| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The org.openbmc.control.Chassis service is no longer used for
anything and is being removed, so remove the waits on it.
(From meta-phosphor rev: 0603d1636896adce54710c3658dcd9f701d97b77)
Change-Id: I03872ee827562be1d7e6d06d6503545ad1d38af6
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Earlier thought was there would be overhead if
we include "ldap" here in the nssswitch.conf file
so created nsswitch_ldap.conf, but we have tested
both the cases(ldap/local) and we don't find any
overhead,so we don't need both nsswitch.conf and
nsswitch_ldap.conf files
Here is link for nss-pam-ldapd-users discussion thread
https://lists.arthurdejong.org/nss-pam-ldapd-users/2019/msg00021.html
Tested local and ldap user authentication with
valid and invalid credentials.
(From meta-phosphor rev: a4ac97cdb199af84a28c2ad691aa5ef85b32d66f)
Change-Id: I0c72d3a32a51dcc0cb8cf9c67411d26b5d8658d2
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A number of corequisites exist so squashing these all into one patch.
meta-ingrasys - refresh master bc513127f4..67bcaf389f
meta-hxt - refresh master 86a4df514f..8fe0d38bbb
meta-phosphor - refresh master 06c09d7cce..df6ddae3d2
meta-quanta - refresh master 4f126361a1..53f3025271
Change-Id: I3daeef2a0467d8ea4f1fd1c617e526f8b11258af
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
| |
This application doesn't have any in-tree users. As such, drop the
recipe and its dependencies.
(From meta-phosphor rev: 296cc521f5a1c8c87c63a5b475b23c876241bf22)
Change-Id: Ie0ce809f84a133c023f96b4727550690583cb9df
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Move pam metadata from recipes-core to recipes-extended, to match
oe-core.
(From meta-phosphor rev: 6f75a62ec75deb7ba6efdc5b5c3dda960dda701d)
Change-Id: If8e36b1199f9e70ce27522d915ceaa281caaabc6
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Richard Marian Thomaiyar (1):
Removal of excess 16 bytes padding
(From meta-phosphor rev: 23dd122622b099237c150188161fff687da0c259)
Change-Id: If0858a0b8263aa3a52815f5938fd832f52fef203
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several fixes related to systemd/systemd#11420, which affects
openbmc/openbmc#3459
Pick the related changes to fix the issue.
Partially resolves openbmc/openbmc#3459.
Tested: Run below script to make sure setting time eventually succeeds.
timedatectl set-ntp 1
sleep 10 # Wait for a while for NTP service to start
timedatectl set-ntp 0
until busctl call org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.timedate1 SetTime xbb 1487304700000000 0 0
do
echo "Try again..."
done
(From meta-phosphor rev: 076771ae7363a3342fe45f7f8f6b383811c8677e)
Change-Id: I453cff9224721052a1ed000fa4ded1d4858dcde1
Signed-off-by: Lei YU <mine260309@gmail.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new OS identification parameter (OPENBMC_TARGET_MACHINE) to
the /etc/os-release file in the generated OpenBMC image to indicate the
kind of device the OpenBMC image is targeted to control.
This is needed to be able to track the image back to its source code: the
distro and version indicate the exact source code that was used, and the
target machine says which Bitbake layer configuration within that source
was used.
Note the target machine name is typically set in the
openbmc/meta-*/meta-MACHINE/conf/local.conf.sample file.
(This is where TEMPLATECONF points to.)
The "uname" command options -m (machine) and -i (hardware platform) will
continue to refer to the BMC and not its target machine.
Tested: On the build system, `cat $IMAGE_ROOTFS/etc/os-release` shows
the correct value.
(From meta-phosphor rev: e9319a8c4b7bc9b737fbb6e5359f878d5ab13e7a)
Change-Id: I29483ef4a72ae80c30399c795177ed446456740d
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are backports of changes I contributed to systemd v240. We need
these until we get v240 from oe core.
Tested:
Ran a romulus image and provisioned static neighbors with systemd
networkd.
