Richard Purdie [Sun, 30 Jul 2017 15:13:37 +0000 (16:13 +0100)]
image: Make do_image_qa a dummy sstate task to match do_image_complete
Similar to do_image_complete, make do_image_qa a dummy sstate task
so that rm_work doesn't cause image generation to repeat on every
new build command.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 30 Jul 2017 15:06:57 +0000 (16:06 +0100)]
image/rm_work: Promote do_image_complete to be more sstate like
We relied on the missing do_image_complete_setscene task to ensure the dummy
sstate tarball that was created would never be used. This lead to its own
issues and a better fix for SSTATE_SKIP_CREATION has now been merged.
We can therefore make do_image_complete look like a more standard sstate
task which means image generation doesn't keep rerunning when using rm_work.
We do need to turn do_image_complete's stamp into an sstate version to
handle this (it otherwise matches the do_image_* glob).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 30 Jul 2017 15:04:54 +0000 (16:04 +0100)]
image: Drop before do_build from do_rootfs and do_image
do_image_complete has the do_build dependency, these other two tasks
don't need it. If this is present, it complicates the dependency tree
and convinces rm_work that the tasks need to rerun even if they
already did since the stamps are removed.
Drop the unneeded dependency to help resolve this issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 30 Jul 2017 15:01:09 +0000 (16:01 +0100)]
sstate: Improve SSTATE_SKIP_CREATION
Currently, dummy archives are created for skipped sstate tasks. We relied
on these never being installed (the setscene task is missing) however this
leads to odd behaviour as for example the setscene stamps are never looked
at.
Rather than trying to continue with the two separate behaviours, really
skip package creation. We do need the file manipulation steps to install files
under sstate control from a manifest perspective so we only skip at the final
creation step.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 30 Jul 2017 14:59:34 +0000 (15:59 +0100)]
rm_work: Improve handling for addto_recipe_sysroot
Rather than requiring each user to handle this individually, handle
addto_recipe_sysroot in the core class. As well as preserving the
sysroot directory, this also ensures the stamp is preserved rather
than rerunning the task every time as currently happens.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Sat, 29 Jul 2017 00:14:36 +0000 (20:14 -0400)]
imagefeatures: Add a test for various hypervisor formats
We add a new test that will create core-image-minimal for wic.vmdk,
wic.vdi and wic.qcow2. We then confirm via qemu-img that the resulting
file is of the expected type.
Cc: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Sat, 29 Jul 2017 00:14:35 +0000 (20:14 -0400)]
imagefeatures: Add a test for many CONVERSION_CMDs being chained
Add a new test to create a long (and not otherwise useful) image,
ext4.bmap.gz.bz2.lzo.xz.u-boot and also the sha256sum of it. Check that
the resulting sha256sum is valid.
Cc: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Sat, 29 Jul 2017 00:14:34 +0000 (20:14 -0400)]
imagefeatures: Extend test_bmap to validate gzip
We extend the existing test_bmap test to also produce an ext4.bmap.gz
file and then have gzip confirm that it contains valid gzip data. This
tests that we are able to chain at least 2 CONVERSION_CMDs together.
Cc: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Sat, 29 Jul 2017 00:14:33 +0000 (20:14 -0400)]
wic: Switch to using --use-uuid by default
The most portable way to specifiy a root device in a disk image that we
create is to use PARTUUID rather than /dev/sda2. As background, both
GPT and MBR tables provide valid UUID values for each partition and the
Linux Kernel contains the logic to parse this value. With this change
we can now boot the default disk images when used as any valid block
device that the included kernel uses. This for example means that
VirtualBox can be used to run vmdk without changes as it uses IDE for
the virtual disk controller.
Cc: Matt Porter <mporter@konsulko.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Sat, 29 Jul 2017 00:14:32 +0000 (20:14 -0400)]
image: Convert vmdk/vdi/qcow2 to strict CONVERSION_CMD types
The vmdk/vdi/qcow2 IMAGE_FSTYPEs predate wic. As such, they provide
some similar underlying functionality in order to produce a "disk" image
that in turn can be converted into different formats that various
hypervisor types work with. They do not however provide the ability for
other disk image types to be converted into these same output types.
Furthermore, they are less flexible than what wic does provide. This
drops the old style vmdk/vdi/qcow2 types and re-introduces them under
the CONVERSION_CMD framework. The equivalent of vmdk is now wic.vmdk
and so forth for the other types.
Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cml1.bbclass: wait until menuconfig terminal finishes
There are at least two terminals types (gnome and tmux) that when
launched to show the kernel's menuconfig, we lost track of the corresponding
process ID, thus there is no way to see when they finish, yielding identical
timestamps before and after menuconfig thus compile's task
is never tainted. This commit takes the solution from [1] but now in the menuconfig's
context.
Kai Kang [Fri, 28 Jul 2017 03:21:06 +0000 (11:21 +0800)]
assimp: upgrade to 4.0.0
Upgrade assimp to 4.0.0.
* Because there is also an assimp recipe in meta-oe, so update
DESCRIPTION, HOMEPAGE and SECTION from it.
* Remove redundant license file
* Update EXTRA_OECMAKE to fix library install path for multilib
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patrick Ohly [Fri, 28 Jul 2017 14:49:53 +0000 (16:49 +0200)]
autoconf-archive: simplify and fix recipe
The COPYING file specifies pure GPLv3, not GPLv2 & GPLv3. There is
also the COPYING.EXCEPTION file with the autotools exception, which
gets ignored here in the recipe to keep it simpler.
All of the explicit dependencies seem unnecessary, and RDEPENDS_${PN}
doesn't do anything for native recipes either, so all of that gets
removed.
It also built fine without the m4 and parallel build workarounds.
There's no need to have a separate .inc file.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patrick Ohly [Fri, 28 Jul 2017 14:49:52 +0000 (16:49 +0200)]
autoconf-archive: move from meta-oe to OE-core
Having common macros in OE-core that are needed by autotools based
projects makes sense. For example, tpm2.0-tools in meta-measured
depended on meta-oe only because of autoconf-archive.
This is a verbatim copy of the autoconf-archive recipe in
meta-openembedded rev 1cbd1bc1, with just one change: the patch which
disabled the installation of ax_code_coverage.m4 and
ax_check_enable_debug.m4 and the dependency on gnome-common were
removed.
So now autoconf-archive in OE-core provides them. gnome-common in
meta-oe will be changed to not install them and instead depend on
autoconf-archive.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Fri, 28 Jul 2017 14:04:27 +0000 (16:04 +0200)]
rootfsdebugfiles.bbclass: add a optional parameter to choose file mode
This is in case that sometimes the copied target files might be
expected to have a desired mode, for instance, the ssh keys should not
be too open, otherwise the users will get a "Permission denied" error.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Fri, 28 Jul 2017 09:29:28 +0000 (12:29 +0300)]
oe-selftest: wic: fix test_quemu
This test case boots the image in qemu and checks for mounted
partitions. As /boot is mounted automatically the test case fails.
Fixed this by adding /boot to the list of mounted partitions.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Fri, 28 Jul 2017 09:29:27 +0000 (12:29 +0300)]
wic: add /boot mount point to fstab by default
wic avoided adding /boot to fstab for no reason.
This exception was hardcoded in the wic code.
There is no need for this as mountpoint in .wks file is an optional
field. It can be used only if user wants to have partitions
automatically mounted on system boot.
[YOCTO #11662]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Fri, 28 Jul 2017 09:29:24 +0000 (12:29 +0300)]
wic: use absolute paths in rootfs plugin
Using relative paths can cause copyhardlinktree API to fail as
it changes current directory when working. Converted all paths
to absolute paths using os.path.realpath.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Tue, 25 Jul 2017 11:26:36 +0000 (14:26 +0300)]
wic: copy rootfs directory before changing fstab
wic updates /etc/fstab on root partition if there are
valid mount points in .wks
When wic runs from bitbake this can cause incorrect results
or even breakage of other tasks working with the same rootfs
directory in parallel with do_image_wic.
Implemented copying rootfs directory to a temporary location
using copyhardlinktree before updating fstab to avoid conflicts with
other tasks working with the same rootfs directory.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Fri, 28 Jul 2017 09:29:22 +0000 (12:29 +0300)]
image_types.bbclass: ignore tar exit code 1
tar exists with 1 and produces warning "file changed as we read it"
if content is changed while tar archives it. Even hardlinking content
causes tar to fail this way as it changes file ctime.
Other tasks running in parallel with do_image_tar may need to hardlink
rootfs content in order to change it, e.g. do_image_wic does this to
update etc/fstab.
Ignored tar exit code 1 to be able to hardlink rootfs content while
do_rootfs_tar is tarring it.
[RP: Removed bashism]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we are adding the addto_sysroot that that is specific to the
native recipe, we must split this into a seperate -native .bb recipe.
