I have created an RPM and that installs successfully. After installing, when I tried to verify the RPM with --verify command I am getting an error on executable file X it returns as
...P /location/to/file/X
I don't know what is mean P. The file has a special capability to listen the ports set by setcap. Can you please tell me what is mean by P? I have searched through Google but did't get any luck. Thanks in advance
As explained (albeit briefly) in the rpm man page:
rpm {-V|--verify} [select-options] [verify-options]
Verifying a package compares information about the installed files in the package with information about the files taken from the package metadata stored in the rpm database. Among other things, verifying compares the size, digest, permissions, type, owner and group of each file. Any discrepancies are displayed. Files that were not installed from the package, for example, documentation files excluded on installation using the "--excludedocs" option, will be silently ignored.
The format of the output is a string of 8 characters, a possible attribute marker:
....
from the package header, followed by the file name. Each of the 8 characters denotes the result of a comparison of attribute(s) of the file to the value of those attribute(s) recorded in the database. A single "." (period) means the test passed, while a single "?" (question mark) indicates the test could not be performed (e.g. file permissions prevent reading). Otherwise, the (mnemonically emBoldened) character denotes failure of the corresponding --verify test:
....
P caPabilities differ
So the capability of the file in question differs on disk from the capabilities of the file as listed in the rpm files section. How it differs is up to you to find out (and possibly fix).
Related
I note that when cygwin's setup.exe installs packages now, it looks for a file named "setup.zst.sig" first. What's the content and format of this binary file? How to produce a valid "setup.zst.sig"?
This must have been a recent change. Previously it looked for "setup.exe.sig" first. I use the feature (to detect whether "setup.exe.sig" changed) to decide whether my cygwin installation needs to be updated. See also this for an application example.
EDIT: #matzeri:
setup.zst.sig is not yet used.
The "zst" functionality was introduced in the program to eventually replace the
previous compression methods of setup.ini and the packages
const std::string setup_exts[] = { "zst", "xz", "bz2", "ini" };
For checking the update of setup-ARCH.exe you need to use the standard signature.
https://cygwin.com/setup-x86.exe.sig
https://cygwin.com/setup-x86_64.exe.sig
The pop up you shows seems to happen only on FTP mirror server, the HTTP servers
do not produce it.
It is clearly a bug in setup
https://cygwin.com/ml/cygwin/2019-02/msg00153.html
According to the documentation, the .sig files carry a SHA-512 hash of the respective file without that extension, signed with the private key available only to Cygwin the company.
https://www.cygwin.com/faq.html#faq.setup.install-security
We wish to exchange signed CDS packages with a partner organisation on our shared Hyperledger Fabric network. We are working according to the Operator Guide at https://hyperledger-fabric.readthedocs.io/en/latest/chaincode4noah.html#packaging.
We are able to receive and install signed packages with no problem, but how do we know what we are installing? Our installation procedures call for an inspection of what we receive, and potentially also creating tests against the object we intend to install.
My question is: How are we able to inspect the source code of what we are asked by our partner organisation to install? If we are not able to inspect it, we have no real transparency on the consensus that we are expected to give.
We have tried extracing the gzipped object from the .pak file, and unzpping it, but the .gz format does not seem to be in a standard format. I suspect we are missing something fundamental here, either in procedure or tooling.
For reference, we are extracting the code segment like this:
protoc --decode_raw < test_cc_signed_package.pak > test_cc_signed_package.decoded
then we extract the gzipped "code" portion like this (in our example signed package it is at at "1.2.1.3" of the file, but might be different for you)
cat test_cc_signed_package.decoded | grep "^ 3:" | sed -r 's/^ 3:\ \"(.*)\"$/\1/'
The output is in a format that we can perform a diff on, and which we were hoping to save to a binary file and simply gunzip it.Gzip however is refusing to decode the file, and inspecting it in xxd, we can see that the format is not correct for gzip.
Perhaps you can ask your partner organization to send you the files that were packaged so you can just package it yourself, and then compare the package to the package you are supposed to install?