(From meta-phosphor rev: 8b84385e3c40d1827b06d0612def2275d3ad4faf)
Change-Id: I5720a3b1626e15d4e4cfc630ce24f5818b294d8a
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is removed upstream in thud (poky rev: ada8a5d) but we have a
recipe that depends on it (preinit-mounts). preinit-mounts is only
added to the rootfs when DISTRO_FEATURES contains obmc-ubi-fs.
preinit-mounts might be a bit of a hack; getting filesystems mounted
just right is typically the role of an initramfs. It may make sense
to (re)visit how that is done and at that time we can drop this
support.
(From meta-phosphor rev: 2fb0a1b55ce9d4f133f34eda6e6df0aead585fef)
Change-Id: Iac2acd7e2f23055387a3250392461a78ec361da8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Phosphor removes a number of systemd packageconfigs that are enabled by
default in oe-core. Sort the removal list alphabetically.
Remove networkd. It is now selected by default in oe-core.
Remove vconsole. Typically vconsoles aren't needed on a BMC and
vconsole support has significant footprint cost.
Remove ldconfig. The base recipe controls this via distro feature;
don't override.
Remove kdbus and bootchart. They aren't options anymore.
(From meta-phosphor rev: 65ae799165fce6e5b50c68e32d20a09d2cdbd52f)
Change-Id: Ieefd0d0d13cfdc65debbfdd3ab9ecdbc4154d28a
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patrick Venture (5):
build: add requirement for openssl to configure_ac
build: add macro dirs to configure_ac
build: add -I m4 to Makefile for ACLOCAL_AMFLAGS
build: drop undefined LIBCRYPT from Makefile
build: add requirement for libpam to configure_ac
Richard Marian Thomaiyar (2):
Add empty ipmi_pass file to the root image
Update the ipmi_pass to use default password
(From meta-phosphor rev: facd3dab0287ceb1a30b5e0496332b07d0c1bf1f)
Change-Id: I8a0eafb10f81cb2401b74aec111e7153d591d0e6
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update pam-ipmi recipe to add ipmi_pass file to the image
Unit test:
Verified by making sure files is copied to the update bmc image.
(From meta-phosphor rev: 2d569e24598c82b078f18b07255767e8ace287c0)
Change-Id: I9a5f4b169b0427e61795397ad63a8d2a59a03e44
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add dependency on autoconf-archive-native to allow using autoconf-conf
archive macros in pam-ipmi configure_ac.
(From meta-phosphor rev: c719c5c4e71733490ef38efd8f928032a1c19500)
Change-Id: Ibadb5849f1390387a990bce6dc0c4baf1f2ebcb8
Signed-off-by: Patrick Venture <venture@google.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Patrick Venture (3):
style: set column width to 80 chars
build: add AM_PROG_AR to configure_ac
build: drop LDADD and use LDFLAGS
(From meta-phosphor rev: f98be78d2b662686041487c7b9b5e1514efa31db)
Change-Id: Ic9e59b49226c1982b7df34438f90b5bbb2a5f923
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 87497e8ebce78079ea5423ecb6080e82cfa36106.
systemd-hostnamed no longer hangs without network namespace support:
PrivateNetwork=yes is configured, but the kernel does not support network namespaces, ignoring.
(From meta-phosphor rev: 3b6dd35154ba5e105ad1d4b65746711654ed34b0)
Change-Id: I41b5e1ae952b8bc3bc07819d7ab7e0fffd3629c7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8ef5fd21107625d7480346318cb858759e61ee66.
The pull request referenced in the original commit was never merged
into systemd.
Support for properly using /sys/devices paths as template instances
has been added to systemd in the meantime.
It probably didn't/doesn't make sense to use device tree paths when
launching applications via udev+system (applications to use
/sys/devices paths instead).
Given all these reasons, drop these two systemd patches.
