Bureaucrats, dave_user, Administrators
8,256
edits
Changes
Created page with "{{InfoBoxTop}} {{AppliesToAXEL Lite TN}} {{AppliesToAXEL ULite TN}} {{AppliesToBORA TN}} {{AppliesToBORA Xpress TN}} {{AppliesToBORA Lite TN}} {{Applies To Yocto}} Category:..."
{{InfoBoxTop}}
{{AppliesToAXEL Lite TN}}
{{AppliesToAXEL ULite TN}}
{{AppliesToBORA TN}}
{{AppliesToBORA Xpress TN}}
{{AppliesToBORA Lite TN}}
{{Applies To Yocto}}
[[Category:MISC-AN-TN]]
[[Category:MISC-TN]]
{{InfoBoxBottom}}
__FORCETOC__
== History ==
{| class="wikitable" border="1"
!Version
!Date
!Notes
|-
|1.0.0
|Apr 2022
|First public release
|}
==Introduction==
Recently, some months ago, there was a policy change on accessing git repositories for security issues. The Github security access has been changed for accessing the git repositories via ssh: more information can be found in the following news [https://github.blog/2021-09-01-improving-git-protocol-security-github/ Improving Git protocol security on GitHub].
As reported :
''We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.''
To mitigate this issue, it will be required to change the protocol access to the repo starting with <code>git://</code>
This Technical Note shows an example on how to modify <code>repo</code> manifest to correctly run the Yocto build.
== Yocto Manifest ==
Before starting the Yocto, build it is required to check the <code>default.xml</code> manifest file for the git access to the layers repositories.
Here below there is an example using the [https://wiki.dave.eu/index.php?title=DESK-MX6-L/Development/Building_the_Yocto_BSP&oldid=14300 DESK-MX6-L-1.0.0] wiki page instructions for building the overall BSP.
=== Orginal ''default.xml''===
The original file, as per <code>desk-mx6-l-1.0.1</code> tag, uses the '''git''' protocol for accessing the Yocto, freescale and Qt repositories:
<pre>
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<default sync-j="2"/>
<remote fetch="git://git.yoctoproject.org" name="yocto"/>
<remote fetch="git://github.com/Freescale" name="freescale"/>
<remote fetch="git://git.openembedded.org" name="oe"/>
<remote fetch="git://github.com/OSSystems" name="OSSystems"/>
<remote fetch="git://github.com/meta-qt5" name="QT5"/>
<remote fetch="git://github.com/meta-rust" name="rust"/>
<remote fetch="https://source.codeaurora.org/external/imx" name="CAF" />
<remote fetch="ssh://git@git.dave.eu/" name="DAVE"/>
...
...
</pre>
in this case, multiple access error will be prompted by repo sync:
dvdk@vagrant:~/yocto$ ./repo sync
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0remote: Counting objects: 101, done.
remote: Compressing objects: 100% (99/99), done.
remote: Total 101 (delta 27), reused 0 (delta 0)
Receiving objects: 100% (101/101), 15.88 KiB | 7.94 MiB/s, done.
Resolving deltas: 100% (27/27), done.
From ssh://git.dave.eu/desk-mx-l/desk-mx-l-bsp
* [new branch] hardknott -> DAVE/hardknott
* [new branch] sumo -> DAVE/sumo
* [new tag] desk-mx6-l-1.0.1 -> desk-mx6-l-1.0.1
* [new tag] desk-mx6-l-1.0.0 -> desk-mx6-l-1.0.0
* [new tag] desk-mx6-l-1.0.2 -> desk-mx6-l-1.0.2
* [new tag] desk-mx6-l-3.0.0 -> desk-mx6-l-3.0.0
* [new tag] desk-mx6ul-l-1.0.0 -> desk-mx6ul-l-1.0.0
* [new tag] desk-mx6ul-l-1.0.1 -> desk-mx6ul-l-1.0.1
* [new tag] desk-mx6ul-l-3.0.0 -> desk-mx6ul-l-3.0.0
* [new tag] desk-mx8m-l-2.0.0-rc2 -> desk-mx8m-l-2.0.0-rc2
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
'''fatal: remote error: '''
''' The unauthenticated git protocol on port 9418 is no longer supported.'''
'''Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.'''
100 145 100 145 0 0 147 0 --:--:-- --:--:-- --:--:-- 147
100 15.5M 100 15.5M 0 0 2051k 0 0:00:07 0:00:07 --:--:-- 2660k
Receiving objects: 100% (182040/182040), 15.58 MiB | 37.81 MiB/s, done.
Resolving deltas: 100% (126131/126131), done.
From /home/dvdk/yocto/.repo/projects/sources/meta-fsl-bsp-release.git/clone.bundle
* [new branch] warrior-4.19.35-1.1.0 -> CAF/warrior-4.19.35-1.1.0
* [new branch] thud-4.19.35-1.0.0 -> CAF/thud-4.19.35-1.0.0
* [new branch] sumo-4.14.98-2.3.0 -> CAF/sumo-4.14.98-2.3.0
...
...
=== Fixed ''default.xml''===
The modified file, as per <code>desk-mx6-l-1.0.2</code> tag, uses the '''https''' protocol for accessing the Yocto, freescale and Qt repositories:
<pre>
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<default sync-j="2"/>
<remote fetch="https://git.yoctoproject.org" name="yocto"/>
<remote fetch="https://github.com/Freescale" name="freescale"/>
<remote fetch="https://git.openembedded.org" name="oe"/>
<remote fetch="https://github.com/OSSystems" name="OSSystems"/>
<remote fetch="https://github.com/meta-qt5" name="QT5"/>
<remote fetch="https://github.com/meta-rust" name="rust"/>
<remote fetch="https://source.codeaurora.org/external/imx" name="CAF" />
<remote fetch="ssh://git@git.dave.eu/" name="DAVE"/>
...
