Wenzong Fan [Wed, 16 Aug 2017 05:58:36 +0000 (22:58 -0700)]
sqlite3: upgrade to 3.2.0
* Uprev from 3.19.3 to 3.2.0 for fixing CVE-2017-10989:
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3,
as used in GDAL and other products, mishandles undersized RTree blobs
in a crafted database, leading to a heap-based buffer over-read or
possibly unspecified other impact.
https://nvd.nist.gov/vuln/detail/CVE-2017-10989
* LIC_FILES_CHKSUM updated for below changes:
-** 2001 September 15
+** 2001-09-15
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase patches:
- tic-hang.patch -> 0001
- configure-reproducible.patch -> 0002
Drop fix-cflags-mangle.patch, which accepted by upstream
...
commit 1b74f120ab7be89011408a6ad0f1c748a314bae8
Author: Sven Joachim <svenjoac@gmx.de>
Date: Sun Feb 26 09:01:34 2017 +0100
Drop obsolete patches
- 0001-elf_getarsym-Silence-Werror-maybe-uninitialized-fals.patch
Upstream fixed it
https://sourceware.org/git/?p=elfutils.git;a=commit;h=7114c513fbebcca8b76796b7f64b57447ba383e1
- Drop debian patches, they modify test case.
debian/testsuite-ignore-elflint.diff
debian/kfreebsd_path.patch
debian/hurd_path.patch
debian/ignore_strmerge.diff
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2. Drop search-for-libxml2.patch
It is overrided by libxml2-configure-argument.patch
3. Rework dhclient-script-drop-resolv.conf.dhclient.patch and
Drop replace-ifconfig-route.patch.
vim client/scripts/linux
...
Script refresh in 2017. The aliasing code was too convoluted and needs
to go away. Migrated DHCPv4 script to ip command from iproute2 suite.
This is based on Debian script with some tweaks. ifconfig is no longer
used. Everything is done using ip tool from ip-route2.
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Wed, 16 Aug 2017 11:57:16 +0000 (19:57 +0800)]
base-files: respect VOLATILE_LOG_DIR
Respect VOLATILE_LOG_DIR variable. In this way, if the user overrides
this variable to be any valid boolean false value, /var/log on the final
image would reside on persistent storage.
[YOCTO #6132]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fabio Berton [Wed, 16 Aug 2017 20:15:44 +0000 (17:15 -0300)]
python3-native: Add python3-misc-native to RPROVIDES
OE-core commit 800753069f667cd1664d70b3779150c467e3b3fe remove
RPROVIDES list to get runtime dependences from manifest file.
python3-misc is added in python3 recipe, we need to add
native runtime to use python3-misc with native recipes.
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Wed, 16 Aug 2017 21:10:53 +0000 (14:10 -0700)]
mkelfimage: Make -fno-stack-protector effective
mkelfimage uses different flags to compile as freestanding binary
it does not pour CFLAGS into them during configure as a result
-fno-stack-protector was never used. Which failed to build with
compilers configured to build with ssp by default. It worked with
gcc since we do not configure our toolchain to default to ssp
Fixes errors e.g.
| objdir/linux-i386/convert_params.o: In function `convert_params':
| linux-i386/convert_params.c:(.text+0x9f4): undefined reference to `__stack_chk_fail'
| objdir/linux-i386/convert_params.o: In function `compute_checksum':
| linux-i386/convert_params.c:(.text+0xa71): undefined reference to `__stack_chk_fail'
| objdir/linux-i386/convert_params.o: In function `printf':
| linux-i386/convert_params.c:(.text+0xcc7): undefined reference to `__stack_chk_fail'
| make: *** [linux-i386/Makefile:24: objdir/linux-i386/convert] Error 1
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Tue, 15 Aug 2017 21:41:57 +0000 (16:41 -0500)]
rpm: Disable perl dependency generation
When rpmdeps files a perl script, it attempts to determine what it provides
and what it requires. Often the requires are incorrect, within the context
of Wind River Linux. This results in an error that DNF is unable to install
a package due to one or more unresolved dependencies.