Is there a way to update the member revision of a big list of files via command line?
I can't use :working or :head but have to specify a different revision for each file.
As far as I know --selectionFile only takes paths as input, but not the revision numbers.
edit: I wanted to set member a very big list of files and I wanted to avoid writing the command si updaterevision ... for every file, as it takes ages to complete for that many files. Instead I wanted to know if there is a more advanced method to specify a list of files and their revisions to be able to run the updaterevision only once (like it is with :working) for the whole list of files.
But as it is said in the comment there is no such possibility.
edit2: I use MKS for a couple of years now and as I now know, there is no such possibility (at least up to MKS 11.6) to update many files to different revisions with one single command line call. But using one call per member, as was proposed, made the whole operation take up to several hours as I had many thousands of members in the sandbox and MKS needs some time to complete each sicommand.
Some time already passed since you asked for this question, here is my comment in case it could still be useful for you in the future.
First, It is not completely clear what you want to achieve. Please be more descriptive and if possible provide example.
What I understand as of now is you need to set bunch of files listed as member revision thru the command line. This is fairly simple, the most complicated is actually to have the list of files to be updated to member and the revision that you want to set as member.
I recommend you to create a batch file with the commands to make each file member. You can use Regex to do it very quick and without much trouble.
Here is an example for updating one file member revision:
si updaterevision --hostname=servername --port=portnumber --user=username --changepackageid=5873763:2 --revision=:working myfile_a1.c
where
servername = the name of the server where your sandbox is located
portnumber = the port that provides access to the server for your sandbox
username = your login user id
changepackageid = here you change the number to use your defined TASK:ChangePackage for this changes
revision = if you have a working revision that you want now to become member, just use "working" as revision, otherwise you can define specific revision number, e.g. revision=1.2
At the end you define the name of the file you want to update.
Go to you sandbox root folder, open CMD window, and run the batch file. It will execute each line applying your changes.
If you have a list of files with the revision you want as member, you can use REGEX to convert it into a batch file.
Example list of files in text file:
file1.c 1.10
file3.c 1.19
sec_file1.c 1.1.2.1
support.h 1.7
Use notepad++ or other text editor with regex support and run this search:
Once you know which regex apply, you can now use it in the notepad++ to do a simple search and replace:
Search = ([\w].[\D])\s+([\d.]+).*
Replace = si updaterevision --hostname=servername --port=portnum --user=userid --changepackageid=6123933:4 --revision=\2 \1
\1 => FileName
\2 => File revision
See image below as example:
Finally just save doc as batch file and run it.
Just speculating that if you have a large list of members along with the member revision you want to update to, then you also have an sandbox that served you to generate this list.
If so my approach would be
c:\MySandbox> si updaterevision --recurse --revision=:working
If your member/revision list come from a development path you could first have a sandbox targeting that devpath, resync, (close thesandbox if opened in gui), retarget the sandbox to the destination devpath (or mainline) you want and then issue the command above.
For an single member approach I would use 'si rlog' to generate a list of si-commands directly
si rlog -R --noheaderformat --notrailerformat --revision=:working --format="si updaterevision {membername} --revision={revision}\r\n" > updaterevs.bat.txt
Review updaterevs.bat.txt rename it to updaterevs.bat and ecxecute it.
(Be careful if using it on other sandboxes)
Other interesting readings here might be the "snapshot sandbox" feature,
checkpointing in general and variants rsp. devpaths.
Using only these features might be politically more correct in the philosophy of Integrity.
I have a Yocto-based Linux image for a Gumstix board. The image includes the Bluez5 Bluetooth stack.
local.conf:
... DISTRO_FEATURES_append = " bluetooth bluez5" ...
This successfully builds an image where I can use the Bluetooth module from the CLI.
