opkg: Trim the text part used for the license file checksum
This avoids including irrelevant information when calculating the
license checksum.
License-Update: Trim the text part used for the license file checksum Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
alsa-utils: Trim the text part used for the license file checksum
This avoids including irrelevant information when calculating the
license checksum.
License-Update: Trim the text part used for the license file checksum Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
alsa-lib: Trim the text part used for the license file checksum
This avoids including irrelevant information when calculating the
license checksum.
License-Update: Trim the text part used for the license file checksum Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Mon, 11 Nov 2019 14:16:21 +0000 (14:16 +0000)]
oeqa: archiver: Add basic tests for all archiver modes
6 new test cases are added to cover the various archiver modes
documented at the top of archiver.bbclass. Each test sets the
appropriate configuration options, runs the `do_deploy_archives` task
for the selftest-ed recipe and checks for the presence of the expected
archive file.
Signed-off-by: Paul Barker <paul@betafive.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Sat, 23 Nov 2019 18:15:28 +0000 (10:15 -0800)]
systemd-bootchart: Backport RISC-V support
This is a combined backport from upstream patches for added risc-v
support
Upstream code has been re-organised before risc-v support was added to
its mix of two commits
primarily
https://github.com/systemd/systemd/commit/171b53380085b1288b03b19a2b978f36a5c003d0
Ernst Sjöstrand [Mon, 25 Nov 2019 05:41:41 +0000 (05:41 +0000)]
do_image_cpio: Improve reproducibility
Find lists files in the order that the filesystem has registered them,
which can vary. Adding a sort should have minimal performance impact.
Also use the --reproducible option to cpio.
Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Nathan Rossi [Mon, 25 Nov 2019 06:57:41 +0000 (06:57 +0000)]
oeqa/selftest/cases/gcc.py: Split 'gcc' and 'g++' testsuites
Split the GccCrossSelfTest testcase into separate testcases for 'gcc'
and 'g++' respectively. In order to split them use the "check-gcc-*"
language make check targets.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Nathan Rossi [Mon, 25 Nov 2019 06:56:56 +0000 (06:56 +0000)]
oeqa/utils/qemurunner.py: Handle QEMU machines with a single serial
Not all QEMU machines are capable of having more than one serial port,
this is due to the machine emulating a physical device/board.
Rework QemuRunner to handle machines that only have 1 serial port, where
the serial port shares output of the kernel log buffer and a login
console. In this case the output is mixed but enables the machine to
boot and have QemuRunner detect the login prompt.
QemuTarget uses SERIAL_CONSOLES to determine the number of available
serial ports.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Agner [Fri, 15 Nov 2019 16:09:44 +0000 (16:09 +0000)]
base-files: set ptmxmode to 666
Make sure that the (newer) /dev/pts/ptmx is accessible by users. This
is useful e.g. when running containers which symlink /dev/ptmx to
/dev/pts/ptmx on start. The default mode (000) does not allow to
create ptys inside the container.
Using 666 when symlinking /dev/ptmx is also recommended by the kernel
documentation when /dev/ptmx is symlinked:
https://www.kernel.org/doc/Documentation/filesystems/devpts.txt
Khem Raj [Mon, 25 Nov 2019 08:44:52 +0000 (00:44 -0800)]
gcc-runtime: Package libstdc++.a-gdb.py
There is python gdb script for static libstdc++ archives as well
fixes
ERROR: gcc-runtime-9.2.0-r0 do_package: QA Issue: gcc-runtime: Files/directories were installed but not shipped in any package:
/usr/lib/libstdc++.a-gdb.py
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added a new package: pulseaudio-pa-info. It contains the new pa-info
script.
BlueZ 4 support was removed in this version. That's not visible in the
recipe, but I noticed that the BlueZ 4 modules were still being built in
12.2, since they hadn't been explicitly disabled in the recipe.