...
</pre>
== Other Yocto layers or recipes ==
This issue can be present also on other layers or recipes: in this case...
{{AppliesToAXEL Lite TN}}
{{AppliesToAXEL ULite TN}}
{{AppliesToBORA TN}}
{{AppliesToBORA Xpress TN}}
{{AppliesToBORA Lite TN}}
{{Applies To Yocto}}
[[Category:MISC-AN-TN]]
[[Category:MISC-TN]]
{{InfoBoxBottom}}
__FORCETOC__
== History ==
{| class="wikitable" border="1"
!Version
!Date
!Notes
|-
|1.0.0
|Apr 2022
|First public release
|}
==Introduction==
Recently, some months ago, there was a policy change on accessing git repositories for security issues. The Github security access has been changed for accessing the git repositories via ssh: more information can be found in the following news [https://github.blog/2021-09-01-improving-git-protocol-security-github/ Improving Git protocol security on GitHub].
As reported :
''We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.''
To mitigate this issue, it will be required to change the protocol access to the repo starting with <code>git://</code>
This Technical Note shows an example on how to modify <code>repo</code> manifest to correctly run the Yocto build.
== Yocto Manifest ==
Before starting the Yocto, build it is required to check the <code>default.xml</code> manifest file for the git access to the layers repositories.
Here below there is an example using the [https://wiki.dave.eu/index.php?title=DESK-MX6-L/Development/Building_the_Yocto_BSP&oldid=14300 DESK-MX6-L-1.0.0] wiki page instructions for building the overall BSP.
=== Orginal ''default.xml''===
The original file, as per <code>desk-mx6-l-1.0.1</code> tag, uses the '''git''' protocol for accessing the Yocto, freescale and Qt repositories:
<pre>
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<default sync-j="2"/>
<remote fetch="git://git.yoctoproject.org" name="yocto"/>
<remote fetch="git://github.com/Freescale" name="freescale"/>
<remote fetch="git://git.openembedded.org" name="oe"/>
<remote fetch="git://github.com/OSSystems" name="OSSystems"/>
<remote fetch="git://github.com/meta-qt5" name="QT5"/>
<remote fetch="git://github.com/meta-rust" name="rust"/>
<remote fetch="https://source.codeaurora.org/external/imx" name="CAF" />
<remote fetch="ssh://git@git.dave.eu/" name="DAVE"/>
...
...
</pre>
in this case, multiple access error will be prompted by repo sync:
dvdk@vagrant:~/yocto$ ./repo sync
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0remote: Counting objects: 101, done.
remote: Compressing objects: 100% (99/99), done.
remote: Total 101 (delta 27), reused 0 (delta 0)
Receiving objects: 100% (101/101), 15.88 KiB | 7.94 MiB/s, done.
Resolving deltas: 100% (27/27), done.
From ssh://git.dave.eu/desk-mx-l/desk-mx-l-bsp
* [new branch] hardknott -> DAVE/hardknott
* [new branch] sumo -> DAVE/sumo
* [new tag] desk-mx6-l-1.0.1 -> desk-mx6-l-1.0.1
* [new tag] desk-mx6-l-1.0.0 -> desk-mx6-l-1.0.0
* [new tag] desk-mx6-l-1.0.2 -> desk-mx6-l-1.0.2
* [new tag] desk-mx6-l-3.0.0 -> desk-mx6-l-3.0.0
* [new tag] desk-mx6ul-l-1.0.0 -> desk-mx6ul-l-1.0.0
* [new tag] desk-mx6ul-l-1.0.1 -> desk-mx6ul-l-1.0.1
* [new tag] desk-mx6ul-l-3.0.0 -> desk-mx6ul-l-3.0.0
* [new tag] desk-mx8m-l-2.0.0-rc2 -> desk-mx8m-l-2.0.0-rc2
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
'''fatal: remote error: '''
''' The unauthenticated git protocol on port 9418 is no longer supported.'''
'''Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.'''
100 145 100 145 0 0 147 0 --:--:-- --:--:-- --:--:-- 147
100 15.5M 100 15.5M 0 0 2051k 0 0:00:07 0:00:07 --:--:-- 2660k
Receiving objects: 100% (182040/182040), 15.58 MiB | 37.81 MiB/s, done.
Resolving deltas: 100% (126131/126131), done.
From /home/dvdk/yocto/.repo/projects/sources/meta-fsl-bsp-release.git/clone.bundle
* [new branch] warrior-4.19.35-1.1.0 -> CAF/warrior-4.19.35-1.1.0
* [new branch] thud-4.19.35-1.0.0 -> CAF/thud-4.19.35-1.0.0
* [new branch] sumo-4.14.98-2.3.0 -> CAF/sumo-4.14.98-2.3.0
...
...
=== Fixed ''default.xml''===
The modified file, as per <code>desk-mx6-l-1.0.2</code> tag, uses the '''https''' protocol for accessing the Yocto, freescale and Qt repositories:
<pre>
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<default sync-j="2"/>
<remote fetch="https://git.yoctoproject.org" name="yocto"/>
<remote fetch="https://github.com/Freescale" name="freescale"/>
<remote fetch="https://git.openembedded.org" name="oe"/>
<remote fetch="https://github.com/OSSystems" name="OSSystems"/>
<remote fetch="https://github.com/meta-qt5" name="QT5"/>
<remote fetch="https://github.com/meta-rust" name="rust"/>
<remote fetch="https://source.codeaurora.org/external/imx" name="CAF" />
<remote fetch="ssh://git@git.dave.eu/" name="DAVE"/>
...
...
</pre>
== Other Yocto layers or recipes ==
This issue can be present also on other layers or recipes: in this case...
