Kai Kang [Fri, 26 Jul 2019 09:34:42 +0000 (05:34 -0400)]
subversion: add packageconfig boost
subversion checks whether build with boost during do_configure. If boost
exists on build machine, it causes configure-unsafe QA issue:
| ERROR: subversion-1.12.0-r0 do_configure: QA Issue: This autoconf log
| indicates errors, it looked at host include and/or library paths
| while determining system capabilities.
| Rerun configure task after fixing this. [configure-unsafe]
Add a PACKAGECONFIG 'boost' to fix the issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pulseaudio: don't include consolekit when systemd is enabled
When using systemd, make sure that pulseaudio-server RDEPENDS on
module-systemd-login instead of module-console-kit both of which provide
the same functionality but for different init systems [1][2].
Even though both modules can co-exist, this helps avoid including
consolekit (which has been deprecated) in the images using systemd.
Ming Liu [Fri, 26 Jul 2019 14:19:39 +0000 (22:19 +0800)]
libx11-compose-data: add recipe
So far libx11 compose data is being required by some non-X11 recipes,
like weston -> libxkbcommon -> libx11-locale. But the libx11-locale
could not build without x11 distro feature enabled. This is not
reasonable.
To fix it, we introduce this new recipe, it uses the same source with
libx11 but dropped X11 dependencies, this makes it to be able to build
without x11 distro feature. It would be skipped if x11 distro feature
is enabled, in which case the libx11-locale would provide the libx11
compose data.
Signed-off-by: Ming Liu <ming.liu@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diego Rondini [Fri, 26 Jul 2019 08:18:57 +0000 (10:18 +0200)]
image_types.bbclass: make gzipped images rsyncable
Both gzip and pigz implement the --rsyncable option, allowing small changes to
images to save a lot of data when they are transferred using rsync. This patch
enables --rsyncable by default.
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
classes/sstate: don't use unsigned sstate when verification enabled
When signature verification of shared state objects is enabled
(SSTATE_VERIFY_SIG) use of an unsigned object, even though it produces a
warning, seems unexpected. Instead skip unsigned objects and force the
non-accelerated task to be run.
Signed-off-by: Joshua Lock <jlock@vmware.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Referring to the sstate object as a staging package is an artefact of the
code's origins. Switch to referring to an "Sstate package" in order to be more
accurate and consistent with the rest of the file.
Signed-off-by: Joshua Lock <jlock@vmware.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 25 Jul 2019 21:54:34 +0000 (22:54 +0100)]
package: Improve determinism
Its possible in cases with multiple shlib providers we were not being
deterministic. Add in a couple of sorted() calls to fix the shlibs and
pkgconfig cases with this potential issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Piotr Tworek [Wed, 24 Jul 2019 20:33:50 +0000 (22:33 +0200)]
pulseaudio: Backport upstream fix new alsa compatibility.
Recent alsa upgrade stripped /usr/include/alsa directory from include
path reported by pkgconfig. Due to this pulseaudio 12.2 configure script
can find alsa's use-case.h header which in turn results in HAVE_ALSA_UCM
being undefined. This turn results in pa_alsa_ucm_device_update_available
symbol missing even though libalsa-util.so needs it. Once could argue
pulseaudio should not allow undefined symmbols in its shared modules.
Unfortunately it does and due to this current OE builds of pulseaudio
crash when the server tries to dlopen any module using libalsa-util.so.
Fix this by backporting ustream alsa header include fix.
Signed-off-by: Piotr Tworek <tworaz@tworaz.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When https_proxy is set, use proxy opener to open CVE metadata and
database URLs, otherwise fallback to the urllib.request.urlopen.
Also fix a minor issue where the json database which has been gzip
decompressed as byte object should be decoded as utf-8 string as
expected by update_db.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add syslinux-native dependency only for IA host machines.
Able to build wic image successfully for below template which
uses legacy bios(syslinux):
https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/scripts/lib/wic/canned-wks/directdisk-gpt.wks
[YOCTO #13276]
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 25 Jul 2019 15:20:23 +0000 (16:20 +0100)]
gnutls: don't use HOSTTOOLS_DIR/bash as a shell on target
The libopts configure script looks for a shell on the build host and assumes
it's good for the target. However in our builds it find $HOSTTOOLS_DIR/bash
which isn't useful, so patch out the detection and force $base_bindir/sh.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 25 Jul 2019 15:20:22 +0000 (16:20 +0100)]
libidn2: remove build paths from libidn2.pc
The libunistring m4 macros end up putting the full build-time library path into
the .pc file, which is no good on target. Sed it out to stop build paths
leaking onto the target.
[ YOCTO #13403 ]
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The configure script has already found IPT_LIB_DIR via pkgconfig, so
the configure-cross.patch really just introduces dead and broken
fallback code.