In RPM5 we had disabled this behavior, the alternative is to require that all
perl scripts be 'complete', in that they only require things they absolutely
need and that OE provides. If we ever enforce that, this commit can be
reverted. Until they fall back to prior behavior (which also matches ipkg
and deb style packages.)
package.bbclass: Restore functionality to detect RPM dependencies
During the transition to dnf and rpm4, the functionality to
automatically make RPM determine dependencies was lost.
Before the transition, an OE specific tool called rpmdeps-oecore had
been added to the rpm suit. It was based on the rpmdeps tool that is
part of rpm. For each file specified on its command line, it would
output the provides and requires that RPM could determine.
During the transition to rpm4, rpmdeps-oecore was replaced with the
standard rpmdeps. However, what no one noticed was that unless rpmdeps
is given options, e.g., -P or -R, to tell it what it should output, it
will not output anything. Thus, it would do all the work to determine
the requirements, but would keep silent about it. And since no output
from rpmdeps is expected unless there are requirements, there were no
warnings indicating that everything was not working as expected.
Porting the old rpmdeps-oecore to work with rpm4 is not really
possible since it relied on being able to access internals of RPM that
are no longer available. However, it turned out that rpmdeps had a
debug option, --rpmfcdebug, that would output exactly the information
that we need, albeit in a different format and to stderr. To make this
usable, rpmdeps has now received a new option, --alldeps, which sends
the information we need to stdout.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Wed, 16 Aug 2017 15:55:21 +0000 (10:55 -0500)]
ltp: Skip the filedependency scan
Since LTP includes a set of test cases, we need to skip file dependency
generation, as there will be dependencies that can not be satisfied. In this
case a csh and ksh dependency come from two tests.
The alternative would be to depend on csh/ksh (a bad idea as they're not
available in oe-core) or remove the tests (but this eliminates the tests if
someone DOES have csh/ksh in their configurations.)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 16 Aug 2017 13:47:16 +0000 (14:47 +0100)]
openssl: Add missing bash/python rdepends for ptest
ERROR: openssl-1.1.0f-r0 do_package_qa: QA Issue: /usr/lib/openssl/ptest/fuzz/helper.py contained in package openssl-ptest requires /usr/bin/python, but no providers found in RDEPENDS_openssl-ptest? [file-rdeps]
ERROR: openssl-1.1.0f-r0 do_package_qa: QA Issue: /usr/lib/openssl/ptest/test/certs/mkcert.sh contained in package openssl-ptest requires /bin/bash, but no providers found in RDEPENDS_openssl-ptest? [file-rdeps]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Wed, 16 Aug 2017 04:34:08 +0000 (06:34 +0200)]
image.bbclass: drop initramfs bundle related code
The original purpose of this code snippet was to repackage initramfs
bundled kernel images before do_image_complete, to be able to be
included by rootfs, but it's not going to achieve that since the
initramfs bundled kernel images are not even installed to ${D}/boot
after commit a49569e3a7534779bbe3f01a0647fd076c95798d:
[ kernel.bbclass: do not copy bundled initramfs to /boot ]
So there is not a initramfs bundled kernel package at all, we should
drop the code, because it is leading kernel do_initramfs_bundle
unnecessarily rerun and it's very time consuming and hence is impacting
the performance a lot.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Juro Bystricky [Tue, 15 Aug 2017 22:01:30 +0000 (15:01 -0700)]
gmp: improve reproducibility
Remove references to the host build system from generated/packaged
header file gmp.h. The file ends up in two different packages (libgmp-dev,
libgmp-dbg). Rather then modifying the file twice in two different
destinations after the installation, we modify the file gmp.h only once,
but before the installation.
[YOCTO #11922]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Mon, 14 Aug 2017 03:24:16 +0000 (20:24 -0700)]
musl: Update to latest master
visibility is no more auto but disabled by default
we do not require to disable it explicitly.
