue.py. In the eval_resuls file, there are the metrics associated with the dataset. e.g., accuracy for MNLI and the evaluation loss.
Can a parameter be passed to run_glue.py to generate a training_results_{dataset}.txt file that tracks the training loss? Or would I have to build the functionality myself?
My file named run_python_script_glue.bash:
GLUE_DIR=../../huggingface/GLUE_SMALL/
TASK_NAME=MNLI
ID=OT
python3 run_glue.py \
--local_rank -1 \
--seed 42 \
--model_type albert \
--model_name_or_path albert-base-v2 \
--task_name $TASK_NAME \
--do_train \
--do_eval \
--data_dir $GLUE_DIR/$TASK_NAME \
--max_seq_length 128 \
--per_gpu_train_batch_size 8 \
--per_gpu_eval_batch_size 8 \
--gradient_accumulation_steps 2\
--learning_rate 3e-5 \
--max_steps -1 \
--warmup_steps 1000\
--doc_stride 128 \
--num_train_epochs 3.0 \
--save_steps 9999\
--output_dir ./results/GLUE_SMALL/$TASK_NAME/ALBERT/$ID/ \
--do_lower_case \
--overwrite_output_dir \
--label_noise 0.2\
--att_kl 0.01\
--att_se_hid_size 16\
--att_se_nonlinear relu\
--att_type soft_attention \
--adver_type ot \
--rho 0.5 \
--model_type whai \
--prior_gamma 2.70 \
--three_initial 0.0
In the trainer.py file in the transformer library, the training loss variable during the training step is called tr_loss.
tr_loss = self._training_step(model, inputs, optimizer, global_step)
loss_scalar = (tr_loss - logging_loss) / self.args.logging_steps
logs["loss"] = loss_scalar
logging_loss = tr_loss
In the code, the training loss is first scaled by the logging steps and later passed to a logs dictionary. The logs['loss'] is later printed to the terminal but not to a file. Is there a way to upgrade this to include an update to a txt file?

Check If Vim Syntax Region Exists and Remove It

Background:
Syntax highlighting for perl files is extremely slow at times for large files (1k+ lines).
I profiled using:
:syntime on
"*** Do some slow actions ***
:syntime report
There were many slowly performaning regions, like: perlStatementProc
I significantly improved performance by removing some of the slowly performing syntax regions (there are more):
:syntax clear perlStatementProc
Now I want to use this vimrc with these improvements on a different machine which may not have a specific region defined.
I am seeing this ERROR when opening Vim:
E28: No such highlight group name: perlStatementProc
How can I check if the syntax region name perlStatementProc exists?
I found out about hlexists and implemented this solution in my vimrc:
" Remove some syntax highlighting from large perl files.
function! RemovePerlSyntax()
if line('$') > 1000
let perl_syntaxes = [
\ "perlStatementProc",
\ "perlMatch",
\ "perlStatementPword",
\ "perlQR",
\ "perlQW",
\ "perlQQ",
\ "perlQ",
\ "perlStatementIndirObjWrap",
\ "perlVarPlain",
\ "perlVarPlain",
\ "perlOperator",
\ "perlStatementFiledesc",
\ "perlStatementScalar",
\ "perlStatementInclude",
\ "perlStatementNumeric",
\ "perlStatementSocket",
\ "perlFloat",
\ "perlFormat",
\ "perlStatementMisc",
\ "perlStatementFiles",
\ "perlStatementList",
\ "perlStatementIPC",
\ "perlStatementNetwork",
\ "perlStatementTime",
\ "perlStatementIOfunc",
\ "perlStatementFlow",
\ "perlStatementControl",
\ "perlHereDoc",
\ "perlHereDocStart",
\ "perlVarPlain2",
\ "perlVarBlock",
\ "perlVarBlock2",
\ "perlDATA",
\ "perlControl",
\ "perlStatementHash",
\ "perlStatementVector",
\ "perlIndentedHereDoc",
\ "perlLabel",
\ "perlConditional",
\ "perlRepeat",
\ "perlNumber",
\ "perlStatementRegexp",
\ ]
for perl_syntax in perl_syntaxes
" NEW - Was missing this check before.
if hlexists( perl_syntax )
exec "syntax clear " . perl_syntax
endif
endfor
let b:remove_perl_syntax = 1
else
let b:remove_perl_syntax = 0
endif
endfunction
augroup remove_perl_syntax
autocmd!
autocmd BufNewFile,BufRead,BufReadPost,FileType perl call RemovePerlSyntax()
augroup END

