merit has quit [Read error: Connection reset by peer]
merit has joined #yocto
mbulut has quit [Ping timeout: 260 seconds]
Guest27 has joined #yocto
Guest27 has quit [Quit: Client closed]
vvn has joined #yocto
Vonter has quit [Ping timeout: 276 seconds]
Fr4nk has quit [Read error: Connection reset by peer]
Fr4nk has joined #yocto
rynofinn____ has quit [Server closed connection]
rynofinn____ has joined #yocto
tlwoerner has joined #yocto
trochotron has joined #yocto
Vonter has joined #yocto
vvn has quit [Quit: WeeChat 4.6.3]
Daanct12 has joined #yocto
mbulut has joined #yocto
tec4 has quit [Server closed connection]
tec4 has joined #yocto
<khem>
rburton: not that crazy
<khem>
there are products shipping with TOOLCHAIN=clang
<khem>
RP:I can volunteer
<khem>
RP: perhaps better to build a poky-clang config now that clang is in core instead of meta-clang
<khem>
that will help a lot to make clang graduate as core compiler
trochotron has quit [Quit: Connection closed for inactivity]
NishanthMenon has quit [Server closed connection]
NishanthMenon has joined #yocto
<mbulut>
landgraf, interesting post about umoci -- does it support signing images (maybe using cosign or else)?
goliath has joined #yocto
rfuentess has joined #yocto
zeemate has joined #yocto
leon-anavi has joined #yocto
rob_w has joined #yocto
druppy has joined #yocto
<mckoan|away>
IMBA
mckoan|away is now known as mckoan
<landgraf>
mbulut: I don't think Umoci does this. It generates OCI image and doesn't act as a registry or something. The image can be pushed to the registry and signed but it's out of scope afaik
frieder has joined #yocto
druppy has quit [Ping timeout: 260 seconds]
LainIwakura has joined #yocto
<mbulut>
landgraf, yeah that makes sense
<mbulut>
i'm impressed by the image size comparison
<mbulut>
wonder where this comes from tbh, is it down to how the image is composed/layered or does it use better compression than podman? have you compared against images built with docker buildx?
<mbulut>
in our product we deploy images built elsewhere using docker buildx by pulling+saving them as compressed tarballs
<landgraf>
mbulut: it doesn't have package management, default dependencies bloat, caches etc etc some of our containers don't have shell/busybox
<landgraf>
mbulut: blog post mentions opencv, just take a look how opencv packaged in pip (and even worse - check the packages which depend on it, it's pain!).
<landgraf>
ultralytics depends on opencv-python which doesn't work without OpenGL libraries, opencv-python-headless does work but it does't satisfy ultralytics dependency. then we have opencv-contrib-python-headless which add more levels of complecity. There're workarounds for this but they're ugly
Articulus has joined #yocto
<mbulut>
hmm ok i seem to get it -- sounds like an interesting alternative to buildx, although multiarch builds seem a bit more involved with umoci
<mbulut>
will take a deeper look later, thx for sharing the blog!
<RP>
berton: adding more variables isn't really going to help make that area of the code more usable :(
<berton>
RP: Do you have any suggestions on how to fix this? So I can try other ways.
<RP>
berton: it needs a step back to look at all of those variables and a plan on how to improve things
<mbulut>
wouldn't you specify the fs blocksize as --mkfs-extraopts in the wks? could that be queried when calculating the rootfs size?
jmiehe has joined #yocto
<berton>
I'm not using wic, we have other tool to create the image, I'm just creating the .ext4
mckoan is now known as mckoan|away
LainIwakura has joined #yocto
j0202 has quit [Quit: Client closed]
ablu has quit [Ping timeout: 245 seconds]
prabhakalad has joined #yocto
ablu has joined #yocto
Deepesh has joined #yocto
jmiehe has quit [Quit: jmiehe]
rob_w has joined #yocto
ak77 has quit [Read error: Connection reset by peer]
ptsneves has joined #yocto
ak77 has joined #yocto
ptsneves has quit [Ping timeout: 272 seconds]
Flow has quit [Server closed connection]
Flow has joined #yocto
mbulut has quit [Quit: Leaving]
RyanEatmon has quit [Remote host closed the connection]
RyanEatmon has joined #yocto
Jones42 has joined #yocto
ptsneves has joined #yocto
Jones42 has quit [Ping timeout: 260 seconds]
Deepesh has quit [Quit: Client closed]
florian__ has joined #yocto
Xagen has quit [Ping timeout: 252 seconds]
Jones42 has joined #yocto
Daanct12 has quit [Quit: WeeChat 4.7.0]
Xagen has joined #yocto
goliath has quit [Quit: SIGSEGV]
paulbarker has quit [Server closed connection]
paulbarker has joined #yocto
<fray>
I recently found a recipe that was downloading in do_compile (by chance), I'm looking for instructions on enabling the network access block outside of do_fetch. Anyone have pointers to how to set this up?