* fix build failure for sh4a due to missing colon in asm statement
* trap UB from attempts to join a detached thread
* ppc64: fix setjmp/longjmp handling of TOC pointer
* qsort: add a short comment about the algorithm
* disable global visibility override hack (vis.h) by default
* add _NL_LOCALE_NAME extension to nl_langinfo
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gstreamer1.0-plugins-bad: do not provide a fallback to openssl 1.0
This does not work as intended: enabling either of the alternatives
causes the other alternative to append a --disable-hls flag to
configure. Anyone needing openssl 1.0 should set it up manually
via EXTRA_OECONF_append or similar.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Maxin B. John [Mon, 14 Aug 2017 12:09:07 +0000 (15:09 +0300)]
gst-player: remove workaround which disable visualizations
As we upgrade to libva 1.8.3, we can remove the workaround patch
which disables visualizations in gst-player:
1. 0001-gtk-play-Disable-visualizations.patch
Also remove the upstreamed patches:
1. filechooser.patch
2. Fix-pause-play.patch
3. Add-error-signal-emission-for-missing-plugins.patch
Fixes [YOCTO #11437]
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
package_rpm.bbclass: Filter out unwanted file deps for nativesdk packages
Filter out any file dependencies on absolute paths and any
dependencies on Perl modules for nativesdk packages. It is assumed
that they will be provided by the native host if needed, and they mess
up the dependency handling if they are present.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
texinfo: Avoid a problem with a dependency on perl(Locale::gettext_xs)
We do not build the Locale::gettext_xs Perl module and the code will
test for it and happily use Locale::gettext_pp instead if it is not
found. However, this still causes a file dependency on
perl(Locale::gettext_xs) to be generated, which must be satisfied by
adding an explicit provide for it.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
git: Do not install git cvsserver and git svn by default
These git commands require Perl modules that do not exist in OE-Core.
Add PACKAGECONFIGs to enable them. Be aware though that if you enable
them you must also provide the missing dependencies.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpm: Add dependencies on bash, perl and python3-core
Also modify a Python script (pythondistdeps.py) to use Python 3.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gpg signing in file batches (which was default to 100) is a memory expensive
computation, causing trouble in some host machines (even on production AB
as seen on the bugzilla ID). Also, in terms of performance, there is no real
gain when rpm signing is done in batches. Considering the latter issues, perform the
rpm signing serially.
Log showing errors observed recently at AB workers:
packagegroup-self-hosted: include missing (pod2man scp ssh) RPEDENDS packages
Otherwise, the following bitbake error is observed
root@qemux86-64:~/openembedded-core/build# bitbake -e
NOTE: Starting bitbake server...
ERROR: Unable to start bitbake server
ERROR: Last 10 lines of server log /home/root/openembedded-core/build/bitbake-cookerdaemon.log:
File "/home/root/openembedded-core/bitbake/lib/bb/cooker.py", line 197, in __init__
self.initConfigurationData()
File "/home/root/openembedded-core/bitbake/lib/bb/cooker.py", line 348, in initConfigurationData
self.databuilder.parseBaseConfiguration()
File "/home/root/openembedded-core/bitbake/lib/bb/cookerdata.py", line 323, in parseBaseConfiguration
raise bb.BBHandledException
bb.BBHandledException
NOTE: Starting bitbake server...
ERROR: The following required tools (as specified by HOSTTOOLS) appear to be unavailable in PATH, please install them in order to proceed:
pod2man scp ssh
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jason Wessel [Tue, 15 Aug 2017 18:55:34 +0000 (11:55 -0700)]
systemd: Fix rootfs transaction error when PACKAGECONFIG has polkit
The systemd 234 added some files to the polkit directory and the
directory the files live in must be owned by the polkitd user, else
you will receive the following error when the rootfs is being
assembled:
Error: Transaction check error:
file /usr/share/polkit-1/rules.d conflicts between attempted installs of polkit-0.113-r0.15.core2_64 and systemd-1:234-r0.0.core2_64
The fix similar to other packages such as libvirt where the user must
exist and the directory must be created with the proper attributes.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jason Wessel [Tue, 15 Aug 2017 16:10:51 +0000 (09:10 -0700)]
openssl10: Fix conflict between openssl and openssl10 man pages.