Yocto minimal eSDK - world-pkgdata

I've been trying to generate minimal extensible sdk using Yocto 2.5 Sumo. I've cloned only the poky and meta-openembedded repositories. In local.conf I've set the SDK type to minimal and set SDK_INCLUDE_PKGDATA. During the last task (do_populate_sdk_ext) bitbake throws that locked-sigs-pkgdata.inc is not found in this directory
tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0-r0/recipe-sysroot/world-pkgdata/
Find shows that this file is avaible here
./tmp/work/genericx86_64-poky-linux/meta-world-pkgdata/1.0-r0/image/world-pkgdata/locked-sigs-pkgdata.inc
./tmp/work/genericx86_64-poky-linux/meta-world-pkgdata/1.0-r0/recipe-sysroot/world-pkgdata/locked-sigs-pkgdata.inc
When I copy this file from on of above directories eSDK is correctly generated. I believe that this should be done automatically by one of recipe for poky/meta-openembedded. Probably I miss some config, but I'am unable to correctly identify the source of this problem.
Here is my bblayers.conf:
POKY_BBLAYERS_CONF_VERSION = "2"
BBPATH = "${TOPDIR}"
BBFILES ?= ""
BBLAYERS ?= " \
/work/build/yocto/poky/meta \
/work/build/yocto/poky/meta-poky \
/work/build/yocto/poky/meta-yocto-bsp \
/work/build/yocto/meta-openembedded/meta-oe \
/work/build/yocto/meta-openembedded/meta-python \
/work/build/yocto/meta-openembedded/meta-multimedia \
/work/build/yocto/meta-openembedded/meta-perl \
/work/build/yocto/meta-openembedded/meta-gnome \
/work/build/yocto/meta-openembedded/meta-filesystems \
/work/build/yocto/meta-openembedded/meta-initramfs \
/work/build/yocto/meta-openembedded/meta-networking \
/work/build/yocto/openembedded-core/meta \
"
And my local.conf:
MACHINE = "genericx86-64"
BUILD_ARCH ?= "x86_64"
SDKMACHINE ?= "x86_64"
SDK_UPDATE_URL ?= "http://my-url/sdk-updater"
SDK_EXT_TYPE = "minimal"
SDK_INCLUDE_TOOLCHAIN = "0"
SDK_INCLUDE_PKGDATA = "1"
SSTATE_MIRRORS_append = " file://.* http://my-url/sstate/PATH \n"
DISTRO ?= "poky"
PACKAGE_CLASSES ?= "package_ipk"
LICENSE_FLAGS_WHITELIST = "commercial"
CONF_VERSION = "1"
I've tested
core-image-full-cmdline
and
core-image-minimal-dev
on both I've the same problem.
Thanks for any help and clues how to resolve this issue.

Yocto 1.6 no libboost_log in toolchain

I've installed Yocto 1.6 and run the bitbake to set up the toolchain, following the tutorial written by Daiane Angolini. While I see most of the boost libraries under $SDKTARGETSYSROOT/usr/lib, there seems to be no libboost_log.a nor libboost_log_setup.a. I believe these were introduced with Boost 1.55, and that Yocto 1.6 has moved to Boost 1.55. Shouldn't they be there, or have I done something wrong?
My .../fsl-community-bsp/build/conf/local.conf:
BB_NUMBER_THREADS ?= "${#oe.utils.cpu_count()}"
PARALLEL_MAKE ?= "-j ${#oe.utils.cpu_count()}"
MACHINE ??= 'imx6qsabresd'
DISTRO ?= 'poky'
PACKAGE_CLASSES ?= "package_rpm"
EXTRA_IMAGE_FEATURES = "debug-tweaks tools-sdk"
USER_CLASSES ?= "buildstats image-mklibs image-prelink"
PATCHRESOLVE = "noop"
BB_DISKMON_DIRS = "\
STOPTASKS,${TMPDIR},1G,100K \
STOPTASKS,${DL_DIR},1G,100K \
STOPTASKS,${SSTATE_DIR},1G,100K \
ABORT,${TMPDIR},100M,1K \
ABORT,${DL_DIR},100M,1K \
ABORT,${SSTATE_DIR},100M,1K"
PACKAGECONFIG_pn-qemu-native = "sdl"
PACKAGECONFIG_pn-nativesdk-qemu = "sdl"
ASSUME_PROVIDED += "libsdl-native"
CONF_VERSION = "1"
BB_NUMBER_THREADS = '1'
PARALLEL_MAKE = '-j 1'
DL_DIR ?= "${BSPDIR}/downloads/"
ACCEPT_FSL_EULA = ""
CORE_IMAGE_EXTRA_INSTALL += "boost"
The right way is to extend the existing recipe. In fact, you normally never change a 3rd-party recipe directly. This means, you are creating your own "recipes-support/boost/" folder which includes a file called "boost_%.bbappend".
'%' means that the boost version is not of interest. 'bbappend' means that you extend the existing boost-recipe. This file contains only one line:
BOOST_LIBS += " log"
In order to add log library you should edit boost recipe file.
In this example you should edit boost.inc.
To add log, atomic and loace libraries, replace
BOOST_LIBS = "\
date_time \
filesystem \
graph \
iostreams \
program_options \
regex \
serialization \
signals \
system \
test \
thread \
"
with
BOOST_LIBS = "\
date_time \
filesystem \
graph \
iostreams \
program_options \
regex \
serialization \
signals \
system \
test \
thread \
log \
atomic \
locale
"

Resources