When the class nativesdk.bbclass is inherited, it redefines TARGET_CC_ARCH,
in the case of python3, this enables debug, causing an error while linking,
since we dont enable debug during configure theres no declaration of some
functions, this patch makes sure we keep debug disabled, fixing the linking errors.
[YOCTO #8467]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Misc:
- pip2 is handled as default on major distros,
modified python3-pip to leave /usr/bin/pip available for pip2
- Fixed importing pip3 from python3 interpreter
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Python-git depends on getpass, which is part of python-unixadmin.
If it is missing:
root@qt5022:~# python
Python 2.7.9 (default, Nov 12 2015, 17:41:32)
[GCC 5.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import git
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/git/__init__.py", line 35, in <module>
from git.config import GitConfigParser
File "/usr/lib/python2.7/site-packages/git/config.py", line 21, in <module>
from git.util import LockFile
File "/usr/lib/python2.7/site-packages/git/util.py", line 14, in <module>
import getpass
ImportError: No module named getpass
>>>
rpcbind: Fix memory corruption in PMAP_CALLIT code
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in
rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of
service (daemon crash) via crafted packets, involving a PMAP_CALLIT
code.
The patch comes from
<http://www.openwall.com/lists/oss-security/2015/09/18/7>, and it hasn't
been in rpcbind upstream yet.
Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Wenzong Fan [Tue, 17 Nov 2015 05:38:42 +0000 (00:38 -0500)]
subversion: fix CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Wenzong Fan [Tue, 17 Nov 2015 05:38:41 +0000 (00:38 -0500)]
subversion: fix CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Wed, 25 Nov 2015 15:00:50 +0000 (15:00 +0000)]
oeqa/sshcontrol: don't source profile
Instead of sourcing /etc/profile to get $PATH including /usr/sbin, just assign
to PATH in the ssh invocation.
The remote /etc/profile may not actually be manipulating PATH as we expect, and
there may be other commands which can interfere with the tests (such as resize
emitting a series of control characters on connection).
Signed-off-by: Ross Burton <ross.burton@intel.com>
Enable code coverage through the library 'python coverage'. In case the environment
variable COVERAGE_PROCESS_START is present (one of the requisites for measuring
sub-processes; the second one is including some coverage statements into the
python sitecustomize.py file) it will be taken into account, otherwise it is
exported with value '.coveragerc'. The latter value is a configuration file
(also automatically created) with some default settings. Once tests are
executed, a coverage report is shown on the log and the coverage output data is stored
with name '.coverage.<args>' where '<args>' is the name of the unit tests executed
or 'all_tests' when running with --run-all-tests. This output data can be latter used
for better reporting using the same tool (coverage).
As briefly indicate before, measuring sub-process implies setting the env variable
COVERAGE_PROCESS_START (done automatically by the oe-selftest code with this patch if
not already set) and creating a sitecustomize.py as explained on [1].
If either one of these is missing, complete coverage will be incomplete.
Current measurements for 'oe-selftest --run-all-tests' indicate that current coverage
is around 42 % taking into account BBLAYERS, bitbake and scripts folders. More details
on [2], indicating the coverage per file/module.
This tasks has been done together with Humberto Ibarra <humberto.ibarra.lopez@linux.intel.com>
Paul Eggleton [Sun, 22 Nov 2015 19:55:45 +0000 (08:55 +1300)]
recipetool: make plugin registration function name consistent with devtool
This should have been register_commands rather than register_command;
I used register_commands in devtool so lets change this here to be
consistent with that. (Since this is extensible through layers though we
need to remain compatible with the old name, so fall back to that if the
new function name isn't there.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 19 Nov 2015 04:17:25 +0000 (17:17 +1300)]
recipetool: add setvar subcommand
Add a recipetool subcommand "setvar" to set a variable in a file. This
uses our existing logic such that it doesn't matter if the variable is
already set in the recipe, if it's set in the recipe or some inc file,
and if the variable is not currently set that the line setting the
variable gets inserted in the right place in the file.