The package resolver failes to assemble images because some of the man
pages in openssl10 conflict with the openssl package. In the case
where you want openssl, openssh and the documentation installed in the
same system you will see the failure.
The work around is to rename all the openssl10 man pages and symlinks
to have a prefix of openssl10-.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have two variables here, srcuri and fetchuri. srcuri is what
eventually ends up in the recipe, whereas fetchuri is what we actually
pass to the fetcher when we fetch the source within recipetool -
sometimes these need to be different particularly for an upcoming patch
to handle automatically setting the branch parameter. In OE-Core
revision 9a47a6690052ef943c0d4760630ee630fb012153 I erroneously changed
the call to scriptutils.fetch_url() to pass srcuri instead of fetchuri -
this likely didn't have any ill effect, but change it back to passing
fetchuri to match the original intent.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yue Tao [Tue, 15 Aug 2017 09:55:23 +0000 (02:55 -0700)]
libtasn1: CVE-2017-10790
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
a NULL pointer dereference and crash when reading crafted input that
triggers assignment of a NULL value within an asn1_node structure. It
may lead to a remote denial of service attack.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Tue, 15 Aug 2017 07:38:36 +0000 (15:38 +0800)]
iproute2: add tipc support
The tipcutils 2.2 in meta-oe removed the tipc-config tool and
recommended to use the new configuration tool named "tipc" in iproute2
package for configuring the tipc, which utilizes the new tipc netlink
kernel API.
Add tipc support and split it out into its own package.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jussi Kukkonen [Tue, 15 Aug 2017 10:33:20 +0000 (13:33 +0300)]
gdk-pixbuf: Upgrade 2.36.6 -> 2.36.8
Smallish releases with bug fixes and minor improvements.
shared-mime-info is now always used for image type sniffing.
The dependency does not seem to currently be a build-time dependency
but configure.ac does check for it: I took the easy route and just
added shared-mime-info to DEPENDS as well.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jussi Kukkonen [Tue, 15 Aug 2017 10:33:18 +0000 (13:33 +0300)]
fontconfig: Upgrade 2.12.1 -> 2.12.4
Bug fix upgrades.
* Remove one upstreamed patch.
* Update a license location.
* Add gperf-native as dependency as a hash function header is no
longer shipped and must be generated.
* Add workaround for a related build issue (reported upstream)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Tue, 15 Aug 2017 11:34:55 +0000 (14:34 +0300)]
oeqa: fix dnf tests
Rename one dnf runtime test that it will recognized as a python module
and thus also found by the oe test loader. Also, fix value of
TEST_SUITES in dnf selftest so that all test dependencies are satisfied
and the runtime test may be successfully run from there.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Tue, 15 Aug 2017 11:34:54 +0000 (14:34 +0300)]
package_manager.py: enable dnf's repo_gpgcheck if feed signing is enabled
If package feed signing is enabled enable repo gpg signature check for
rpm repositories added via PACKAGE_FEED_URIS. This has the implication
that all repositories added via this mechanism must be signed with the
same key.
[YOCTO #11209]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Tue, 15 Aug 2017 11:34:52 +0000 (14:34 +0300)]
signing-keys: delete unused tasks
In particular, do_unpack needs to be deleted as it was causing missing
subpackages. Do_unpack cleans the builddir and if it was run after
do_get_public_keys it cleaned up all keys causing no packages to be
built.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Tue, 15 Aug 2017 11:34:51 +0000 (14:34 +0300)]
dnf: rrecommend gnupg
This makes it possible to enable 'repo_gpgcheck' in dnf.conf. That is, do
GPG signature check on repository metadata. Without gnupg dnf fails with
"error: Invalid crypto engine."