Broken, because the SYSROOT variable does not actually get set to a
sensible value - the argument $1 passed to the configure script when
invoked from the Makefile is KERNEL_INCLUDE, which we set to
${STAGING_INCDIR} in EXTRA_OEMAKE. Obviously that directory does not
have /lib or /usr subdirectories, so we're not really helping the
fallback logic in check_ipt_lib_dir() - in fact, we're more or less
guaranteeing that we won't find those .so files.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bedel, Alban [Tue, 23 Jul 2019 14:13:36 +0000 (14:13 +0000)]
kernel-uboot: remove useless special casing of arm64 Image
Since commit a725d188b5 (kernel-uboot: compress arm64 kernels)
arm64 Image files are handled exactly like in the default case, making
this special case pointless. Remove it to make the code simpler.
Signed-off-by: Alban Bedel <alban.bedel@aerq.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bedel, Alban [Tue, 23 Jul 2019 14:11:46 +0000 (14:11 +0000)]
rng-tools: start rngd early in the boot process again
It do make sense to start rngd early in the boot process because
otherwise we would need to track every service that might need entropy
and explicitly configure it to start after rngd.
When used with systemd rngd blocked the shutdown process because it
simply missed the proper unit configuration. As the systemd
documentation explains, when using DefaultDependencies=no one also
have to explicitly configure the unit to properly stop at some point.
This is normaly achieved by having Before=shutdown.target and
Conflicts=shutdown.target set for the unit.
To have rngd started early again we reverte the changes done to
rngd.service in commit edf7606822 (rng-tools: fix rngd blocks system
shutdown). To have it properly stopped on shutdown we also add
Before=shutdown.target and Conflicts=shutdown.target.
Signed-off-by: Alban Bedel <alban.bedel@aerq.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
William Bourque [Mon, 22 Jul 2019 20:13:54 +0000 (16:13 -0400)]
meta/lib/oeqa: Test for bootimg-biosplusefi Source
Add unittests for bootimg-biosplusefi SourcePlugin in wic module.
First test check wic creation works correctly.
Second test uses qemu to boot image and checks that it has both
EFI and BIOS files in a single partition.
Signed-off-by: William Bourque <wbourque@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
William Bourque [Mon, 22 Jul 2019 20:11:29 +0000 (16:11 -0400)]
wic/plugins: Source that support both EFI and BIOS
Add a source plugin that support both EFI and legacy PC-Bios.
While using this plugin, both bootloaders configurations reside
in the same /boot partitions.
This plugin has very little code : to avoid code duplication,
we simply re-import bootimg-pcbios and bootmg-efi source and
call both their SourcePlugin methods.
Signed-off-by: William Bourque <wbourque@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
obstacks from GNUlib is used in some OE-Core packages e.g. elfutils
and other packages outside OE-Core, this recipe helps provide this
functionality standalone on musl systems, and helps in getting full
versions of dependent packages
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'secure_getenv' api is not uniformly implemented across all C libraries
therefore its good to include missing.h so it can use the alternative
implementation where its not awvailable
Fixes
../git/src/login/pam_systemd.c:344:13: error: implicit declaration of function 'secure_getenv' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
v = secure_getenv(key);
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Swap is a special filesystem that cannot be mounted, so do not try to,
otherwise we will have service that tries and fails to mount it with
the following error:
systemd[1]: Mounting /run/media/nvme0n1p3...
mount[1229]: mount: /run/media/nvme0n1p3: unknown filesystem type 'swap'.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Agner [Sat, 20 Jul 2019 00:12:37 +0000 (02:12 +0200)]
psplash: create psplash tmpfs mount directory in psplash-init
The psplash binary uses TMPDIR as directory to store the FIFO to
communicate with the psplash tools. This directory can be in any
location an init system determines to be suitable, psplash-init
uses /mnt/ for it. Rather than creating the mount directory in
the recipe, just create it in the init script itself. This allows
other init scripts to use a different location without having
an unnecessary .psplash directory in /mnt.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 19 Jul 2019 20:19:57 +0000 (21:19 +0100)]
ffmpeg: don't use hardcoded lookup tables
ffmpeg can generate lookup tables at build time instead of runtime, but this is
no longer a recommended option. The size impact is significant (12% of the
total libavcodec size, nearly 2MB), the runtime impact of dynamic tables isn't
too costly, and only a few codecs actually use the pre-generated tables (MP3,
notably).
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 19 Jul 2019 20:33:19 +0000 (21:33 +0100)]
cve-update-db-native: clean up JSON fetching
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 19 Jul 2019 20:33:18 +0000 (21:33 +0100)]
cve-update-db-native: improve metadata parsing
The metadata parser is fragile: first it coerces a bytes() to a str() (so the
string is b'LastModifiedDate:2019...'), assumes the first line is the date, and
then uses a regex to parse (which then includes the trailing quote as part of
the date).