<Scorpi>
fray: add do_compile[network] = "1" to your recipe
<fray>
no I want the opposite
<fray>
downloading in do_compile is wrong and broken
<fray>
but my system isn't reporting it, and I need to know how to configure the code to be enabled
<Scorpi>
It should be the default. But depending on your build environment it might not work e.g. due to missing privileges
<fray>
that is exactly the information I need. what privileges are required and how do I enable them
<fray>
I haven't found any docs on this yet
zeemate has joined #yocto
<Scorpi>
It is CAP_NET_ADMIN IIRC
<smurray>
fray: iirc, you need network namespace creation permission. I think I managed to come up with a test with unshare -n
<fray>
you also apparently can't be using a network user-id. There is a specific check in bitbake for local ids only
frgo_ has quit [Read error: Connection reset by peer]
frgo has joined #yocto
<Scorpi>
fray: if you invoke bitbake with -D or --debug, you should see a like "System doesn't support disabling network without admin privs" if this privilege is missing
<RP>
fray: it is disabled by default if your host distro supports it
<fray>
RP thats the problem it's definitely not working and I don't know what I need to adjust. I found in the code it cehcks in the uid is local or not. so I've created a local user
<rburton>
yeah i'm annoyed as my build machine uses kerberos so i don't get network isolation
<fray>
that is what I'm fighting right now as well
<rburton>
i've been meaning to nuke the check and seeing if it actually breaks
<fray>
under our IT policy, we are required to use the network login crap, so I'm trying to figure out how to do this with a local user (who isn't me)
chris_laplante has joined #yocto
<RP>
the issues were reported by windriver iirc, there might be more detail in the commit
<fray>
I just took a hammer to it and disabled the network uid check and I'm going to see what happens
<Scorpi>
I build inside podman and it works
<fray>
I also changed the couldn't start system doesn't support disabling the network message into a fatal error.. :P
rfuentess has quit [Remote host closed the connection]
LainIwakura has quit [Quit: Client closed]
<chris_laplante>
Just joined the tech sync meeting, as a fly on the wall :)
frieder has quit [Remote host closed the connection]
<RP>
chris_laplante: FWIW I think that sigmask change should be backportable
<chris_laplante>
RP: ok, thx! I'll work on the backport(s)
goliath has joined #yocto
vladest has quit [Remote host closed the connection]
rob_w has quit [Remote host closed the connection]
<rburton>
RP: oh i should have said i wanted to get the llvm/clang split out for m3
<rburton>
fray: well blasting the local user check doesn't _immediately_ break for me. doing a build to see if any recipes explode.
<fray>
everything has worked for me so far
<fray>
about to make the 'we've blocked the network' into an info or something so I can see without havign to enable debug. debug is far too verbose for me to figure out what is actually happening for this one case
<fray>
but it does seem to be working for me.. it correctly blocked the download in the recipe I was fighting.. so I can now check things
<RP>
fray: perhaps try it where it needs to download something in do_fetch? There was some reason this was problematic
<fray>
do_fetch worked fine.. fresh build, no local downloads.. so it had to download a bunch of things (uninative, gcc sources, etc)
<fray>
but it was another cmake recipe that figured "hey lets just download while building..." stupid
<RP>
fray: we definitely want to catch those ones...
<rburton>
fray: always cmake
<fray>
ya, it wasn't in any OE or YP recipes.. was in something else.. and last night we had a network glitch for about 15 minutes during the build and it triggered a failure.. which is why I'm following up on it now
<rburton>
fray: i'd love to figure out a way to automatically extract the externalproject data
<fray>
How about we all collectively just ban the use of cmake and tell people to "do better"
<fray>
look automake/autoconf sucks.. but man it feels like it sucks far less then all of the cmake trash I have to deal with daily
<rburton>
that would be nice
<fray>
rburton: maybe that is the key.. some sort of QA check that runs after/part of do_configure that loosk for externalproject crap and reports it
<rburton>
fray: our cmake class shoud be telling it to just fail to fetch anyway. is your recipe using the class, or calling cmake directly?
