Dorinda [Mon, 1 Mar 2021 14:42:56 +0000 (15:42 +0100)]
scripts/oe-debuginfod: script that fetches package manager directory
Added a script that fetches the package manager directory and runs the elfutils-native debuginfod on DEPLOY_DIR
Added a check to ensure that PACKAGECONFIG options is set in local.conf
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Modern dosfstools automatically determines the appropriate size
and will error out if something that doesn't make sense is
supplied on the command line.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jate Sujjavanich [Sat, 27 Feb 2021 00:40:10 +0000 (00:40 +0000)]
iputils: Fix cap_net_raw for installed binaries
Add libcap-native to libcap PACKAGECONFIG making native setcap available
during the build. This assures its availability during install and prevents
meson from searching absolute paths and the resulting possible host
contamination.
Move -DNO_SETCAP_OR_SUID=true to the libcap PACKAGECONFIG negative case
This will prevent possible non-determinism for the setuid case.
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mike Crowe [Sun, 28 Feb 2021 12:20:54 +0000 (12:20 +0000)]
gcc-sanitizers: Move content from gcclibdir into libdir
In e9e5744ba8b0d43c8b874d365f83071ce20bf0a1, Khem Raj wrote:
> OE does not use the traditional /usr/lib/gcc prefix to store
> gcc-runtime it basically is moved into libdir, however some newer
> files were installed by newer versions of gcc especially libgomp (
> omp.h openacc.h ) into gcclibdir, so we have content in both
> directories, this confuses other tools which are trying to guess the
> gcc installation and its runtime location, since now we have two
> directories, the tools either choose one or other and we get
> inconsistent behavior, e.g. clang for aarch64 uses /usr/lib but same
> clang for riscv64 chose /usr/lib/gcc
> This change ensures that OE ends up with single valid location for gcc
> runtime files
I think that the same thing needs to happen in gcc-sanitizers.inc,
otherwise I get errors like:
| .../recipe-sysroot/usr/include/gpg-error-64.h:884:11: fatal error: sanitizer/lsan_interface.h: No such file or directory
when attempting to compile with sanitizers enabled.
FILES_${PN} needs updating to match too.
Signed-off-by: Mike Crowe <mac@mcrowe.com> Cc: Khem Raj <raj.khem@gmail.com> Cc: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 26 Feb 2021 14:24:26 +0000 (14:24 +0000)]
selftest/reproducible: Add ability to pull some objects from sstate
When debugging why a single recipe doesn't reproduce, its a pain
to wait for the world to rebuild from scratch. Update the selftest
to allow this to be configured, for example you could set
targets as ['perf'] and sstate_targets as ['virtual/kernel']
and then it should only be rebuilding perf in the test rather than
things like the toolchain (parts of the kernel may be unavoiable
as they're not in sstate).
Khem Raj [Sat, 27 Feb 2021 07:41:30 +0000 (23:41 -0800)]
llvm: Fix build with c++17
Fixes
/benchmark_register.h:17:30: error: 'numeric_limits' is not a member of 'std'
| static const T kmax = std::numeric_limits<T>::max();
| ^~~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Sat, 27 Feb 2021 04:48:13 +0000 (12:48 +0800)]
ccache: upgrade 4.1 -> 4.2
0001-Improve-SIMD-detection-735.patch
0001-blake3-Remove-asm-checks-for-sse-avx.patch
0002-Always-use-64bit-to-print-time_t.patch
removed since they'are included in 4.2
-License-Update: Copyright year updated to 2021.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 28 Feb 2021 12:05:14 +0000 (12:05 +0000)]
gstreamer1.0-python: Set internal python library path correcty
The library hardcodes paths to the python library internally and currently
these are build paths. Fix this to use the correct target path and
fix reproducibility in the process.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 27 Feb 2021 14:15:24 +0000 (14:15 +0000)]
bootchart2: Fix manpage reproducibility issue
The compressed docs contained a timestamp of the original file which
meant the SDE clamping during package creation didn't work. The
benefits of compression are minor, decompress the files to avoid
the reproducibility issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Thu, 25 Feb 2021 17:45:16 +0000 (18:45 +0100)]
glib-2.0: replace THISDIR instead of COREBASE in find_meson_cross_files --cross-file paths
* COREBASE works correctly only as long as this recipe is inside of
COREBASE directory and leaves the full absolute paths if you copy
this recipe into your own layer (e.g. to backport newer version)
* use THISDIR as all FILESPATH should be relative to that, unless
there is a .bbappend not only extending FILESPATH, but also adding
meson.cross.d files there (at which point it also didn't work with
COREBASE replacements as well already) - show an ERROR in such case,
I don't think it's common scenario to spend more time to support that.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diego Santa Cruz [Fri, 26 Feb 2021 11:33:32 +0000 (12:33 +0100)]
createrepo-c: set path to magic database for native and nativesdk
The modifyrepo_c tool can use the magic database for input files
(e.g., if the file has no recognized extension) and fails if none
can be found.
This adds a wrapper that sets MAGIC to point to the proper place,
it also sets up MAGIC in the createrepo_c wrapper since that tool
also takes input files.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Thu, 25 Feb 2021 23:29:16 +0000 (15:29 -0800)]
oeqa/pam: Need shadow installed for the tests
Distros may not use shadow for login manager
secondly login --help returns 1 only with shadow provided login
utility, with busybox it returns normal 0, the testcase clearly
assumes shadow being part of image, therefore add needed
checks to ensure the pre-requisites are met
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 25 Feb 2021 14:52:32 +0000 (14:52 +0000)]
epiphany: Fix reproducibility issue
We don't want to encide BUILD_ROOT into target packages. This is used
for build time tests but in our case those would be on target anyway
do use the target paths.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diego Santa Cruz [Thu, 25 Feb 2021 16:03:56 +0000 (17:03 +0100)]
sysklogd: do not open any network sockets by default
The default in sysklogd 2.x is to open listening network sockets,
unlike sysklogd 1.5 where the default was the opposite.