Implements [YOCTO #7676].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Mon, 18 May 2015 11:04:55 +0000 (12:04 +0100)]
lib/oe/recipeutils: refactor patch_recipe_file() to use edit_metadata()
Use bb.utils.edit_metadata() to replace some of the logic in this
function; this avoids us effectively having two implementations of the
same thing. In the process fix the following issues:
* Insert values before any leading comments for the next variable
instead of after them
* Insert overridden variables (e.g. RDEPENDS_${PN}) in the correct place
* Properly handle replacing varflag settings (e.g. SRC_URI[md5sum])
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Mon, 23 Nov 2015 00:34:20 +0000 (13:34 +1300)]
devtool: clarify help text
* Make some minor clarifications to help text
* Drop ArgumentDefaultsHelpFormatter and just put the defaults in the
text itself where needed (because otherwise you get defaults shown for
store_true options which is somewhat confusing).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Sun, 22 Nov 2015 19:50:29 +0000 (08:50 +1300)]
devtool: build: enable showing default task in help
Enable access to the configuration object in register_commands() so that
we can read configuration values there; this allows us to show the
task that will be run in the command line help for the build subcommand.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 19 Nov 2015 01:15:55 +0000 (14:15 +1300)]
lib/oe/recipeutils: check in validate_pn() for names instead of filenames
Ensure that the user specifies just the name portion instead of a file
name with extension. (We can't just look for . since there are recipe
names such as "glib-2.0" that legitimately contain .).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Sun, 11 Oct 2015 14:41:20 +0000 (15:41 +0100)]
lib/oe/patch: improve extraction of patch header
For patches that we have to extract the header information by hand (i.e.
will not apply with "git am"), make the following improvements:
* If we can't extract author/date/subject, then try to do so from the
commit that added the patch in git (assuming the metadata is tracked
by git)
* Take only first Signed-off-by line instead of last
* Accept any case for "Signed-off-by" in case author has typed it by
hand
* Improve conditional - we can skip the other cases if one matches
Implements [YOCTO #7624].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Sun, 22 Nov 2015 23:22:09 +0000 (12:22 +1300)]
devtool: upgrade: provide a means to update the source branch
If you're upgrading a git recipe to a revision on a release branch
that's different to the branch for the current revision, then you'll
need to update the branch parameter in SRC_URI, so add a --srcbranch/-B
command-line parameter to let you do that easily. It handles both when
the branch is stated verbatim in the recipe, and when a reference to
another variable is used (a common convention is to use a SRCBRANCH
variable for this, though the code doesn't care what variable is used
if any).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Sun, 22 Nov 2015 21:07:57 +0000 (10:07 +1300)]
devtool: upgrade: fetch remote repository before checking out new revision
If we're upgrading a recipe that fetches from git, and we've simply
fetched a tarball of the repo instead of directly from the upstream repo
(this can happen if you have PREMIRRORS set up as in poky with a core recipe,
e.g. kernelshark) then we won't have any new revisions, and the checkout
will fail with "fatal: reference is not a tree: <hash>". To avoid this,
do a "git fetch" before checking out the new revision.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Sun, 22 Nov 2015 21:06:50 +0000 (10:06 +1300)]
devtool: upgrade: remove erroneous error when not renaming recipe
If we're upgrading a git recipe the recipe file usually won't need
renaming; for some unknown reason we were throwing an error here which
isn't correct.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Sun, 22 Nov 2015 21:14:44 +0000 (10:14 +1300)]
devtool: upgrade: fix updating PV and SRCREV
This code was clearly never tested. Fix the following issues:
* Actually set SRCREV if it's been specified
* Enable history tracking and reparse so that we handle if variables are
set in an inc file next to the recipe
* Use a more accurate check for PV being in the recipe which will work
if it's in an inc file next to the recipe
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Sun, 22 Nov 2015 20:39:39 +0000 (09:39 +1300)]
devtool: upgrade: fix removing other recipes from workspace on reset
If you did a "devtool add" followed by "devtool upgrade" and then did
a "devtool reset" on the recipe you upgraded, the first recipe would
also be deleted from the workspace - this was because we were
erroneously adding the entire "recipes" subdirectory and its contents to
be tracked for removal on reset. Remove the unnecessary call to
os.path.dirname() that caused this.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Martin Jansa [Wed, 25 Nov 2015 21:33:51 +0000 (22:33 +0100)]
package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default
* without this the do_rootfs task doesn't respect OPKGLIBDIR and
info, status are created in different directory than opkg on
target expects
* people who modify OPKGLIBDIR need to make sure that opkg.conf included
in opkg package also sets info_dir and status_file options
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
If prior to running the toolchain installation script a toolchain
environment script is sourced then the toolchain installation will
fail. This because the environment is now set for the sourced toolchain
and doesn't suit the installation. In particular PATH points to the
toolchain executables.
The fix makes the script recursively call itself a second time with a
clean environment.
Tested by sourcing a previous successfully installed environment, erasing the
previous installation directory and then reinstalling in the same directory.