<rburton>
we pass -DFETCHCONTENT_FULLY_DISCONNECTED=ON
<rburton>
or your cmake crazy does curl or something instead of using fetchcontent
<fray>
ros 2 crap, looks like it has it's own cmake crazy-ness
<rburton>
at least file a bug to get them to use fetchcontent
<fray>
I have 100% seen cmake run curl before.. but in this case, it's an externalproject
<kanavin>
sadly at some point c++ community decided that cmake is the only build system they want and need
<rburton>
try adding -DEP_UPDATE_DISCONNECTED=OFF to the cmake flags and seeing if that breaks in a slightly better way
druppy has quit [Quit: druppy]
druppy has joined #yocto
<rburton>
it _should_ make externalproject say that its refusing to update and break nicely
prabhakalad has quit [Read error: Connection reset by peer]
prabhakalad has joined #yocto
vladest has joined #yocto
florian has quit [Quit: Ex-Chat]
druppy has quit [Ping timeout: 272 seconds]
florian__ has quit [Ping timeout: 248 seconds]
chris_laplante has quit [Ping timeout: 272 seconds]
chris_laplante has joined #yocto
Vonter has quit [Ping timeout: 252 seconds]
Vonter has joined #yocto
LainIwakura has joined #yocto
leon-anavi has quit [Remote host closed the connection]
Vonter has quit [Ping timeout: 252 seconds]
Vonter has joined #yocto
florian__ has joined #yocto
LainIwakura has quit [Ping timeout: 272 seconds]
cambrian_invader has joined #yocto
<rburton>
khem: can you look at ross/llvm in poky-contrib and see if you're happy with everything in there?
<fray>
rburton: above the EP_UPDATE_DISCONNECTED should this be =ON or =OFF? I think ON
<rburton>
fray: i'm actually unsure it is a global variable but yes ON, sorry
<fray>
the cmake docs say it's global
<fray>
and 'UPDATE_DISCONNECTED' is based on that unless overridden in the cmake files
<fray>
rburton: I tried it with this recipe with both =ON and =OFF the only thing that stopped the download was the CAP NET stuff being disabled
pidge_ has joined #yocto
pidge has quit [Ping timeout: 248 seconds]
<fray>
rburton / RP, I looked at the is_local_uid thing, the comment in the commit is it fixes and issue with NIS/yp. Since I'm using ldap, and Ross you said kerberos.. we likely are not going to his this issue..
<fray>
only thing I can think of is another patch that lets you set a value and always enable (or disable) this check instead of look for it
<khem>
rburton: good deal ! w.r.t. poky-altcfg + clang, I am not surprised
LainIwakura has quit [Quit: Client closed]
jmiehe has joined #yocto
LainIwakura has joined #yocto
<khem>
rburton: looked into ross/llvm: Overall the patches are not that concerning, one clang-cross: trim the recipes, perhaps needs a bit of testing especially with DISTROs using clang as default compiler, lld split and symlinking <cross-lld> in clang-cross might need to check if lld is built or not
jmiehe has quit [Quit: jmiehe]
kanavin has quit [Remote host closed the connection]
<rburton>
added a check for lld existing, i was lazy and happy with dangling links before ;)
<rburton>
firing a sato with clang as default to triple check
<khem>
rburton: OK, sounds good
<khem>
also add ld-is-lld to DISTRO_FEATURES
<khem>
on your branch I saw patch enabling ccache for hosttools, thats interesting, do you have reports on how much time it saves
goliath has quit [Quit: SIGSEGV]
<rburton>
khem: I CAN BUILD CLANG-NATIVE IN FIFTEEN SECONDS
<rburton>
(when the cache is entirely hit)
berton has quit [Quit: Connection closed for inactivity]
prabhakalad has quit [Ping timeout: 260 seconds]
prabhakalad has joined #yocto
<khem>
Interesting
<khem>
rburton: I have grafted your branch into kraj/clang-21