Clean this up by parsing the bytes as UTF-8 (ASCII is probably fine, but this is
safer), iterate through the lines and split on colons to find the right
key/value pair.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop the following patches since the issues have been fixed upstream:
0001-file01.sh-Fix-in-was-not-recognized.patch
0001-lapi-Define-TST_ABI-32-64-to-detect-target-type.patch
0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch
0007-fix-__WORDSIZE-undeclared-when-building-with-musl.patch
0009-fix-redefinition-of-struct-msgbuf-error-building-wit.patch
0021-Define-_GNU_SOURCE-for-MREMAP_MAYMOVE-definition.patch
0023-ptrace-Use-int-instead-of-enum-__ptrace_request.patch
0024-rt_sigaction-rt_sigprocmark-Define-_GNU_SOURCE.patch
0026-crash01-Define-_GNU_SOURCE.patch
0028-rt_sigaction.h-Use-sighandler_t-instead-of-__sighand.patch
0034-periodic_output.patch
0039-commands-ar01-Fix-for-test-in-deterministic-mode.patch
define-sigrtmin-and-sigrtmax-for-musl.patch
setregid01-security-string-formatting.patch
Refresh the following patches:
0004-build-Add-option-to-select-libc-implementation.patch
0005-kernel-controllers-Link-with-libfts-explicitly-on-mu.patch
0008-Check-if-__GLIBC_PREREQ-is-defined-before-using-it.patch
0018-guard-mallocopt-with-__GLIBC__.patch
0020-getdents-define-getdents-getdents64-only-for-glibc.patch
0035-fix-test_proc_kill-hang.patch
0036-testcases-network-nfsv4-acl-acl1.c-Security-fix-on-s.patch
0001-open_posix_testsuite-mmap24-2-Relax-condition-a-bit.patch
0001-shmctl01-don-t-use-hardcoded-index-0-for-SHM_STAT-te.patch
0001-diotest4-Let-kernel-pick-an-address-when-calling-mma.patch
0001-getrlimit03-adjust-a-bit-of-code-to-compatiable-with.patch
wic: Fix (again) partition files UIDs on multi rootfs images
Commit 450335ba5e73a375eb9932b4c4cf37979640dbfc copies the pseudo
database to the working directory in order to have ownership information
when the filesystem is generated.
Unfortunately this does not work anymore. The filenames on the database
are absolute and there is no information about the new directory.
Instead of fixing the database, we could redo a bit the way we patch the
fstab file. Now I am saving the old contents of fstab, modifying the
file and then reverting the changes on exit.
This is faster than the previous approach, although it can cause
indeterminism if the application is killed before finishing.
Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-update-db-native: Remove hash column from database.
djb2 hash algorithm was found to do collisions, so the database was
sometime missing data. Remove this hash mechanism, clear and populate
elements from scratch in PRODUCTS table if the current year needs an
update.
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The master branch's current tip commit as of this writing is [1], see the
squashfs-tool's repo at [0].
Because of commits [2]-[4] which are included in the master branch three
corresponding patches are dropped as they are not needed anymore. The single
remaining patch was rebased on top of [1] to apply cleanly.
Commits [5] & [6] introduced interesting features, namely zstd support and
reproducibility of created SquashFS images. They are reflected in two new
PACKAGECONFIG options now, but only the latter ("reproducible") is appended to
the default options as OE-core does not contain a recipe to build zstd at the
moment (a working zstd recipe can be found e.g. in meta-rauc, see [7]).
[0] https://github.com/plougher/squashfs-tools.git
[1] f95864afe883 ("unsquashfs-4: Add more sanity checks + fix CVE-2015-4645/6")
[2] 46bdc1726e5a ("mksquashfs: Make a load of functions static")
[3] b0ca8a5c98ff ("pseudo.c: add explicit <sys/stat.h> include")
[4] f95864afe883 ("unsquashfs-4: Add more sanity checks + fix CVE-2015-4645/6")
[5] 6113361316d5 ("squashfs-tools: Add zstd support")
[6] e0d74d07bb35 ("Add configuration and Mksquashfs build options for
reproducible builds")
[7] https://layers.openembedded.org/layerindex/recipe/79049/
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Thu, 4 Jul 2019 13:45:19 +0000 (21:45 +0800)]
defaultsetup.conf: enable select init manager
Introduce a new variable INIT_MANAGER and create 4 init-manager-*.inc
files to configure init manager settings. Available values of
INIT_MANAGER are sysvinit, systemd, mdev-busybox and a default of none.
'none' provides backwards compatibility.
The settings of various VIRTUAL-RUNTIME variables are moved into these
files from the packagegroups.
[YOCTO #13031]
[Modifications by RP for backwards compatibility]
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 18 Jul 2019 11:46:12 +0000 (12:46 +0100)]
staging: Drop clean_recipe_sysroot
With recent changes to runqueue, this fuction is unsafe as setscene tasks can run
at the same time as normal ones and doing things before do_fetch no longer
offers any guarantees.
There is other code which cleans out things from the sysroots as tasks rerun so
we should rely upon that instead.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