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Thu, 21 Nov 2019 16:59:11 +0000 (10:59 -0600)]
classes/cmake: Use relative RPATHs
In most cases, the RPATH is stripped out when the ELF file is packages,
but by then the damage is done from a reproducible perspective because
this absolute path is hashed as part of the build-id generated at link
time ([1] has a good explanation). Fortunately, newer cmake has an
option to generated relative RPATHs that use $ORIGIN to set the path, so
set it in the toolchain file.
Joshua Watt [Thu, 21 Nov 2019 16:58:24 +0000 (10:58 -0600)]
librsvg: Fix build reproducibility
librsvg was encoding the path to the build directory in order to find a
font file for testing. This wouldn't work in OE anyway since the build
directory isn't present at that exact location on the target, so remove
the offending path to make the build reproducible.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Agner [Fri, 22 Nov 2019 16:24:41 +0000 (16:24 +0000)]
rpcbind: use upstream systemd service
Use upstream systemd service files instead of our own service files.
This also makes sure that /run/rpcbind.sock is used which fixes the
following systemd warning:
/usr/lib/systemd/system/rpcbind.socket:5: ListenStream= references a
path below legacy directory /var/run/, updating /var/run/rpcbind.sock
\xe2\x86\x92 /run/rpcbind.sock; please update the unit file accordingly.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Ghinea [Thu, 21 Nov 2019 15:28:04 +0000 (17:28 +0200)]
ghostscript: CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.28,
where the `.charkeys` procedure, where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
An attacker could abuse this flaw by creating a specially crafted
PostScript file that could escalate privileges within the Ghostscript
and access files outside of restricted areas or execute commands.
Wenlin Kang [Tue, 5 Nov 2019 10:04:20 +0000 (18:04 +0800)]
sysstat: remove check for chkconfig
For cross-platform, chkconfig can't work, so should remove check for it.
This can only be reproduced on some platform with chkconfig(e.g. CentOS
Linux release 7.2.1511), and need with --enable-install-cron and without
--enable-copy-only.
Fixed:
| if [ "n" == "n" ]; then \
| if [ -x "/usr/sbin/chkconfig" ]; then \
| cd /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/init.d && /usr/sbin/chkconfig --add sysstat; \
| else \
| [ -d /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc2.d ] || mkdir -p /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc2.d; \
| [ -d /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc3.d ] || mkdir -p /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc3.d; \
| [ -d /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc5.d ] || mkdir -p /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc5.d; \
| cd /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc2.d && ln -s -f ../init.d/sysstat S01sysstat; \
| cd /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc3.d && ln -s -f ../init.d/sysstat S01sysstat; \
| cd /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d/rc5.d && ln -s -f ../init.d/sysstat S01sysstat; \
| fi \
| fi \
| elif [ -d /path/to/tmp/work/corei7-64-wrs-linux/sysstat/11.1.5-r0/image/etc/rc.d ]; then \
| ...
| fi
| error reading information on service sysstat: No such file or directory
| Makefile:382: recipe for target 'install_all' failed
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Fri, 17 Nov 2017 20:19:32 +0000 (20:19 +0000)]
texi2html: remove
The last user of this obsolete recipe (abandoned upstream in 2010, removed from
oe-core build dependencies in 2012) has now been deleted from oe-core, so delete
the recipe too.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Tue, 19 Nov 2019 20:38:24 +0000 (20:38 +0000)]
packagegroup-core-sdk: remove intltool
Intltool is deprecated these days, as gettext can handle almost everything
intltool could. Remove it from the SDK packagegroups, if it is needed then the
user can add it explicitly.
Signed-off-by: Ross Burton <ross.burton@intel.com>
The homepage: https://www.kernel.org/doc/man-pages/download.html
specifies that the latest tarballs are published one level up
from where we currently take them.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Alex Kube [Fri, 25 Oct 2019 19:19:15 +0000 (23:49 +0430)]
go: Extract common environment setup.
Add default values for go environment variables to go-common.inc.
Override where appropriate in other go*.inc files, and use
host/target tuples from goarch for setting CC flags.