[YOCTO #11209]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 14 Aug 2017 14:20:39 +0000 (15:20 +0100)]
util-linux-native: Avoid use of getrandom
getrandom() is only available in glibc 2.25+ and uninative may relocate binaries
onto systems that don't have this function. For now, force the code to the older
codepath until we can come up with a better solution for this kind of issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 14 Aug 2017 13:00:21 +0000 (14:00 +0100)]
python3-native: Avoid use of getentropy/getrandom
getentropy/random() is only available in glibc 2.25+ and uninative may relocate
binaries onto systems that don't have this function. For now, force the code to
the older codepaths until we can come up with a better solution for this kind of
issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Mon, 14 Aug 2017 08:32:59 +0000 (10:32 +0200)]
packagefeed-stability.bbclass: change a bb.plain to bb.note
I could see dozens of "Copying packages for recipe..." messages on the
console during a image build, this is sort of annoying. I would like
them to be dumped into the task log instead, so I can get a cleaner
console and would not miss real important messages.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 14 Aug 2017 10:04:39 +0000 (11:04 +0100)]
selftest/tinfoil: Filter LogRecords in test_event_wait
As the code stands today, an event mask does not mask LogRecord events
since the log levels are controlled separately. We therefore need to
accept (and ignore) LogRecord events in this test to avoid errors.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 14 Aug 2017 10:06:33 +0000 (11:06 +0100)]
expat: Don't use getrandom() in the -native case
getrandom() is only available in glibc 2.25+ and uninative may relocate
binaries onto systems that don't have this function. For now, force
the code to the older codepath until we can come up with a better solution
for this kind of issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 13 Aug 2017 10:22:48 +0000 (11:22 +0100)]
site/ix86-common: Drop ac_cv_sizeof_ino_t as it can be incorrect with large file support
Depending on whether large file support is enabled, the size of ino_t can
be 4 or 8 on 32 bit x86. Drop the value from the site cache and allow the
system to vary it depending on configuration. Very few other arches actually set
this so its likely obsolete and doesn't need to be hardcoded anymore.
Also drop the 64 bit and x32 variants since autodetection of this value appears
to work fine and this avoids any confusion or sizing errors depending on large
file support.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Juro Bystricky [Wed, 9 Aug 2017 17:48:27 +0000 (10:48 -0700)]
image.bbclass: support binary reproducibility
Added a new task "reproducible_final_image_task".
If binary reproducibility is desired ($BUILD_REPRODUCIBLE_BINARIES" = "1"),
then recursivley modify mtimes of all files to a reproducible vale.
The value is obtained via REPRODUCIBLE_TIMESTAMP_ROOTFS.
This task is executed as the very last step in image creation, once all
the files in the image have been finalized.
[YOCTO#11176]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Juro Bystricky [Wed, 9 Aug 2017 17:48:32 +0000 (10:48 -0700)]
kernel.bbclass: improve reproducibility
Several tweaks to improve reproducibility:
1. If BUILD_REPRODUCIBLE_BINARIES == 1, set KBUILD_BUILD_TIMESTAMP
to a reproducible value. This is either a non-zero SOURCE_DATE_EPOCH, or the
value obtained from top entry of GIT repo, or (if there is no GIT repo)
fallback to REPRODUCIBLE_TIMESTAMP_ROOTFS as the last resort.
Also export KCONFIG_NOTIMESTAMP=1.
2. When compressing vmlinux.gz, use gzip "-n" option
3. Kernel and kernel modules contain hard coded paths referencing the host
build system. This is usually because the source code contains __FILE__
at some place. This prevents binary reproducibility. However, some compilers
allow remapping of the __FILE__ value. If we detect the compiler is capable
of doing this, we replace the source path $(S) part of __FILE__ by a string "/kernel-source".
For example:
Juro Bystricky [Wed, 9 Aug 2017 17:48:24 +0000 (10:48 -0700)]
image-prelink.bbclass: support binary reproducibility
Conditionally support binary reproducibility in built images.