(From meta-phosphor rev: ee22593ddc009cda7aad28bf1311f1a26047fc97)
Change-Id: Ic10e0abc8c112e7e6bd62bc346857cf4194dbe50
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Patrick Venture (3):
Add .gitignore file
move .clang-format file into position
fixup: do not assign immediately before reassigning
(From meta-phosphor rev: 319c44312ec2ed48cd0843fdb6cc298f362e17e9)
Change-Id: I0a832003a5ef25932241fcda7530237567193c60
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam password history module is required to not allow the
history passwords.
We have the following D-bus property which is required this
module.
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/
xyz/openbmc_project/User/AccountPolicy.interface.yaml#L27
(From meta-phosphor rev: 59e8633fc824999fcef46f099174ee322a9750f7)
Change-Id: I3493c1386c08ea8497a3d3868ed8ffb67a024a1d
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update meta-phosphor to master HEAD.
Patrick Venture (52):
meta-phosphor: obmc-console: set LICENSE field
meta-phosphor: dbus-interfaces: set LICENSE field
meta-phosphor: rest-dbus: set LICENSE field
meta-phosphor: slpd-lite: set LICENSE field
meta-phosphor: ipmi-host: set LICENSE field
meta-phosphor: ipmi-net: set LICENSE field
meta-phosphor: network: inarp: set LICENSE field
meta-phosphor: network: set LICENSE field
meta-phosphor: logging: set LICENSE field
meta-phosphor: ipmi-tool: fixup LICENSE
meta-phosphor: clear-once: set LICENSE field
meta-phosphor: preinit-mounts: set LICENSE field
meta-phosphor: systemd: obmc-targets: set LICENSE field
meta-phosphor: dbus: perms: set LICENSE field
meta-phosphor: dbus-interfaces-mapper-config-native: set LICENSE field
meta-phosphor: dbus-monitor-config-native: set LICENSE field
meta-phosphor: legacy-namespace-mapper-config-native: set LICENSE field
meta-phosphor: mapper-config-native: set LICENSE field
meta-phosphor: obmc-host-failure-reboots: set LICENSE field
meta-phosphor: fan-control-events-config-native: set LICENSE field
meta-phosphor: fan-control-fan-config-native: set LICENSE field
meta-phosphor: fan-control-zone-conditions-config-native: set LICENSE field
meta-phosphor: fan-control-zone-config-native: set LICENSE field
meta-phosphor: fan-monitor-config-native: set LICENSE field
meta-phosphor: fan-presence-config-native: set LICENSE field
meta-phosphor: image-signing: set LICENSE field
meta-phosphor: insecure-signing-key-native: set LICENSE field
meta-phosphor: inventory-manager-assettag-native: set LICENSE field
meta-phosphor: inventory-manager-config-native: set LICENSE field
meta-phosphor: ipmi-channel-inventory-native: set LICENSE field
meta-phosphor: ipmi-config: set LICENSE field
meta-phosphor: ipmi-fru-merge-config-native: set LICENSE field
meta-phosphor: ipmi-fru-properties-native: set LICENSE field
meta-phosphor: ipmi-fru-read-bmc-inventory-native: set LICENSE field
meta-phosphor: ipmi-fru-read-not-sent-by-host-inventory-native: set LICENSE field
meta-phosphor: ipmi-fru-whitelist-native: set LICENSE field
meta-phosphor: ipmi-inventory-sel-native: set LICENSE field
meta-phosphor: ipmi-sensor-config-native: set LICENSE field
meta-phosphor: ipmi-sensor-inventory-native: set LICENSE field
meta-phosphor: logging-callouts-example-native: set LICENSE field
meta-phosphor: logging-error-logs-native: set LICENSE field
meta-phosphor: settings-defaults-native: set LICENSE field
meta-phosphor: fan-presence-mrw-native: set LICENSE field
meta-phosphor: fan-control-fan-config-mrw-native: set LICENSE field
meta-phosphor: ipmi-fru-properties-mrw-native: set LICENSE field
meta-phosphor: ipmi-inventory-sel-mrw-native: set LICENSE field
meta-phosphor: ipmi-sensor-inventory-mrw-config-native: set LICENSE field
meta-phosphor: ipmi-sensor-inventory-mrw-native: set LICENSE field
meta-phosphor: led-manager-config-mrw-native: set LICENSE field
meta-phosphor: logging-callouts-mrw-native: set LICENSE field
meta-phosphor: hwmon-config-mrw: set LICENSE field
meta-phosphor: settings-read-settings-mrw-native: set LICENSE field
Change-Id: Ibe919c3f1a748fae67b45ff6908a236b08902450
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Dropbear SSH client and server configuration is changed to not
accept the HMAC-MD5 algorithm when making connections.