Signed-off-by: George Nita <george.nita@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Petter Mabäcker [Tue, 24 Nov 2015 12:45:25 +0000 (13:45 +0100)]
create-pull-request: handle empty ODIR
In some situations you might end-up with an empty ODIR (pull-xx/). The
most common reason is that you have applied your patches on 'master'
branch (or you are by mistake standing on the 'master' branch),
this will result in the default behavior that 'git format-patch'
will try to diff master..master.
Solve this by aborting the script with a proper error code and message
if ODIR is empty after the 'git format-patch' call (that is expected
to generate the cover-letter and patches).
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ed Bartosh [Tue, 24 Nov 2015 13:22:49 +0000 (15:22 +0200)]
wic: exec_native_cmd: implement support for pseudo
Wic runs some tools through pseudo, which makes exec_native_cmd
to fail and throw cryptic error message when tool is not baked:
For example:
Error: exec_cmd: 'export
PSEUDO_PREFIX=/media/ssd/poky-build/tmp/sysroots/x86_64-linux/usr;export
PSEUDO_LOCALSTATEDIR=/media/ssd/poky-build/tmp/work/qemux86-poky-linux/
...
PSEUDO_PASSWD=/media/ssd/poky-build/tmp/work/qemux86-poky-linux/ ...
PSEUDO_NOSYMLINKEXP=1;/media/ssd/poky-build/tmp/sysroots/ ...
mkfs.ext4 -F -i 8192 /var/tmp/wic/build/rootfs_platform.7.ext4 -L
platform -d
/media/ssd/poky-build/tmp/work/qemux86-poky-linux/core-image-minimal/...
returned '1' instead of 0
Made exec_native_cmd aware of pseudo and properly report
errors when command is not found.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
toolchain-shar-relocate: don't assume last state of env_setup_script is good
In the case where many environment-setup-* files exist, the incorrect
filename might be lastly set in env_setup_script, which leads to
incorrect behaviour for the initialization of native_sysroot.
The scenario I had was that our custom meta-toolchain-*.bb, which
inherits populate_sdk, defined another environment-setup-* file to dump
variable information for qt-creator. The file is named like so in order
for the sdk shell script to pick it up and fix the SDK paths in the
file. Since it (coincidentally) alphabetically comes after ...-core2, it
was last set in env_setup_script and the grep OECORE_NATIVE_SYSROOT
would simply be blank. The apparent symptom was "...relocate_sdk.py:
Argument list too long" since the find command would not be searching in
the right path.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Fri, 20 Nov 2015 15:34:52 +0000 (15:34 +0000)]
base: decode SRC_URI before adding implicit fetch dependencies
To avoid false positives such as a SRC_URI for http://foo.xz/foo.zip gaining a
dependnecy on xz-native decode the URI so that precise tests can be done.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Patrick Ohly [Wed, 25 Nov 2015 09:30:30 +0000 (10:30 +0100)]
buildhistory.bbclass: support extending the content of the build history
The idea behind the implementation of Yocto #8138 was that an
additional class can write additional files in the recipe directories,
for example by hooking into the functions of buildhistory.bbclass or
by implementing its own SSTATEPOSTINSTFUNCS function.
However, when these additional files get created before
buildhistory_emit_pkghistory(), they get removed again by that
function because it contains code which removes everything it does
not know about. The reason for that is that these unknown items
are probably obsolete.
This logic is the reason why the additional "kconfig" file from
buildhistory-extra.bbclass never showed up in the final build history.
To fix this, the hard-coded list of known files in
buildhistory_emit_pkghistory() must be turned into a variable which
derived classes can extend.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mariano Lopez [Fri, 13 Nov 2015 14:29:18 +0000 (14:29 +0000)]
license.bbclass: Create image license manifest
This change adds the license_deployed_manifest function
that will create the manifest for the packages deployed
next to the image but not installed in rootfs. Some
examples of these recipes would be the bootloaders, or
the kernel.
This new function was added to ROOTFS_POSTPROCESS_COMMAND
so it will run after every rootfs task.
This change also modify the write_license_files because
the image manifest is different from the root manifest.
[YOCTO #6772]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mariano Lopez [Thu, 12 Nov 2015 14:21:06 +0000 (14:21 +0000)]
license.bbclass: Add function get_deployed_files
This function will get the files that were deployed using
the sstate-control manifest file. This will give a better
view of what was deployed next to the image.