This is contrary to a "secure by default" design, so set up the
init script to pass the -ss option to prevent syslogd from opening
any network sockets. It can be overridden in /etc/default/syslogd.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diego Santa Cruz [Thu, 25 Feb 2021 20:23:27 +0000 (21:23 +0100)]
packagegroup-base: do not force hdparm and e2fsprogs
The hdparm and (base) e2fsprogs are not always useful in all machines
having ext2 in MACHINE_FEATURES, so do not force them to b installed,
make them recommendations instead.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diego Santa Cruz [Thu, 25 Feb 2021 20:23:26 +0000 (21:23 +0100)]
packagegroup-base: use amixer instead of alsamixer
Including alsamixer, which is an ncurses based interactive program,
does not seem to make sense as a base package in embedded systems,
replace it by the command line mixer utility amixer instead; it is
scriptable and has no ncurses dependencies.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Florian Bezdeka [Thu, 25 Feb 2021 08:22:02 +0000 (09:22 +0100)]
wic: Warn if an ext filesystem affected by the Y2038 problem is used
We are getting closer and closer to the year 2038 where the 32 bit
time_t overflow will happen. While products (= embedded systems) with an
expected life time of 15 years are still save the situation may change
if your system has to survive the next 20 years.
ext2 and ext3 filesystems are always affected by the time overflow, so
let's warn the user if these filesystems are still being used.
If ext4 is affected depends on the inode size chosen during filesystem
creation. At least 256 bytes are necessary to be safe. As ext4 is
used very often (and partitions may be created small first and extended
later) this might be an issue for many users.
Some filesystems created during CI runs were already affected by the Y2038
problem. By using `--mkfs-extraopts "-T default"` we tell mke2fs not to
auto-detect the usage type based on the filesystem size. mke2fs will use
the default values for tuning parameters instead. The inode size is one
of these parameters.
Signed-off-by: Florian Bezdeka <florian.bezdeka@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Tue, 23 Feb 2021 13:35:53 +0000 (14:35 +0100)]
sstatesig.py: show an error instead of warning when sstate manifest isn't found
* not sure if there are some valid use-cases for missing manifest, but
recently I'm seeing increasing number of build failures where something
from native recipe is missing (seen it with pseudo, autoconf, nodejs
recently) and the only indication that something is wrong (before showing
sometimes misleading error like:
recipe-sysroot-native/usr/bin/node: No such file or directory
is this warning:
NOTE: Running task 7844 of 12431 (/meta-oe/meta-oe/recipes-devtools/nodejs/nodejs_12.20.2.bb:do_prepare_recipe_sysroot)
NOTE: recipe nodejs-12.20.2-r0: task do_prepare_recipe_sysroot: Started
WARNING: nodejs-12.20.2-r0 do_prepare_recipe_sysroot: Manifest /BUILD/sstate-control/manifest-x86_64_ubuntu-18.04-nodejs-native.populate_sysroot not found in x86_64 x86_64_ubuntu-18.04 (variant '')?
NOTE: Running task 7845 of 12431 (/meta-oe/meta-oe/recipes-devtools/nodejs/nodejs_12.20.2.bb:do_unpack)
NOTE: recipe nodejs-12.20.2-r0: task do_unpack: Started
WARNING: nodejs-12.20.2-r0 do_prepare_recipe_sysroot: Manifest /BUILD/sstate-control/manifest-x86_64_ubuntu-18.04-nodejs-native.populate_sysroot not found in x86_64 x86_64_ubuntu-18.04 (variant '')?
NOTE: recipe nodejs-12.20.2-r0: task do_prepare_recipe_sysroot: Succeeded
if I rebuild that native dependency, then it gets fixed and I don't
see these failures in clean builds (as without sstate and with empty
TMPDIR), only in incremental builds
* but if there isn't valid reason for missing manifest file, then I think
it would be better to error early (or even bb.fatal())
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Ghinea [Tue, 23 Feb 2021 19:20:28 +0000 (21:20 +0200)]
wpa-supplicant: fix CVE-2021-0326
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write
due to a missing bounds check. This could lead to remote code execution
if the target device is performing a Wi-Fi Direct search, with no
additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android-10 Android-11
Android-8.1 Android-9 Android ID: A-172937525
Richard Purdie [Thu, 25 Feb 2021 21:54:14 +0000 (21:54 +0000)]
fonts: Bump HASHEQUIV_HASH_VERSION after rpmdeps change
After the rpmdeps change, the output didn't change in the correct
case and hence hashes were cross-linked. We bump the hashequiv
version to avoid problems from this.
Also bump PR to force a rebuild.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 24 Feb 2021 21:51:08 +0000 (21:51 +0000)]
package/package_rpm: Disable font_provides configuration for reproducibilty
The host may or may not have fc-cache which is used for find provides
information by rpmdeps. This lead to non-deterministic build output.
Disable the font provides code so we have deterministic builds,
we have nothing using/relying on it at this point.
Need to disable this in both the rpmdeps code and in package_rpm
itself although the latter shouldn't be being used.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
