| Message ID | 20211117123201.111905-1-luca.boccassi@gmail.com |
|---|---|
| Headers | show |
| Series | systemd: allow building for nativesdk | expand |
Shouldn't this be enabled in regular yocto builds first, e.g. allow systemd-native and then add the needed checks to systemd.bbclass? Maybe nativesdk support isn't then needed at all? Alex On Wed, 17 Nov 2021 at 13:32, Luca Bocassi <luca.boccassi@gmail.com> wrote: > From: Luca Boccassi <luca.boccassi@microsoft.com> > > systemd-analyze in the next release will gain the ability to > run the 'security' and 'verify' verbs offline, on local units. > This is very useful at build time and/or in CI systems to detect > errors and issues before changes are deployed, as a static > analyzer tool. > This series enables building the systemd recipe for the nativesdk > targets, so that systemd-analyze can be included in the SDK and > called by users/build systems/CI systems. > > Luca Boccassi (8): > systemd: skip chown when building for nativesdk > systemd: skip postinst in nativesdk builds > systemd: remove /var in nativesdk builds > volatile-binds: remove /var in nativesdk builds > volatile-binds: add nativesdk > kbd: add nativesdk > os-release: add nativesdk > systemd: add nativesdk > > meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- > meta/recipes-core/os-release/os-release.bb | 2 ++ > meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ > .../systemd/systemd-serialgetty.bb | 2 ++ > meta/recipes-core/systemd/systemd_249.5.bb | 29 +++++++++++++++++-- > .../volatile-binds/volatile-binds.bb | 7 +++++ > 6 files changed, 41 insertions(+), 3 deletions(-) > > -- > 2.30.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#158384): > https://lists.openembedded.org/g/openembedded-core/message/158384 > Mute This Topic: https://lists.openembedded.org/mt/87118013/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On Wed, 2021-11-17 at 13:53 +0100, Alexander Kanavin wrote: > Shouldn't this be enabled in regular yocto builds first, e.g. allow > systemd-native and then add the needed checks to systemd.bbclass? > Maybe nativesdk support isn't then needed at all? > > Alex I'm not sure I follow, that would break the build? These changes are necessary to make it work. I am including the package in the local sdk configuration, without these patches it does not build. > On Wed, 17 Nov 2021 at 13:32, Luca Bocassi <luca.boccassi@gmail.com> > wrote: > > From: Luca Boccassi <luca.boccassi@microsoft.com> > > > > systemd-analyze in the next release will gain the ability to > > run the 'security' and 'verify' verbs offline, on local units. > > This is very useful at build time and/or in CI systems to detect > > errors and issues before changes are deployed, as a static > > analyzer tool. > > This series enables building the systemd recipe for the nativesdk > > targets, so that systemd-analyze can be included in the SDK and > > called by users/build systems/CI systems. > > > > Luca Boccassi (8): > > systemd: skip chown when building for nativesdk > > systemd: skip postinst in nativesdk builds > > systemd: remove /var in nativesdk builds > > volatile-binds: remove /var in nativesdk builds > > volatile-binds: add nativesdk > > kbd: add nativesdk > > os-release: add nativesdk > > systemd: add nativesdk > > > > meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- > > meta/recipes-core/os-release/os-release.bb | 2 ++ > > meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ > > .../systemd/systemd-serialgetty.bb | 2 ++ > > meta/recipes-core/systemd/systemd_249.5.bb | 29 > > +++++++++++++++++-- > > .../volatile-binds/volatile-binds.bb | 7 +++++ > > 6 files changed, 41 insertions(+), 3 deletions(-) > >