When systemtap-native is built, the intention is that it's usable
from the native sysroot when done, ensure it's there with a forced
addto_recipe_sysroot task, we also don't want to clean the sysroot
when RM_WORK is enabled otherwise we loose the binaries.
[YOCTO #11403]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 2fdb59741b4fdeaa4aee10812c4a409cdc11a02d) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa/core/runner: OEStreamLogger don't buffer test execution writes
Since OEQA framework uses Python logging functionality to report test
results there is a class that wraps PyUnit writes into logging commands
(OEStreamLogger), so don't buffer the actual test execution to have
insight of what is currently executing.
This fix will change a little the test output format adding an '\n'
previous the test result, for example:
From:
test_nonmatching_checksum (lic_checksum.LicenseTests) ... ok
To:
test_nonmatching_checksum (lic_checksum.LicenseTests)
... ok
This is because the new line added by the PyUnit StreamLogger because
currently we don't have a manner to identify when a test execution
starts at report level (write msg).
[YOCTO #11827]
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa/{core,selftest}: Add support to validate if a specified test case isn't found
If some test module/case is specified to run and isn't found the OEQA
framework didn't notice it, so complete the implementation using
modules_required and validate for the test case prescense.
Raise an exception when the test module/case required isn't found.
[YOCTO #11645]
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jackie Huang [Wed, 31 May 2017 08:27:16 +0000 (16:27 +0800)]
ncurses: add SYSROOT_DESTDIR for siteconfig_gencache
After switching to Recipe Specific Sysroots, ncurses
will not be populated in its own sysroots, then
siteconfig_gencache fails to find some headers,
so add ${SYSROOT_DESTDIR}/${includedir} into the
search list to fix the issue.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jackie Huang [Wed, 31 May 2017 08:27:17 +0000 (16:27 +0800)]
siteinfo: fix siteinfo_get_files to work with RSS
The siteconfig cache files in ACLOCALDIR setup by autotools.bbclass
has been dropped after switching to RSS, so change the siteconfig
search path back to SITECONFIG_SYSROOTCACHE and the parameter
name changed from aclocalcache to sysrootcache.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
package/bbclass: sources are packaged separately from debug.
The configuration variable PACKAGE_DEBUG_SPLIT_STYLE includes
the new mode debug-with-srcpkg that instructs the system to
remove the source files from the debug package but include them in
a separate package with a "-src" suffix in the name.
[YOCTO #9998]
Signed-off-by: Juan M Cruz Alcaraz <juan.m.cruz.alcaraz@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 29 Jul 2017 20:08:43 +0000 (21:08 +0100)]
Revert "core-image-minimal-initramfs: use initramfs-framework by default"
This reverts commit 28fc6ba761ed4a47efa7c43e7f7dff5e2fe72b5e since it causes
runqemu.RunqemuTests.test_boot_machine_iso and runqemu.RunqemuTests.test_boot_deploy_hddimg
to fail in oe-selftest.
initramfs-framework: include install-efi module in recipe for installation
Utilized the existing init-install-efi.sh script and renamed it to
install-efi.sh to manage the installation process of images in
initramfs-framework model. This script will be executed when
"install" option is being chosen in the grub menu and install
the image on the target platform. A new install-efi module is
being added in the recipe to handle the installation process
using initramfs-framework.
[YOCTO #10989]
Signed-off-by: Ng, Wei Tee <wei.tee.ng@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
initramfs-framework: module to support boot live image
setup-live module is a new module being introduced to integrate the
functionality of init-live.sh into new scriptlet named setup-live in
order to support the live boot image. The udev-extraconf rdepends is
being added to perform automounting. It gets to run before the rootfs
and finish module.
The setup-live scriplet include the changes for:
- Create a conditional loop for the bootparam_root variable. If it is
not set, then it will boot from ROOT_IMAGE. Else, it will boot normally
which is not from removable media.
- Gives a standard path to the original boot disk mount which can be
used to. While /media/sda is a good guess, it isn't always right, nor
is it a good assumption that only one boot disk is in the system.
- The current rootfs module has no support for rootfs images, currently
it only support for rootfs partitions for wic image. Therefore, there
is a need to assign the rootfs image for live image.
[YOCTO #11701]
Signed-off-by: Ng, Wei Tee <wei.tee.ng@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License checksum change due to copyright year update.
