Changes

Recently, some months agoStarting from beginning of 2022, there was a policy change on accessing most git hosting services to restrict "unsecure" git repositories protocol for security issues. The Github  GitHub security access has been changed for accessing the git repositories via ssh: more information can be found in the following news [https://github.blog/2021-09-01-improving-git-protocol-security-github/ Improving Git protocol security on GitHub].

[[FileThis is already applied in DAVE BSPs published after March 2022 but older BSPs, published prior this change, may need to be fixed manually to use ssh instead of <code>git:Git_protocol_security_on_GitHub.png | center|600px]]//</code> to access some repositories

To mitigate This Technical Note shows an example on how to update those older releases to solve this issue, it will be required to change the protocol access to the repo starting with <code>git://</code>

This Technical Note shows an example on how to modify <code>== BSP repo</code> manifest to correctly run the Manifest ==DAVE Yocto build. Some ''tips & tricks'' can be found also in this BSPs uses [https://stackoverflowgerrit.googlesource.com/questions/70663523/the-unauthenticated-git-protocol-on-port-9418-is-no-longer-supported stackoverflowrepo/ repo] question.to track the multiple layers required to setup the BSP itself

== Yocto Manifest ==Before starting the Yocto build, it is required to check the If <code>default.xmlgit</code> manifest file for the git access protocol is used to clone some these layers, user will encounter the layers repositories.above issue

Here below there is an example using the [https://wiki.dave.eu/index.php?title{{OldRevision|page=DESK-MX6-L/Development/Building_the_Yocto_BSP&oldidBuilding the Yocto BSP|revision=14300 |text=DESK-MX6-L-1.0.0] wiki }}page instructions for building the overall BSP.while fixing the manifest

=== Orginal ''default.xml''Setup with original manifest===The original file, as per <code>desk-mx6-l-1.0.1</code> tag, uses the '''<code>git''' </code> protocol for accessing the Yocto, freescale and Qt repositoriesto clone some layers:

in this case, multiple access error will be prompted by while running <code>repo sync</code>:

=== Fixed Fixing repo manifest===<code>repo</code> stores the current manifest in <code>.repo/manifest.xml</code>: this is the file that needs to be patched to solve this issue locally After <code>repo init</code> and prior <code>repo sync</code>, user need to edit <code>.repo/manifest.xml</code> to change all occurrence of <code>git://</code> protocol specifier to <code>https://</code> This can be also applied with a simple <code>sed</code> command:<syntaxhighlight lang="bash">sed -i 's/git:\/\//https:\/\//g'default.repo/manifest.xml''===The modified file</syntaxhighlight>Please note that, for <code>DESK-MX6-L-1.x.x</code>, as per this is already fixed in <code>desk-mx6-l-1.0.2</code> tag, uses the '''https''' protocol for accessing the git repositoriesrelease:

To be precise the <code>diff</code> between the two releases is:<syntaxhighlight lang="diff">diff --git a/default.xml b/default.xmlindex f4d7443..1a4d7fb 100644--- a/default.xml+++ b/default.xml@@ -3,12 +3,12 @@ <default sync-j="2"/> - <remote fetch="git://git.yoctoproject.org" name="yocto"/>- <remote fetch="git://github.com/Freescale" name="freescale"/>- <remote fetch="git://git.openembedded.org" name= Other Yocto layers or recipes "oe"/>- <remote fetch="git://github.com/OSSystems" name="OSSystems"/>This issue can be present also on other layers or recipes- <remote fetch="git: in this case, the related //github.com/meta-qt5" name="QT5"/>- <coderemote fetch="git://github.com/meta-rust" name="rust"/>+ <remote fetch="https://git.yoctoproject.org" name="yocto"/>+ <remote fetch="https://github.com/Freescale" name="freescale"/>+ <remote fetch="https://git.openembedded.org" name="oe"/>+ <remote fetch="https://github.com/OSSystems" name="OSSystems"/code> access should be changed or fixed+ <remote fetch="https://github.com/meta-qt5" name="QT5"/>+ <remote fetch="https://github.com/meta-rust" name="rust"/> <remote fetch="https://source.codeaurora.org/external/imx" name= Workaround "CAF" /> <remote fetch="ssh://git@git.dave.eu/" name="DAVE"/>

As an workaround for the <code><nowiki>git://github.com/</nowikisyntaxhighlight></code> access, it is possible to replace the ''git'' access to the ''https'' access using the [https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf git configuration] command:

<pre>== Layer recipes ==<nowiki> While most of Yocto recipes used tar (or similar) archive to get source code, some of them download source code using git config --global url."https://github.com/".insteadOf git://github.com/</nowiki></pre>

See more info [Usually <code>https:</code> protocol is used for this, but in some cases <code>SRC_URI</stackoverflow.com/questions/1722807code> may need to be updated if plain <code>git</how-to-convert-code> protocol is used (and if the git-urls-to-http-urls here]server implements GitHub like security policies)