From ea684ad3b215662f1fae653c757c6413a6121073 Mon Sep 17 00:00:00 2001 From: Annie_wang Date: Mon, 31 Jul 2023 16:30:27 +0800 Subject: [PATCH] fixed e88dab3 from https://gitee.com/Annie_wang/docs_2/pulls/21659 update docs Signed-off-by: Annie_wang --- en/device-dev/subsystems/subsys-build-FAQ.md | 105 ++++++++----------- 1 file changed, 42 insertions(+), 63 deletions(-) diff --git a/en/device-dev/subsystems/subsys-build-FAQ.md b/en/device-dev/subsystems/subsys-build-FAQ.md index 3922581ea0..f6df39da20 100644 --- a/en/device-dev/subsystems/subsys-build-FAQ.md +++ b/en/device-dev/subsystems/subsys-build-FAQ.md @@ -4,29 +4,19 @@ ### "usr/sbin/ninja: invalid option -- w" -- **Symptom** +- **Symptom**
The build fails, and "usr/sbin/ninja: invalid option -- w" is displayed. - The build fails, and **usr/sbin/ninja: invalid option -- w** is displayed. +- **Possible Causes**
The Ninja version in use does not support the **--w** option. -- **Possible Causes** - - The Ninja version in use does not support the **--w** option. - -- **Solution** - - Uninstall Ninja and GN, and [install Ninja and GN of the required version](../../device-dev/get-code/gettools-ide.md). +- **Solution**
Uninstall Ninja and GN, and [install Ninja and GN of the required version](../../device-dev/get-code/gettools-ide.md). ### "/usr/bin/ld: cannot find -lncurses" -- **Symptom** +- **Symptom**
The build fails, and "/usr/bin/ld: cannot find -lncurses" is displayed. - The build fails, and **/usr/bin/ld: cannot find -lncurses** is displayed. +- **Possible Causes**
The ncurses library is not available. -- **Possible Causes** - - The ncurses library is not installed. - -- **Solution** +- **Solution**
```shell sudo apt-get install lib32ncurses5-dev @@ -34,15 +24,11 @@ ### "line 77: mcopy: command not found" -- **Symptom** - - The build fails, and **line 77: mcopy: command not found** is displayed. +- **Symptom**
The build fails, and "line 77: mcopy: command not found" is displayed. -- **Possible Causes** +- **Possible Causes**
mcopy is not available. - mcopy is not installed. - -- **Solution** +- **Solution**
```shell sudo apt-get install dosfstools mtools @@ -50,39 +36,25 @@ ### "riscv32-unknown-elf-gcc: error trying to exec 'cc1': execvp: No such file or directory" -- **Symptom** - - The build fails, and the following information is displayed:
**riscv32-unknown-elf-gcc: error trying to exec 'cc1': execvp: No such file or directory** - -- **Possible Causes** +- **Symptom**
The build fails, and "riscv32-unknown-elf-gcc: error trying to exec 'cc1': execvp: No such file or directory" is displayed. - You do not have the permission to access files in the RISC-V compiler directory. +- **Possible Causes**
You do not have the permission to access files in the RISC-V compiler directory. -- **Solution** +- **Solution**
1. Run the following command to locate **gcc_riscv32**. - 1. Run the following command to locate **gcc_riscv32**: - - ```shell - which riscv32-unknown-elf-gcc - ``` + ```shell + which riscv32-unknown-elf-gcc + ``` - - - 2. Run the **chmod** command to change the directory permission to **755**. - - + 2. Run the **chmod** command to change the permission for the directory to **755**. ### "No module named 'Crypto'" -- **Symptom** - - The build fails, and **No module named 'Crypto'** is displayed. +- **Symptom**
The build fails, and "No module named'Crypto'" is displayed. -- **Possible Causes** +- **Possible Causes**
Crypto is not installed in Python3. - Crypto is not installed in Python3. - -- **Solution** +- **Solution**
1. Run the following command to query the Python version: @@ -96,17 +68,13 @@ sudo pip3 install pycryptodome ``` -### "xx.sh : xx unexpected operator" - -- **Symptom** - - The build fails, and **xx.sh [: xx unexpected operator** is displayed. +### "xx.sh: xx unexpected operator" -- **Possible Causes** +- **Symptom**
The build fails, and " xx.sh [: xx unexpected operator" is displayed. - The build environment shell is not bash. +- **Possible Causes**
The build environment shell is not bash. -- **Solution** +- **Solution**
```shell sudo rm -rf /bin/sh @@ -114,20 +82,31 @@ ``` -### "some services are not authenticated. Listed as follows" +### "some services are not authenticated. Listed as follow" + +- **Symptom**
The build fails, and " some services are not authenticated. Listed as follow" is displayed. + +- **Possible Causes**
In the .cfg file of the processes listed in the error message, **uid** is set to **root** or **system**. However, these processes are not high-privilege processes defined by the product. + +- **Solution**
+ + Modify the process .cfg file to reduce the privilege level. Do not set **uid** to **root** or **system** unless necessary. + + If a process must have the **root** or **system** privilege due to service requirements, modify the **high_privilege_process_list.json** file with the approval of the security experts. The **high_privilege_process_list.json** file is located in **vendor/***{company_name}/{product_name }***/security_config**. -- **Symptom** + For example, the file for rk3586 is **//vendor/hihope/rk3568/security_config/high_privilege_process_list.json**. - The build fails, and "some services are not authenticated. Listed as follows" is displayed. -- **Possible Causes** +### "Error: some services do not match with critical whitelist" - For the processes listed in the error information, the UID is set to **root** or **system** in the process configuration files. However, these processes are not high-privilege processes defined by the product. +- **Symptom**
The build fails, and "Error: some services do not match with critical whitelist" is displayed. -- **Solution** +- **Possible Causes**
In the .cfg file of the processes listed in the error message, the **critical** field is defined and enabled. However, the **critical** field is not allowed for the processes, or the **critical** setting does not match the settings in the whitelist. - Modify the process configuration file to reduce the privilege level. Do not set **UID** to **root** or **system** unless necessary. +- **Solution**
- If a process must have the **root** or **system** privilege due to service requirements, modify the **high_privilege_process_list.json** file with the approval of security experts. The **high_privilege_process_list.json** file is located in **vendor/**{*company_name*}/{*product_name*}**/security_config**. For example, the file for rk3586 is **//vendor/hihope/rk3568/security_config/high_privilege_process_list.json**. + Remove the **critical** field or set the first bit of the **critical** field to **0** in the .cfg file of the processes. Do not enable the **critical** field unless necessary. + For details about how to use the **critical** field, see [Service Management](subsys-boot-init-service.md). If **critical** needs to be enabled for a process due to service requirements, modify the **//vendor/{company_name}/{product_name}/security_config/critical_reboot_process_list.json** file with the approval of the security experts. + For example, the critical_reboot process control whitelist of rk3586 is **//vendor/hihope/rk3568/security_config/critical_reboot_process_list.json**. -- GitLab