The MD5 algorithm is no longer considered secure.
With this change, Dropbear supports the following MAC algorithms:
SHA1_HMAC, SHA2_256_HMAC, and SHA2_512_HMAC.
Note that Dropbear does not yet support HMAC-SHA3.
Tested:
$ ssh -m hmac-sha1-96 root@${bmc}
Unable to negotiate with ${bmc} port 22:
no matching MAC found.
Their offer: hmac-sha1,hmac-sha2-256,hmac-sha2-512
$ ssh root@${bmc} # worked
(From meta-phosphor rev: ec86af05553a7a66af68356cb2b4ec451d5bbf91)
Change-Id: Iba30c9f1ea66e2c72c75d16a16194ede808fe64a
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Continue to hit two major issues with having coredumps
enabled in OpenBMC:
1. Filesystem space for coredumps
Systemd writes the core files to /var/lib/systemd/coredump/
This is a persistent filesystem so space is very limited.
There is currently no way to configure this location (would
need upstream work). Due to issue #2 below, when a single
application fails, it starts to cause other services to
coredump which results in the available space quickly
filling up. This can result in the UBI kernel driver
remounting the filesystem read-only.
2. CPU utilization
When an application fails, and causes a coredump, it is
restarted by systemd. The restart causes mapper to fire
up and introspect the restarted application. In parallel
the coredump is being generated and collected. These two
things heavily load the CPU. If this occurs during the
initial startup of the BMC, where lots of other services
are also starting and being introspected by mapper, then
those services can start hitting their systemd timeout
limit. This then results in core dumps being collected for
them and mapper instrospects being called on their restarts.
This causes a snowball affect where the system just
continues to restart services and collect core dumps.
The systemd restart policy can not account for these long
delays between restart (due to the CPU load) so the
limit is never hit within the time limit, resulting
in an infinite restart loop.
There is upstream work that could be done with systemd to
make the core dump function more embedded system friendly. This
would be a long term solution but may become a moot point
as performance improvmenents come in (c++ mapper), more
powerful CPU's are used, and more flash space is allocated
in future systems.
Personally, I've never used a core dump to debug an issue
and have dealt with the above issues multiple times so
I'm probably a bit biased. This could definitely be a
meta-ibm layer type change if others in the community
prefer this enabled as the default.
resolves openbmc/openbmc#3379
(From meta-phosphor rev: dde999f1076f571a1760c9e5e536e63796749e57)
Change-Id: Ib229d8bf58aa075926fd302a0139a042d069f446
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enabled pam-ipmicheck & pam-ipmisave modules in
pam password stacked modules. This modules will
store 'ipmi' group users password in encrypted
form in /etc/ipmi_pass file along with /etc/shadow.
This special file will be used by phosphor-ipmi-net
during RAKP messages.
This will not affect users who doesn't belong to
'ipmi' group.
(From meta-phosphor rev: 945a28a80ea24c59441ce511aff95092121dfc78)
Change-Id: I1b9e2c78c1e0b8a0f8da2a28c6d89638c45f692d
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add pam-ipmi recipe from OpenBmc repo. This adds
pam_ipmisave & pam_ipmicheck modules which is responsible
for storing password in encrypted form for "ipmi" group
users.
(From meta-phosphor rev: 6176e3213c113eca4ecfda32ad929797cfec86d6)
Change-Id: I38b39266d82ed1cd3d7fe130a972cb6943a540df
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add suitable pam modules in place which will enforce
password security
1. pam_cracklib is added with minimum length of 8. Length
greater than 8 can be configured through D-Bus interface.