If BUILD_REPRODUCIBLE_BINARIES = 1 then:
1. Do not randomize library addresses
2. Set/export PRELINK_TIMESTAMP to a reproducible value.
If REPRODUCIBLE_TIMESTAMP_ROOTFS is specified, then the value will
be used. Otherwise the timestamp will be derived from the top git commit.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Juro Bystricky [Wed, 9 Aug 2017 17:48:31 +0000 (10:48 -0700)]
python3: improve reproducibility
The compiled .pyc files contain time stamp corresponding to the compile time.
This prevents binary reproducibility. This patch allows to achieve binary
reproducibility by overriding the build time stamp by the value
exported via SOURCE_DATE_EPOCH.
Patch by Bernhard M. Wiedemann.
[YOCTO#11241]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Thu, 10 Aug 2017 02:18:32 +0000 (21:18 -0500)]
externalsrc: Handle .git not being a directory
Use git rev-parse to determine the location of the .git directory, in
case it is not an immediate child of EXTERNALSRC (e.g. when using
submodules). In the event git can't resolve the .git directory, fall
back to the non-git method for hashing.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Agner [Tue, 29 Aug 2017 09:54:00 +0000 (02:54 -0700)]
image.bbclass: delete DATE variable too
When creating a custom image which uses the DATE variable the basehash
seems to change every day and lead to errors such as:
ERROR: console-tdx-image-2.7.6-r0 do_image_customimg: Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:set_image_size(d)
...
Add DATE to the variables which should not get expanded early and to the
vardepsexclude list for the image task.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Max Krummenacher [Sat, 12 Aug 2017 17:20:59 +0000 (19:20 +0200)]
run-postinsts: do not reload daemon configuration
In case a systemd service disables itself while init is still in its
boot sequence the reloading of the service files can be problematic.
In that case: It seems that systemd looses the state of .device units,
and some services depend on such units (namely serial consoles such as
serial-getty@ttymxc0.service). As a result no getty is spawned on the
affected serial tty.
After a power-cycle the second boot (which does not disable services)
succeeds.
The following sequence shows this problem:
| Jan 09 16:36:28 apalis-t30 systemctl[162]: Removed /etc/systemd/system/sysinit.target.wants/run-postinsts.service.
| Jan 09 16:36:28 apalis-t30 systemd[1]: Reloading.
| ...
| And then the failing one:
| Feb 22 15:33:15 apalis-t30 systemd[1]: dev-ttyS0.device: Job dev-ttyS0.device/start timed out.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Timed out waiting for device dev-ttyS0.device.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Dependency failed for Serial Getty on ttyS0.
| Feb 22 15:33:15 apalis-t30 systemd[1]: serial-getty@ttyS0.service: Job serial-getty@ttyS0.service/start failed with result 'dependency'.
| Feb 22 15:33:15 apalis-t30 systemd[1]: dev-ttyS0.device: Job dev-ttyS0.device/start failed with result 'timeout'.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Reached target Login Prompts.
(the time has been updated between this two events, but that does not
influence the issue)
Using --no-reload in the service file avoids the "Reloading." message
above and seems to not cause such issues anymore.
Reported-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
(cherry picked from commit 4a425d05bac5dcba023b67aa3d726f7e7869404f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Max Krummenacher [Sat, 12 Aug 2017 17:20:58 +0000 (19:20 +0200)]
opkg-configure: do not reload daemon configuration
In case a systemd service disables itself while init is still in its
boot sequence the reloading of the service files can be problematic.
In that case: It seems that systemd looses the state of .device units,
and some services depend on such units (namely serial consoles such as
serial-getty@ttymxc0.service). As a result no getty is spawned on the
affected serial tty.
After a power-cycle the second boot (which does not disable services)
succeeds.