Mariano Lopez [Thu, 12 Nov 2015 14:14:40 +0000 (14:14 +0000)]
license.bbclass: Added function get_deployed_dependencies
This change introduce a new function to get the dependencies
that were deployed. It uses BB_TASKDEPDATAto get all the
dependencies of the current task, so it is possible to get
different packages depending at what point this function is
called.
Mariano Lopez [Thu, 12 Nov 2015 12:36:02 +0000 (12:36 +0000)]
license.bbclass: Added get_boot_dependencies function
This function gets the dependencies from the classes that
create a boot image, this is required because sometimes
the bootloader dependecy is in these classes. The current
classes covered are bootimg and bootdirectdisk because
these are the only clases that add dependencies.
Mariano Lopez [Thu, 19 Nov 2015 08:05:46 +0000 (08:05 +0000)]
license.bbclass: Write recipeinfo file in license folder
Currently there is no way to get the recipe version when
creating the rootfs. It is needed because the manifest
file for the image has to contain this important piece
of information.
This change writes a new file in the license folder for
every recipe. This file is called "recipeinfo" and have
the information used to write the manifest file for the
recipes deployed next to the image.
Haris Okanovic [Tue, 17 Nov 2015 20:21:12 +0000 (14:21 -0600)]
populate_sdk_base: Add sysroot symlink check
Add optional check to do_populate_sdk() that verifies SDK sysroots don't
contain dangling or escaping symlinks before attempting to tar an archive.
Such links may fail a `tar -h` operation (-h => follow symlinks) or
archive the build system's files.
Set CHECK_SDK_SYSROOTS = "1" to enable this check.
Use case: The -h option may be set via SDKTAROPTS in some configurations
to create symlink-less SDK archives for Windows file systems.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Wed, 18 Nov 2015 20:59:36 +0000 (09:59 +1300)]
classes/populate_sdk_ext: fail if SDK_ARCH != BUILD_ARCH
The extensible SDK relies upon uninative, and with the way that
uninative works, the build system architecture must be the same as the
SDK architecture or the extensible SDK won't be usable. At some point in
future hopefully we can remove this limitation, but until then it's
disingenuous to allow this to build, so add a check to ensure
SDK_ARCH == BUILD_ARCH and fail if it isn't.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 12 Nov 2015 15:24:29 +0000 (15:24 +0000)]
classes/populate_sdk_ext: tweak reporting of workspace exclusion
If you have a local workspace layer enabled when building the
extensible SDK, we explicitly exclude that from the SDK (mostly because
the SDK has its own for the user to use). Adjust the message we print
notifying the user of this so it's clear that we're excluding it from
the SDK, and scale it back from a warning to a note printed with
bb.plain().
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 12 Nov 2015 15:00:47 +0000 (15:00 +0000)]
classes/populate_sdk_ext: tidy up preparation log file writing
Use a variable for the log file which includes the full path; this is
not only neater but avoids us writing the first part (the output of
oe-init-build-env) to a file in another directory since we are
changing directory as part of this subshell.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Richard Purdie [Wed, 18 Nov 2015 11:52:06 +0000 (11:52 +0000)]
sstate: Ensure siginfo and sig files are also touched
Maintaining an sstate mirror is complicated at the moment as only the main
sstate tgz files have their timestamp updated when they're used.
This causes problems as the siginfo files can be removed from the server
due to inactivity but the sstate fetch code tries to fetch them leading
to confusing warnings and reduced debug capability.
This change ensures we touch any sig/siginfo files present and should
help ageing of the objects on sstate mirrors. It doesn't handle the intermediate
task siginfo files but those are never fetched by the current sstate code
so are an order of magnitude less problematic.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Statically link local libs to avoid gold link issue. This is clearly
a workaround, but does get us past the failures with systems using gold by
default until we find a better solution.
[YOCTO #2972]
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
When the client is enabled, which we do by default, readline is required.
Currently it gets pulled in by other dependencies of connman, indirectly,
but we should be explicit rather than relying on this.
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Jussi Kukkonen [Wed, 11 Nov 2015 13:27:02 +0000 (15:27 +0200)]
xserver-xorg: Upgrade 1.17.2 -> 1.18.0
* Remove glibc-guard patch: xserver no longer uses termio.h on linux
in any case.
* Remove "--enable-glx-tls": this hasn't done anything since glapi
was separated from glx
* Note that xserver no longer installs evdev configuration
(evdev and/or libinput should do it instead)
* Add patch to check for libsystemd correctly
* Add PACKAGECONFIG for libsystemd
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