Latest icu will not compile with anything less than C++11, so
drop the enforcement of an earlier C++ version. This should be okay,
as there is now a fix in place for the problem of mixing native gcc 4/5
compiled code:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=c21cec84886d9c70396e9be0ceb9a8ef300b54be
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Wed, 26 Jul 2017 00:18:36 +0000 (17:18 -0700)]
mirrors.bbclass: provide git repo fallbacks using the https protocol
Use MIRRORS to provide git repo fallbacks using the https protocol,
for cases where git native protocol fetches may fail due to local
firewall rules, etc.
These rules should cover all git native repos used by recipes within
oe-core, with the exception of mtd-utils, for which there's currently
no upstream alternative to the git native protocol for anonymous
access ( see http://git.infradead.org/mtd-utils.git ).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Wed, 26 Jul 2017 16:22:29 +0000 (19:22 +0300)]
oe-selftest: wic: change mkfs.btrfs options
test_mkfs_extraopts test case fails on ab with error caused
by using -K --mixed options:
output: extent-tree.c:2696: btrfs_reserve_extent: BUG_ON `ret` triggered, value -28
For this test case it's not important to use particular options,
so changing options to anything less influential is OK.
Changed extra options for mkfs.btrfs to '--quiet' to fix the failure.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
RPM file signing is enabled with --with-imaevm during configuration.
If enabled, the RPM signing tool rpmsign will call libimaevm.so provided
by the recipe ima-evm-utils.
Robert Yang [Thu, 13 Jul 2017 08:09:34 +0000 (01:09 -0700)]
runqemu: validate combos
Error out ealier if the combos is invalid, e.g.:
$ runqemu tmp/deploy/images/qemux86/bzImage-qemux86.bin tmp/deploy/images/qemux86/core-image-minimal-qemux86.wic
This will fail at kernel panic, no we check and error out early. We can
add other checkings in the future.
[YOCTO #11286]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Richard Purdie [Wed, 26 Jul 2017 08:52:43 +0000 (09:52 +0100)]
gnome-themes-standard: Fix packages so dev-pkgs image generation works
A change from Ross removed the dual -dev/-dbg packages but this broke
deb/ipk rootfs constuction due to a dependency on a package which doesn't
exist (for dev-pkgs images). Remove the dependency on that package to
allow images to build.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Tue, 25 Jul 2017 19:58:09 +0000 (15:58 -0400)]
image: Fix "metadata is not deterministic" when chaining 2+ CONVERSION_CMDs
When we have more than one CONVERSION_CMD being used, for example
ext4.gz.sha256sum we will see errors about "metadata is not
deterministic". This is because we do not have a stable order of
intermediate files that will be removed in the generated shell command.
We fix this by calling sorted() on the set of rm_tmp_images so that we
will have a stable hash again.
Cc: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa/buildperf: Add 'bitbake -m' on sync function to ensure bitbake is unloaded
Add 'bitbake -m' to the sync method and ensure all process related to
bitbake are correctly unloaded before doing the different measurements.
Also add a call to sync funtion on Test4 before final measurment of
eSDK deploy dir disk usage.
Signed-off-by: Jose Perez Carranza <jose.perez.carranza@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Fri, 21 Jul 2017 22:06:34 +0000 (18:06 -0400)]
image_types.bbclass: Make u-boot signed images more versatile
With the introduction of chaining compression/conversion support we can
convert the old image_types_uboot.bbclass code that did a hand-chaining
of a set of ${filesystem}.${compression} into generic and arbitrary
support to sign whatever the user wants to sign for their image.
This, for the record, does remove setting a valid compression type in
the record in favour of just saying none. This is not a generally
useful feature in U-Boot and I believe being versatile in terms of being
able to pass in arbitrary compressions is more important.
Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Rini [Fri, 21 Jul 2017 22:06:33 +0000 (18:06 -0400)]
image.bbclass: Correct chaining compression support
When chaining of compression/conversion types was added, we had a new
way to handle doing things like "ext4.bz2.sha256sum" or
"ext2.gz.u-boot". However, because the U-Boot image class isn't
included normally, it wasn't properly converted at the time. After the
support was added the "clean" argument that the .u-boot code uses no
longer functions. The fix for this inadvertently broke chaining
compression/conversion. First, correct the u-boot conversion code.
Fixes: 46bc438374de ("image.bbclass: do exact match for rootfs type") Cc: Zhenhua Luo <zhenhua.luo@nxp.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
package_rpm.bbclass: disable generation of .build-id links
As we're not using them and they're getting in the way of
reproducibility.
[YOCTO #11718]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 24 Jul 2017 20:34:49 +0000 (21:34 +0100)]
libpng: use SourceForge mirror
The Gentoo mirror also deletes old versions when they're not used, so revert
back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to
handle new releases moving the version we want.