2. pam_pwhistory is added to remember old password. Disabled
by default. Can be enabled through D-Bus interface
3. pam-tally2 used to lock out account after failed attempts.
Disabled by deault. Can be enabled through D-Bus interface
Note: pam_cracklib will do password verification one extra time,
hence with this fix, any password change will request,
Retype new password for 2 times.
(From meta-phosphor rev: bb70abc065a7eeb3206460ad20041bc132dab784)
Change-Id: Ibc5e275196509fb0b47c7174805195475d66590c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Name Service Switch (NSS) configuration file (nsswitch.conf),
is used by the GNU C Library to determine the sources from which
to obtain name-service information in a range of categories, and in what order
With the introduction of LDAP we have to add the LDAP as a source for the
name service info for the various maps/database(passwd, group, shadow).
(From meta-phosphor rev: 68f0934af8ebb0332e5075728d8006e4d846bd78)
Change-Id: I0781da24c50278e439e953d595d275fbfc6bf48a
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
FILESEXTRAPATHS_prepend was conditional for only ubi-based-file system
now we have the requirement where we want to prepend path for
all other cases,so moving the fstab file in the specific
directory and add that subdirectory-path conditionaly.
(From meta-phosphor rev: cb9552f017c3803dc0ec0ab628dce14863bf8389)
Change-Id: I9d3baf42ef1d712ec6c52f53a5ae56a2ceef1ddf
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the commit bba38f38e7e41525c30116a2fe990d113b8157da the firmware
with a static flash layout is unable to reboot.
It happens because the `reboot` applet was removed from the `busybox`.
This commit restore the `reboot` in the `busybox` for static layout.
Resolves openbmc/openbmc#3399
Tested in the `qemu` with firmwares for `palmetto` and `romulus`.
(From meta-phosphor rev: 8f400dacfc9138bc9395fe995ff914c10bd7eed0)
Change-Id: I5dd7ba0f999f0aa58e54594ad32669e2283e4cee
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the Dropbear SSH server configuration so it will not
accept medium-strength encryption ciphers including: CBC mode, MD5,
96-bit MAC, and triple DES.
The remaining ciphers include aes128-ctr and aes256-ctr. Dropbear
does not offer the arcfour cipher suite.
Note that Dropbear does not use a config file and instead uses
file options.h to control its features. This commit adds a
patch to disable the unwanted ciphers.
Tested:
On the qemu-based BMC:
ssh -c help 127.0.0.1
aes128-ctr,aes256-ctr
Before this change, the value was:
aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,
twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
Attempt to contact the BMC from host:
ssh -p 2222 -l root localhost # success
ssh -c aes128-cbc -p 2222 -l root localhost
Unable to negotiate with 127.0.0.1 port 2222: no matching cipher
found. Their offer: aes128-ctr,aes256-ctr
Before this change, the connection was successful.
Attempt to contact the BMC from older system:
ssh -V
OpenSSH_5.8p1, OpenSSL 0.9.8g 19 Oct 2007
ssh -p 2222 -l root ${BMC_IP_ADDR} # success
Resolves openbmc/openbmc#3186
(From meta-phosphor rev: 4ad7873e5dcd8475d48b6551002331a1efe4b2f1)
Change-Id: I5648a1602a3683afd9bd90ba62d8f6e4d9237506
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Patch systemd sources to fix detection of availability of
the kernel CONFIG_CGROUP_BPF option.
Resolves openbmc/linux#159
(From meta-phosphor rev: 7fbc79b12dc5e137830ffd35c0be839fe77b6699)
Change-Id: I82cd227cb6e14ca57a373b1c6a100a98cff799af
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
|
Adopt a more conventional directory hierarchy. meta-phosphor is still
a _long_ way from suitable for hosting on yoctoproject.org but things
like this don't help.
(From meta-phosphor rev: 471cfcefa74b8c7ceb704cb670e6d915cf27c63b)
Change-Id: I3f106b2f6cdc6cec734be28a6090800546f362eb
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