Signed-off-by: Alex Kube <alexander.j.kube@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Richard Purdie [Fri, 22 Nov 2019 15:12:44 +0000 (15:12 +0000)]
package_ipk: Remove pointless comment to trigger rebuild
The opkg-utils change didn't trigger a full repackage due to its mention
in layer.conf for update-alternatives hash exclusion. Do it manually
to invalidate broken ipks.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 21 Nov 2019 14:59:06 +0000 (14:59 +0000)]
sanity: Add check for tar older than 1.28
Older versions break opkg-build when reproducible builds are enabled.
Rather than trying to be selective based on which features are enabled,
lets just make this a minimum version.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
opkg-build was failing on hosts where tar < 1.28 and reproducibile builds
were enabled but it was doing this silently and generating corrupted
(empty) ipk files. Add a fix for this (submitted upstream).
The fix requires bash but if you're building ipk files this shoudn't be
a problem.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Tue, 19 Nov 2019 10:52:52 +0000 (23:52 +1300)]
devtool: fix devtool upgrade with reproducible_builds class
If the reproducible_build class is inherited then there may be a
"source-date-epoch" subdirectory in a fetched source tree; devtool
upgrade was not expecting that in the upgraded source. Take a small
snippet of code from recipetool create which already handles this,
and make it a shared function that can be used in both places.
Additionally, fix an assumption that the source is always in a
subdirectory in the cleanup code that blocked debugging this.
[YOCTO #13635]
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 18 Nov 2019 16:46:47 +0000 (16:46 +0000)]
cve-check: fetch CVE data once at a time instead of in a single call
This code used to construct a single SQL statement that fetched the NVD data for
every CVE requested. For recipes such as the kernel where there are over 2000
CVEs to report this can hit the variable count limit and the query fails with
"sqlite3.OperationalError: too many SQL variables". The default limit is 999
variables, but some distributions such as Debian set the default to 250000.
As the NVD table has an index on the ID column, whilst requesting the data
CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time
different is insignificant: 0.05s verses 0.01s on my machine.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 18 Nov 2019 16:46:45 +0000 (16:46 +0000)]
cve-check: rewrite look to fix false negatives
A previous optimisation was premature and resulted in false-negatives in the report.
Rewrite the checking algorithm to first get the list of potential CVEs by
vendor:product, then iterate through every matching CPE for that CVE to
determine if the bounds match or not. By doing this in two stages we can know
if we've checked every CPE, instead of accidentally breaking out of the scan too
early.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 18 Nov 2019 16:46:44 +0000 (16:46 +0000)]
cve-update-db-native: clean up proxy handling
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Unfortunately this change broke 'devtool upgrade' functionality,
causing 'devtool finish' to write out an upgraded recipe that no
longer includes the original upstream source in SRC_URI.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the second last release of py 2.x; upstream support ends on
1 January 2020, there will be one final 2.x afterwards.
Note that the only thing that still needs python 2.x in oe-core is
u-boot; when the next u-boot update arrives, we should find out
where the py3 migration is for that component before merging the
update.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 18 Nov 2019 15:44:21 +0000 (15:44 +0000)]
recipetool/create: Fix to work with reproducible_builds
The extra diretory created by reproducibile_builds was confusing recipetool
and hence devtool. Ignore this directory to restore the correct behaviour and
allow it to work with the class.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Fri, 15 Nov 2019 13:00:48 +0000 (13:00 +0000)]
cdrtools-native: Don't set uid/gid during install
This is a native recipe so won't be installed as root.
If the string 'root' is part of the username then the install script
can get tricked into thinking we are root (regardless of the actual
uid or permissions) resulting in attempts to run chown/chgrp
inappropriately.
Signed-off-by: Paul Barker <paul@betafive.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alistair Francis [Thu, 14 Nov 2019 20:22:20 +0000 (12:22 -0800)]
mesa: Upgrade to 19.2.4
Upgrade mesa and mesa-gl to 19.2.4.
The license hash change was a trivial new line removal.
The glx-tls option was removed as it isn't included in the meson.build
file. It has been replaced with 'use-elf-tls' instead.
I have backported the asm removal as an attempt to fix the musl build
issue.
Signed-off-by: Alistair Francis <alistair@alistair23.me> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