Original idea by Maxin B. John <maxin.john@intel.com>.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
externalsrc: place copy of git index into /tmp and do not use copyfile2
Using shutil.copy2() to copy .git/index to a temporary file tries to
copy SELinux attributes which might fail for confined users in SELinux
environments.
E.g. our builders are running in docker containers and modification of
sources (inclusive updated of .git/index) is done outside. Trying to
copy .git/index fails with
is created. This can not be solved by adapting the SELinux policy because
this is a very deep constraint violation:
| constrain file { create relabelfrom relabelto } ((u1 == u2 -Fail-) or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
|
| Possible cause is the source user (system_u) and target user (unconfined_u) are different.
I do not see much sense in using 'shutil.copy2()' here; 'shutil.copyfile()'
seems to be a better choice (target file is created in a secure way by
tempfile.NamedTemporaryFile()).
By placing the tempfile into /tmp we avoid potential problems related to
git's 'core.sharedRepository'. As a (positive) side effect, the source
tree will not be modified anymore (at least by this part of code) which
prevented to mount it read-only from somewhere else.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Mon, 24 Jul 2017 05:01:25 +0000 (07:01 +0200)]
buildtools-tarball: drop deltask package/packagedata
They are redundant since nopackages are being inherited.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Mon, 24 Jul 2017 04:59:12 +0000 (06:59 +0200)]
uninative-tarball: drop deltask package/packagedata
They are redundant since nopackages are being inherited.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Mon, 24 Jul 2017 04:55:52 +0000 (06:55 +0200)]
package-index: inherit nopackages
Drop deltask do_package* syntax, inheriting nopackages instead.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Tue, 25 Jul 2017 09:12:10 +0000 (11:12 +0200)]
wic-tools: ensure pseudo is available
wic will attempt to use pseudo from the wic-tools sysroot to run, but it
was only sure to be in there if do_install had executed - which is not
the case if it had been restored from sstate, in which case it failed
horribly as seen when running the wic.Wic.test_fs_types and
test_mkfs_extraopts tests on the Yocto Project autobuilder recently. Add
an explicit dependency on pseudo-native to ensure it's always there.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Thu, 20 Jul 2017 23:19:51 +0000 (16:19 -0700)]
linux-yocto: only suggest default kernel type
The distro should set a default kernel type (?=) which could be
overriden by local.conf (=) or extensions (templates). The kernel itself
should only use "??=" to provide a value which allows builds to succeed.
Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mikko Rapeli [Thu, 20 Jul 2017 13:23:11 +0000 (16:23 +0300)]
cve-check.bbclass: use "+git" as separator in PV instead of "git+"
PV is the recipe major version number. cve-check tries to map that to
NVD database release versions of the component. If the recipe sources
are taken from git, the PV can be automatically modified to include
git details, but the syntax is like 233+gitAUTOINC+a1e2ef7ec9.
In CVE checks we want to remove the git details and just use the major
version information, in this example 233.
Thus use "+git" as the separator and use the first part before the separator
as SW product version number in CVE check.
Fixes version number for e.g. systemd recipe. If systemd PV is
233+gitAUTOINC+a1e2ef7ec9 there will be no matches from CVE database where
latest release mentioned is plain 233. If the filter is set to +git, then
CVE PV is 233 and issues like this are detected by do_cve_check:
Martin Kelly [Tue, 18 Jul 2017 18:46:54 +0000 (11:46 -0700)]
gstreamer1.0-python: add new recipe
Previously, we had a gst-python recipe, but it supported only GStreamer
0.1. After GStreamer switched the Python bindings to use GObject
introspection, we were no longer able to build the bindings, and they
were dropped in this patch:
https://patchwork.openembedded.org/patch/93793/
However, at this point, we have a gobject-introspection class, so we can
use the bindings again, this time with GStreamer 1.0.
Signed-off-by: Martin Kelly <mkelly@xevo.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Which were dangling configure options, which started to be enabled after the
pkg-config fix, so they need now to be explicitely disabled. Follow up patch
will enable these options when DISTRO_FEATURES has x11.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mikko Rapeli [Thu, 20 Jul 2017 13:23:09 +0000 (16:23 +0300)]
cve-check.bbclass: use weak assignment for default CVE_PRODUCT
This way also bbclasses can override it. For example kernel.bbclass
could set CVE_PRODUCT to linux_kernel for all users of the class
which compile Linux kernels.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