I want to use the Bluetooth module in Python, so I add pybluez support -
myimage.bb:
... PYTHON_INSTALL_append = "python-pybluez \" ...
python_pybluez.bb:
DESCRIPTION = "Python bindings for the Linux Bluetooth stack"
SECTION = "devel/python"
DEPENDS = "bluez5"
LICENSE = "GPL"
SRC_URI = "https://github.com/karulis/pybluez/archive/master.zip"
SRC_URI[md5sum] = "37733f35ad5a0522b86fe39467481fd1"
SRC_URI[sha256sum] = "8e7e5e4e343da7e0ec2cd37b6dc12ee77da8e4c0863dd8a2d03ab06f9b657238"
S = "${WORKDIR}/PyBluez-${PV}"
inherit distutils
This causes a huge number of conflicts when bitbaked and the build fails:
NOTE: Preparing RunQueue
ERROR: Multiple .bb files are due to be built which each provide bluez-hcidump (/home/parallels/yocto/poky/meta/recipes-connectivity/bluez5/bluez5_5.28.bb /home/parallels/yocto/poky/meta/recipes-connectivity/bluez/bluez-hcidump_2.5.bb).
This usually means one provides something the other doesn't and should.
NOTE: Executing SetScene Tasks
ERROR: The recipe bluez5 is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/media/parallels/build/tmp/sysroots/overo/pkgdata/runtime-reverse/libasound-module-bluez
Matched in manifest-overo-bluez4.packagedata
/media/parallels/build/tmp/sysroots/overo/pkgdata/runtime/libasound-module-bluez.packaged
Matched in manifest-overo-bluez4.packagedata
/media/parallels/build/tmp/sysroots/overo/pkgdata/runtime/libasound-module-bluez
Matched in manifest-overo-bluez4.packagedata
Please verify which recipe should provide the above files.
The build has stopped as continuing in this scenario WILL break things, if not now, possibly in the future (we've seen builds fail several months later). If the system knew how to recover from this automatically it would however there are several different scenarios which can result in this and we don't know which one this is. It may be you have switched providers of something like virtual/kernel (e.g. from linux-yocto to linux-yocto-dev), in that case you need to execute the clean task for both recipes and it will resolve this error. It may be you changed DISTRO_FEATURES from systemd to udev or vice versa. Cleaning those recipes should again resolve this error however switching DISTRO_FEATURES on an existing build directory is not supported, you should really clean out tmp and rebuild (reusing sstate should be safe). It could be the overlapping files detected are harmless in which case adding them to SSTATE_DUPWHITELIST may be the correct solution. It could also be your build is including two different conflicting versions of things (e.g. bluez 4 and bluez 5 and the correct solution for that would be to resolve the conflict. If in doubt, please ask on the mailing list, sharing the error and filelist above.
ERROR: If the above message is too much, the simpler version is you're advised to wipe out tmp and rebuild (reusing sstate is fine). That will likely fix things in most (but not all) cases.
WARNING: Logfile for failed setscene task is /media/parallels/build/tmp/work/cortexa8hf-vfp-neon-poky-linux-gnueabi/bluez5/5.28-r0/temp/log.do_packagedata_setscene.16687
WARNING: Setscene task 803 (/home/parallels/yocto/poky/meta/recipes-connectivity/bluez5/bluez5_5.28.bb, do_packagedata_setscene) failed with exit code '1' - real task will be run instead
ERROR: The recipe bluez5 is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/media/parallels/build/tmp/sysroots/overo/usr/lib/libbluetooth.so
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/lib/libbluetooth.la
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/lib/libbluetooth.so.3
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/lib/pkgconfig/bluez.pc
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/sdp.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/bnep.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/cmtp.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/hci.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/rfcomm.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/bluetooth.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/hci_lib.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/l2cap.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/sco.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/hidp.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/usr/include/bluetooth/sdp_lib.h
Matched in manifest-overo-bluez4.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/sysroot-providers/bluez-hcidump
Matched in manifest-overo-bluez-hcidump.populate_sysroot
/media/parallels/build/tmp/sysroots/overo/lib/udev/hid2hci
Matched in manifest-overo-bluez4.populate_sysroot
Please verify which recipe should provide the above files.