On Wed, 17 Nov 2021 at 15:59, Luca Boccassi <luca.boccassi@gmail.com> wrote: > On Wed, 2021-11-17 at 13:53 +0100, Alexander Kanavin wrote: > > Shouldn't this be enabled in regular yocto builds first, e.g. allow > > systemd-native and then add the needed checks to systemd.bbclass? > > Maybe nativesdk support isn't then needed at all? > > > > Alex > > I'm not sure I follow, that would break the build? These changes are > necessary to make it work. I am including the package in the local sdk > configuration, without these patches it does not build. > What I'm trying to say is running those systemd analyzers should be enabled in regular yocto builds first before it's enabled in SDKs. It's not a good idea to have a feature that is available in SDKs but not available in direct use of bitbake to build recipes. Alex > > > On Wed, 17 Nov 2021 at 13:32, Luca Bocassi <luca.boccassi@gmail.com> > > wrote: > > > From: Luca Boccassi <luca.boccassi@microsoft.com> > > > > > > systemd-analyze in the next release will gain the ability to > > > run the 'security' and 'verify' verbs offline, on local units. > > > This is very useful at build time and/or in CI systems to detect > > > errors and issues before changes are deployed, as a static > > > analyzer tool. > > > This series enables building the systemd recipe for the nativesdk > > > targets, so that systemd-analyze can be included in the SDK and > > > called by users/build systems/CI systems. > > > > > > Luca Boccassi (8): > > > systemd: skip chown when building for nativesdk > > > systemd: skip postinst in nativesdk builds > > > systemd: remove /var in nativesdk builds > > > volatile-binds: remove /var in nativesdk builds > > > volatile-binds: add nativesdk > > > kbd: add nativesdk > > > os-release: add nativesdk > > > systemd: add nativesdk > > > > > > meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- > > > meta/recipes-core/os-release/os-release.bb | 2 ++ > > > meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ > > > .../systemd/systemd-serialgetty.bb | 2 ++ > > > meta/recipes-core/systemd/systemd_249.5.bb | 29 > > > +++++++++++++++++-- > > > .../volatile-binds/volatile-binds.bb | 7 +++++ > > > 6 files changed, 41 insertions(+), 3 deletions(-) > > > > >
On Wed, 2021-11-17 at 16:07 +0100, Alexander Kanavin wrote: > > > On Wed, 17 Nov 2021 at 15:59, Luca Boccassi <luca.boccassi@gmail.com> > wrote: > > On Wed, 2021-11-17 at 13:53 +0100, Alexander Kanavin wrote: > > > Shouldn't this be enabled in regular yocto builds first, e.g. > > allow > > > systemd-native and then add the needed checks to systemd.bbclass? > > > Maybe nativesdk support isn't then needed at all? > > > > > > Alex > > > > I'm not sure I follow, that would break the build? These changes > > are > > necessary to make it work. I am including the package in the local > > sdk > > configuration, without these patches it does not build. > > > > > What I'm trying to say is running those systemd analyzers should be > enabled in regular yocto builds first before it's enabled in SDKs. > It's not a good idea to have a feature that is available in SDKs but > not available in direct use of bitbake to build recipes. > > Alex But it is already available? And it has been for a long time: https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/systemd/systemd_249.5.bb#n411 > > > > > On Wed, 17 Nov 2021 at 13:32, Luca Bocassi > > <luca.boccassi@gmail.com> > > > wrote: > > > > From: Luca Boccassi <luca.boccassi@microsoft.com> > > > > > > > > systemd-analyze in the next release will gain the ability to > > > > run the 'security' and 'verify' verbs offline, on local units. > > > > This is very useful at build time and/or in CI systems to > > detect > > > > errors and issues before changes are deployed, as a static > > > > analyzer tool. > > > > This series enables building the systemd recipe for the > > nativesdk > > > > targets, so that systemd-analyze can be included in the SDK and > > > > called by users/build systems/CI systems. > > > > > > > > Luca Boccassi (8): > > > > systemd: skip chown when building for nativesdk > > > > systemd: skip postinst in nativesdk builds > > > > systemd: remove /var in nativesdk builds > > > > volatile-binds: remove /var in nativesdk builds > > > > volatile-binds: add nativesdk > > > > kbd: add nativesdk > > > > os-release: add nativesdk > > > > systemd: add nativesdk > > > > > > > > meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- > > > > meta/recipes-core/os-release/os-release.bb | 2 ++ > > > > meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ > > > > .../systemd/systemd-serialgetty.bb | 2 ++ > > > > meta/recipes-core/systemd/systemd_249.5.bb | 29 > > > > +++++++++++++++++-- > > > > .../volatile-binds/volatile-binds.bb | 7 +++++ > > > > 6 files changed, 41 insertions(+), 3 deletions(-) > > > > > >
On Wed, 17 Nov 2021 at 17:11, Luca Boccassi <luca.boccassi@gmail.com> wrote: > > What I'm trying to say is running those systemd analyzers should be > > enabled in regular yocto builds first before it's enabled in SDKs. > > It's not a good idea to have a feature that is available in SDKs but > > not available in direct use of bitbake to build recipes. > > > > Alex > > But it is already available? And it has been for a long time: > > > https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/systemd/systemd_249.5.bb#n411 This is packaging the tool for the target images; what I propose is that it's built and used natively. Alex
On Wed, 2021-11-17 at 17:44 +0100, Alexander Kanavin wrote: > On Wed, 17 Nov 2021 at 17:11, Luca Boccassi <luca.boccassi@gmail.com> > wrote: > > > What I'm trying to say is running those systemd analyzers should > > be > > > enabled in regular yocto builds first before it's enabled in > > SDKs. > > > It's not a good idea to have a feature that is available in SDKs > > but > > > not available in direct use of bitbake to build recipes. > > > > > > Alex > > > > But it is already available? And it has been for a long time: > > > > https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/systemd/systemd_249.5.bb#n411 > > This is packaging the tool for the target images; what I propose is > that it's built and used natively. Which is what this patchset does? Again you can't build these recipes to run locally without these changes, that's the entire point
On Wed, 17 Nov 2021 at 18:41, Luca Boccassi <luca.boccassi@gmail.com> wrote: > > This is packaging the tool for the target images; what I propose is > > that it's built and used natively. > > Which is what this patchset does? Again you can't build these recipes > to run locally without these changes, that's the entire point > This patchset allows systemd binaries to be used in SDKs; what I would like to see is that those binaries are built and used directly in yocto builds. E.g. systemd recipe gains BBCLASSEXTEND = "native", systemd.bbclass gets DEPENDS = "systemd-native" and then uses the native systemd binaries in the same way you want to use them in your private SDK-based pipelines. Alex
On Wed, 2021-11-17 at 18:49 +0100, Alexander Kanavin wrote: > On Wed, 17 Nov 2021 at 18:41, Luca Boccassi <luca.boccassi@gmail.com> > wrote: > > > This is packaging the tool for the target images; what I propose > > is > > > that it's built and used natively. > > > > Which is what this patchset does? Again you can't build these > > recipes > > to run locally without these changes, that's the entire point > > This patchset allows systemd binaries to be used in SDKs; what I > would like to see is that those binaries are built and used directly > in yocto builds. E.g. systemd recipe gains BBCLASSEXTEND = "native", > systemd.bbclass gets DEPENDS = "systemd-native" and then uses the > native systemd binaries in the same way you want to use them in your > private SDK-based pipelines. Sounds good to me, feel free to go ahead and send patches to do that. It's unrelated to this series and to my requirements, and I have no use for it, so I will not be spending any time chasing down various rabbit holes to make it work, sorry.