The following sequence shows this problem:
| Jan 09 16:36:28 apalis-t30 systemctl[162]: Removed /etc/systemd/system/sysinit.target.wants/run-postinsts.service.
| Jan 09 16:36:28 apalis-t30 systemd[1]: Reloading.
| ...
| And then the failing one:
| Feb 22 15:33:15 apalis-t30 systemd[1]: dev-ttyS0.device: Job dev-ttyS0.device/start timed out.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Timed out waiting for device dev-ttyS0.device.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Dependency failed for Serial Getty on ttyS0.
| Feb 22 15:33:15 apalis-t30 systemd[1]: serial-getty@ttyS0.service: Job serial-getty@ttyS0.service/start failed with result 'dependency'.
| Feb 22 15:33:15 apalis-t30 systemd[1]: dev-ttyS0.device: Job dev-ttyS0.device/start failed with result 'timeout'.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Reached target Login Prompts.
(the time has been updated between this two events, but that does not
influence the issue)
Using --no-reload in the service file avoids the "Reloading." message
above and seems to not cause such issues anymore.
Reported-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
(cherry picked from commit 16b7b455ee40fd1be5bb9aacf24b106df0d9325e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Max Krummenacher [Sat, 12 Aug 2017 17:20:57 +0000 (19:20 +0200)]
dpkg-configure: do not reload daemon configuration
In case a systemd service disables itself while init is still in its
boot sequence the reloading of the service files can be problematic.
In that case: It seems that systemd looses the state of .device units,
and some services depend on such units (namely serial consoles such as
serial-getty@ttymxc0.service). As a result no getty is spawned on the
affected serial tty.
After a power-cycle the second boot (which does not disable services)
succeeds.
The following sequence shows this problem:
| Jan 09 16:36:28 apalis-t30 systemctl[162]: Removed /etc/systemd/system/sysinit.target.wants/run-postinsts.service.
| Jan 09 16:36:28 apalis-t30 systemd[1]: Reloading.
| ...
| And then the failing one:
| Feb 22 15:33:15 apalis-t30 systemd[1]: dev-ttyS0.device: Job dev-ttyS0.device/start timed out.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Timed out waiting for device dev-ttyS0.device.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Dependency failed for Serial Getty on ttyS0.
| Feb 22 15:33:15 apalis-t30 systemd[1]: serial-getty@ttyS0.service: Job serial-getty@ttyS0.service/start failed with result 'dependency'.
| Feb 22 15:33:15 apalis-t30 systemd[1]: dev-ttyS0.device: Job dev-ttyS0.device/start failed with result 'timeout'.
| Feb 22 15:33:15 apalis-t30 systemd[1]: Reached target Login Prompts.
(the time has been updated between this two events, but that does not
influence the issue)
Using --no-reload in the service file avoids the "Reloading." message
above and seems to not cause such issues anymore.
Reported-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
(cherry picked from commit 94fabe4b03e899d8876027ee2ced649737a9e522) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Sat, 12 Aug 2017 00:31:59 +0000 (02:31 +0200)]
rm_work: fix build break for do_image_complete
* since following commit:
commit 2ff9d40dc88d43567472218cf3d3faf414398c71
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 30 16:06:57 2017 +0100
image/rm_work: Promote do_image_complete to be more sstate like
it's because for $i 1.0-r0.do_image_complete.228730130ba309f85b73b72222ba11d7.raspberrypi3
there will be first SSTATETASK in $j do_deploy, so the sed call doesn't replace anything
It might be different order of SSTATETASKS in my builds (it might work only when
do_image_complete is the first one in the list), but here:
SSTATETASKS="do_deploy do_image_complete do_image_qa do_package do_package_qa do_package_write_ipk do_packagedata do_populate_lic do_populate_sdk do_populate_sdk_ext do_populate_sysroot"
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Refreshed the following patches:
1. 0001-Makefile.am-don-t-hardcode-libtool-name-when-running.patch
Extended patch to include fix for libgstallocators
2. 0001-Prepend-PKG_CONFIG_SYSROOT_DIR-to-pkg-config-output.patch
Updated to apply to 1.12.2
3. gstreamer-gl.pc.in-don-t-append-GL_CFLAGS-to-CFLAGS.patch
Updated to apply to 1.12.2
* Removed license checks in tta directory as it doesn't exist anymore.
* In 1.12.0, old unsupported plugins were removed. As a result, the
list of unsupported plugins was removed.
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