The build has stopped as continuing in this scenario WILL break things, if not now, possibly in the future (we've seen builds fail several months later). If the system knew how to recover from this automatically it would however there are several different scenarios which can result in this and we don't know which one this is. It may be you have switched providers of something like virtual/kernel (e.g. from linux-yocto to linux-yocto-dev), in that case you need to execute the clean task for both recipes and it will resolve this error. It may be you changed DISTRO_FEATURES from systemd to udev or vice versa. Cleaning those recipes should again resolve this error however switching DISTRO_FEATURES on an existing build directory is not supported, you should really clean out tmp and rebuild (reusing sstate should be safe). It could be the overlapping files detected are harmless in which case adding them to SSTATE_DUPWHITELIST may be the correct solution. It could also be your build is including two different conflicting versions of things (e.g. bluez 4 and bluez 5 and the correct solution for that would be to resolve the conflict. If in doubt, please ask on the mailing list, sharing the error and filelist above.
ERROR: If the above message is too much, the simpler version is you're advised to wipe out tmp and rebuild (reusing sstate is fine). That will likely fix things in most (but not all) cases.
It looks like pybluez is depending on a whole heap of Bluez4 recipes & libraries, which conflict with their Bluez5 counterparts. Would it be correct to resolve this by forcing pybluez to use the Bluez5 versions - if so, how and where should this be specified to Bitbake - if not, is it even possible to use pybluez with Bluez5 in a Yocto Linux system?
It looks like pybluez is depending on a whole heap of Bluez4 recipes & libraries
This is incorrect based on what you've shown. Your python-pybluez recipe only depends on bluez5 (and the python things distutils brings in). Yocto may magically add runtime dependencies to your packages based on linkage, but in that case you would get a warning about possibly missing build-time DEPENDS.
I think it's much more likely that the image you use contains bluez4 package already (maybe it's old or maybe they just haven't updated) and python-pybluez dragging in bluez5 breaks things.
Oh, forgot the beef: Did you notice the end of the message: you're advised to wipe out tmp and rebuild (reusing sstate is fine) -- building python-pybluez recipe alone should proceed if you just wipe your TMPDIR and build again. You'll still need to deal with the conflicts before image creation if your image does really contain bluez4
everyone,
when I deploy my package to a linux environment, I met this error:
.../Linux-2.6c2.5-i686/Ncurses/Ncurses-15766.0-0/lib/libncurses.so.5 is encountered a second time at /apollo/_env/FBAMerchantAutoRemovalDaemon-swit1na.1755067.237551097.1107633519/perl/lib/perl5.8-dist/File/Find.pm line 542.
though I read the perl script, I have no idea what is wrong. I suspect my environment is tainted. Does anyone have idea what is wrong and how can I debug this problem? Thanks a lot in advance!
Zhe
From perldoc File::Find
follow
Causes symbolic links to be followed. Since directory trees with symbolic links (followed) may contain files more than once and may even have cycles, a hash has to be built up with an entry for each file. This might be expensive both in space and time for a large directory tree. See "follow_fast" and "follow_skip" below. If either follow or follow_fast is in effect:
It is guaranteed that an lstat has been called before the user's wanted() function is called. This enables fast file checks involving _. Note that this guarantee no longer holds if follow or follow_fast are not set.
There is a variable $File::Find::fullname which holds the absolute pathname of the file with all symbolic links resolved. If the link is a dangling symbolic link, then fullname will be set to undef.
So, if, for the purposes of your application, if it is OK to follow symlinks, invoke find with the follow option set:
find({ wanted => \&process, follow => 1 }, $dir);
Or, consider if one of the other follow_skip behaviors is more appropriate for your application:
follow_skip
follow_skip==1, which is the default, causes all files which are neither directories nor symbolic links to be ignored if they are about to be processed a second time. If a directory or a symbolic link are about to be processed a second time, File::Find dies.
follow_skip==0 causes File::Find to die if any file is about to be processed a second time.
follow_skip==2 causes File::Find to ignore any duplicate files and directories but to proceed normally otherwise.
It may be that follow_skip => 2 is more appropriate for your application. Only you can make that decision.