Yocto Project: Patch Application Error When Building core-image-sato
I’m new to Linux and Yocto Project. I’m using Ubuntu 24.04.3 on a dual boot machine and following the Yocto Quick build guide with all defaults. I’ve checked out the scarthgap branch and am attempting to build core-image-sato for the qemux86-64 machine.
After some time, I encounter an error when applying patches to perl:
ERROR: perl-5.38.4-r0 do_patch: Applying patch '0001-Somehow-this-module-breaks-through-the-perl-wrapper-.patch' on target directory '/media/someone/Elements/yocto-build/poky/build/tmp/work/core2-64-poky-linux/perl/5.38.4/perl-5.38.4'
CmdError('quilt --quiltrc /media/someone/Elements/yocto-build/poky/build/tmp/work/core2-64-poky-linux/perl/5.38.4/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch 0001-Somehow-this-module-breaks-through-the-perl-wrapper-.patch
File cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm is read-only; trying to patch anyway
patching file cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm
Hunk #1 succeeded at 1161 (offset 51 lines).
Hunk #2 succeeded at 2100 (offset 91 lines).
patch: setting attribute '$LXUID' for '$LXUID': Permission denied
patch: setting attribute '$LXGID' for '$LXGID': Permission denied
patch: setting attribute '$LXMOD' for '$LXMOD': Permission denied
Patch 0001-Somehow-this-module-breaks-through-the-perl-wrapper-.patch does not apply (enforce with -f)
stderr: ")
ERROR: Logfile of failure stored in: /media/someone/Elements/yocto-build/poky/build/tmp/work/core2-64-poky-linux/perl/5.38.4/temp/log.do_patch.2384973
ERROR: Task (/media/someone/Elements/yocto-build/poky/meta/recipes-devtools/perl/perl_5.38.4.bb:do_patch) failed with exit code '1'
I’ve already tried the following solution found on STMicroelectronics site:
sudo apparmor_parser -R /etc/apparmor.d/unprivileged_userns
What should I do next? How can I enforce the patch to apply successfully? As I’m new to Yocto, I was just trying to complete an initial build.
The Yocto patch error you’re encountering with the LXUID, LXGID, and LXMOD permission denied is typically caused by AppArmor security policies in Ubuntu 24.04 blocking the patch tool from setting extended file attributes. This is a common issue when building Yocto projects on newer Ubuntu systems with enhanced security features.
Contents
- Understanding the Permission Error
- Immediate Solutions to Fix the Patch Error
- Alternative Approaches for Persistent Fixes
- Preventive Measures for Future Builds
- When to Seek Additional Help
Understanding the Permission Error
The error message indicates that the patch tool (quilt) is unable to set extended file attributes on the files being patched. These attributes (LXUID, LXGID, LXMOD) are related to file ownership and permissions that modern Linux distributions like Ubuntu 24.04 protect through security mechanisms like AppArmor.
According to the NXP Community discussion, this issue often manifests when Yocto builds are performed on systems with enhanced security policies that restrict file attribute modifications.
The root cause is that Ubuntu’s default security policies consider these file attribute operations potentially risky and restrict them, even when performed within a build environment. This is particularly problematic for Yocto builds that need to modify files extensively during the patching phase.
Immediate Solutions to Fix the Patch Error
Solution 1: Use Force Patch Option
The quickest workaround is to force the patch application by modifying your local configuration:
echo 'PATCHTOOL = "patch"' >> conf/local.conf
This tells Yocto to use the basic patch command instead of quilt, which may bypass some of the permission restrictions.
Solution 2: Temporarily Disable AppArmor
Since your initial AppArmor approach didn’t work completely, try a more comprehensive AppArmor disable:
sudo systemctl stop apparmor
sudo systemctl disable apparmor
After applying this fix, restart your build. Remember to re-enable AppArmor after your build completes:
sudo systemctl enable apparmor
sudo systemctl start apparmor
Solution 3: Modify the Specific AppArmor Profile
Create a custom AppArmor profile to allow the necessary operations:
sudo nano /etc/apparmor.d/local/usr.bin.patch
Add the following content:
abi <abi/4.0>,
include <tunables/global>
/usr/bin/patch {
# Allow setting file attributes
capability dac_override,
capability chown,
# Allow file operations
/usr/bin/patch mr,
/usr/bin/patch Px,
# Allow access to build directories
/media/someone/Elements/yocto-build/** rw,
}
Then reload AppArmor:
sudo systemctl reload apparmor
Alternative Approaches for Persistent Fixes
Solution 4: Update Yocto and Patch Tools
The OpenEmbedded community has addressed similar issues in newer versions. Consider updating to the latest Yocto Project version:
cd poky
git pull
git checkout scarthgap
bitbake-layers show-layers
Solution 5: Build in a Different Location
Sometimes the issue is related to the filesystem location. Try building in your home directory instead:
cd ~
mkdir yocto-build
cd yocto-build
git clone git://git.yoctoproject.org/poky.git
cd poky
git checkout scarthgap
. oe-init-build-env
bitbake core-image-sato
Solution 6: Use Docker Container
As mentioned in the Microsoft WSL issues discussion, using a containerized environment can bypass many permission issues:
docker run -it --rm \
-v ~/.ssh:/home/builduser/.ssh:ro \
-v /media/someone/Elements/yocto-build:/home/builduser/yocto-build \
yoctoproject/mickey-build:scarthgap
Preventive Measures for Future Builds
Configure Proper Build User
Create a dedicated build user with appropriate permissions:
sudo useradd -m -s /bin/bash yocto-build
sudo usermod -aG sudo yocto-build
su - yocto-build
Set Up Build Environment Properly
Ensure your build environment has the correct ownership:
sudo chown -R yocto-build:yocto-build /media/someone/Elements/yocto-build
sudo chmod -R 755 /media/someone/Elements/yocto-build
Use Recommended Yocto Configuration
Add these settings to your conf/local.conf to handle permission issues:
# Use basic patch tool instead of quilt
PATCHTOOL = "patch"
# Enable force patch application
PATCH_FORCE = "1"
# Set appropriate file permissions
FILESPATH = "${@base_pathoffset(d, '${FILE_DIRNAME}')}"
When to Seek Additional Help
If none of the above solutions work, consider these additional resources:
-
Yocto Project Documentation: Check the official Yocto documentation for troubleshooting guidance.
-
Community Forums: Post your issue on the Yocto Project mailing lists or Stack Overflow with complete error logs.
-
Bug Reports: If you believe this is a Yocto bug, file a report on the Yocto Bugzilla with detailed reproduction steps.
Remember that permission issues in Yocto builds are common, especially on newer Linux distributions with enhanced security features. The solutions provided should resolve your immediate issue and help prevent similar problems in future builds.
Sources
- NXP Community - Yocto build system permission issues
- OpenEmbedded Core mailing list - Perl patch fixes
- Microsoft WSL - File permission issues
- Stack Overflow - Yocto build error solutions
- Yocto Project Documentation
Conclusion
- The permission error is caused by AppArmor security policies blocking file attribute modifications during patch application
- Multiple solutions exist, from temporary workarounds to permanent configuration changes
- For immediate results, try using the basic
patchtool instead ofquiltor modify AppArmor policies - For long-term solutions, consider building in a container or dedicated user environment
- Always ensure proper file permissions and ownership in your build directory
- If issues persist, seek help from the Yocto community with detailed error logs and system information