On Wed, 17 Nov 2021 at 19:05, Luca Boccassi <luca.boccassi@gmail.com> wrote: > > This patchset allows systemd binaries to be used in SDKs; what I > > would like to see is that those binaries are built and used directly > > in yocto builds. E.g. systemd recipe gains BBCLASSEXTEND = "native", > > systemd.bbclass gets DEPENDS = "systemd-native" and then uses the > > native systemd binaries in the same way you want to use them in your > > private SDK-based pipelines. > > Sounds good to me, feel free to go ahead and send patches to do that. > It's unrelated to this series and to my requirements, and I have no use > for it, so I will not be spending any time chasing down various rabbit > holes to make it work, sorry. > Please consider the needs of the project and the community too. From that perspective I do think any QA enhancement must be available to users of bitbake before it's available to users of SDK (and even then, without any regression testing upstream, and only if they set up special SDK plumbing in private CI pipelines). Doing otherwise sets a bad precedent in my opinion. Alex
Hi Luca, If the real useful part is only about systemd-analyze in case of nativesdk/native, I'd suggest adding systemd-analyze-native or nativesdk-systemd-analyze instead of extending the current systemd recipe. This is because systemd has a whole bunch of dependencies which basically make no sense in case of native/nativesdk. Looking at the src/analyze/meson.build file, I guess it could be built independently. Regards, Qi On 11/17/21 8:31 PM, Luca Bocassi wrote: > From: Luca Boccassi <luca.boccassi@microsoft.com> > > systemd-analyze in the next release will gain the ability to > run the 'security' and 'verify' verbs offline, on local units. > This is very useful at build time and/or in CI systems to detect > errors and issues before changes are deployed, as a static > analyzer tool. > This series enables building the systemd recipe for the nativesdk > targets, so that systemd-analyze can be included in the SDK and > called by users/build systems/CI systems. > > Luca Boccassi (8): > systemd: skip chown when building for nativesdk > systemd: skip postinst in nativesdk builds > systemd: remove /var in nativesdk builds > volatile-binds: remove /var in nativesdk builds > volatile-binds: add nativesdk > kbd: add nativesdk > os-release: add nativesdk > systemd: add nativesdk > > meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- > meta/recipes-core/os-release/os-release.bb | 2 ++ > meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ > .../systemd/systemd-serialgetty.bb | 2 ++ > meta/recipes-core/systemd/systemd_249.5.bb | 29 +++++++++++++++++-- > .../volatile-binds/volatile-binds.bb | 7 +++++ > 6 files changed, 41 insertions(+), 3 deletions(-) > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#158384): https://lists.openembedded.org/g/openembedded-core/message/158384 > Mute This Topic: https://lists.openembedded.org/mt/87118013/3618072 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [Qi.Chen@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Fri, 2021-11-19 at 09:43 +0800, ChenQi wrote: > Hi Luca, > > If the real useful part is only about systemd-analyze in case of > nativesdk/native, I'd suggest adding systemd-analyze-native or > nativesdk-systemd-analyze instead of extending the current systemd > recipe. > This is because systemd has a whole bunch of dependencies which > basically make no sense in case of native/nativesdk. Looking at the > src/analyze/meson.build file, I guess it could be built > independently. > > Regards, > Qi Hi, Building individual binaries like that is not supported, so it cannot work. > On 11/17/21 8:31 PM, Luca Bocassi wrote: > From: Luca Boccassi <luca.boccassi@microsoft.com> > > systemd-analyze in the next release will gain the ability to > run the 'security' and 'verify' verbs offline, on local units. > This is very useful at build time and/or in CI systems to detect > errors and issues before changes are deployed, as a static > analyzer tool. > This series enables building the systemd recipe for the nativesdk > targets, so that systemd-analyze can be included in the SDK and > called by users/build systems/CI systems. > > Luca Boccassi (8): > systemd: skip chown when building for nativesdk > systemd: skip postinst in nativesdk builds > systemd: remove /var in nativesdk builds > volatile-binds: remove /var in nativesdk builds > volatile-binds: add nativesdk > kbd: add nativesdk > os-release: add nativesdk > systemd: add nativesdk > > meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- > meta/recipes-core/os-release/os-release.bb | 2 ++ > meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ > .../systemd/systemd-serialgetty.bb | 2 ++ > meta/recipes-core/systemd/systemd_249.5.bb | 29 > +++++++++++++++++-- > .../volatile-binds/volatile-binds.bb | 7 +++++ > 6 files changed, 41 insertions(+), 3 deletions(-) > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#158384): > https://lists.openembedded.org/g/openembedded-core/message/158384 > Mute This Topic: https://lists.openembedded.org/mt/87118013/3618072 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub > [Qi.Chen@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- > > >
On 11/19/21 7:26 PM, Luca Boccassi wrote: > On Fri, 2021-11-19 at 09:43 +0800, ChenQi wrote: >> Hi Luca, >> >> If the real useful part is only about systemd-analyze in case of >> nativesdk/native, I'd suggest adding systemd-analyze-native or >> nativesdk-systemd-analyze instead of extending the current systemd >> recipe. >> This is because systemd has a whole bunch of dependencies which >> basically make no sense in case of native/nativesdk. Looking at the >> src/analyze/meson.build file, I guess it could be built >> independently. >> >> Regards, >> Qi > Hi, > > Building individual binaries like that is not supported, so it cannot > work. Thanks for your clarification. Regards, Qi >> On 11/17/21 8:31 PM, Luca Bocassi wrote: >> From: Luca Boccassi <luca.boccassi@microsoft.com> >> >> systemd-analyze in the next release will gain the ability to >> run the 'security' and 'verify' verbs offline, on local units. >> This is very useful at build time and/or in CI systems to detect >> errors and issues before changes are deployed, as a static >> analyzer tool. >> This series enables building the systemd recipe for the nativesdk >> targets, so that systemd-analyze can be included in the SDK and >> called by users/build systems/CI systems. >> >> Luca Boccassi (8): >> systemd: skip chown when building for nativesdk >> systemd: skip postinst in nativesdk builds >> systemd: remove /var in nativesdk builds >> volatile-binds: remove /var in nativesdk builds >> volatile-binds: add nativesdk >> kbd: add nativesdk >> os-release: add nativesdk >> systemd: add nativesdk >> >> meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- >> meta/recipes-core/os-release/os-release.bb | 2 ++ >> meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ >> .../systemd/systemd-serialgetty.bb | 2 ++ >> meta/recipes-core/systemd/systemd_249.5.bb | 29 >> +++++++++++++++++-- >> .../volatile-binds/volatile-binds.bb | 7 +++++ >> 6 files changed, 41 insertions(+), 3 deletions(-) >> >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#158384): >> https://lists.openembedded.org/g/openembedded-core/message/158384 >> Mute This Topic: https://lists.openembedded.org/mt/87118013/3618072 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub >> [Qi.Chen@windriver.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> >> >>
From: Luca Boccassi <luca.boccassi@microsoft.com> systemd-analyze in the next release will gain the ability to run the 'security' and 'verify' verbs offline, on local units. This is very useful at build time and/or in CI systems to detect errors and issues before changes are deployed, as a static analyzer tool. This series enables building the systemd recipe for the nativesdk targets, so that systemd-analyze can be included in the SDK and called by users/build systems/CI systems. Luca Boccassi (8): systemd: skip chown when building for nativesdk systemd: skip postinst in nativesdk builds systemd: remove /var in nativesdk builds volatile-binds: remove /var in nativesdk builds volatile-binds: add nativesdk kbd: add nativesdk os-release: add nativesdk systemd: add nativesdk meta/recipes-core/kbd/kbd_2.4.0.bb | 2 +- meta/recipes-core/os-release/os-release.bb | 2 ++ meta/recipes-core/systemd/systemd-conf_1.0.bb | 2 ++ .../systemd/systemd-serialgetty.bb | 2 ++ meta/recipes-core/systemd/systemd_249.5.bb | 29 +++++++++++++++++-- .../volatile-binds/volatile-binds.bb | 7 +++++ 6 files changed, 41 insertions(+), 3 deletions(-)