sysstat: Correct when to use the package provided systemd unit files
There have been a number of changes back and forth as to when and how
to use the systemd unit files provided by the package. The correct
condition is actually that both cron and systemd need to be enabled
for them to be installed.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In commit 8862f21e (sysstat: 12.1.3 -> 12.1.6), sa_lib_dir was changed
from "${libdir}/sa" to "${libexecdir}/sa" to avoid problems with
multilib. However, the systemd unit file was not changed accordingly,
which lead to the following error when trying to start the service:
systemd[4698]: sysstat.service: Failed at step EXEC spawning
/usr/lib/sa/sa1: No such file or directory
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 13 Nov 2019 04:10:31 +0000 (22:10 -0600)]
mc: Fix build reproducibility
Fixes some issues with reproducible builds. Adds a patch to allow the
configure arguments to be omitted from the build and also explicitly
setting some autoconf paths that were picking up hosttools.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 13 Nov 2019 21:24:00 +0000 (15:24 -0600)]
icecc-create-env: Use OE patchelf in SDK
The Icecream environment creation script runs when the SDK is installed
and uses patchelf to fix up executables. Rather than rely on the host
system to provided patchelf (which often can be older versions that
produce buggy executables), mark the OE version of patchelf as a
dependency of icecc-create-env when included in the SDK.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yeoh Ee Peng [Thu, 7 Nov 2019 09:50:30 +0000 (17:50 +0800)]
resulttool/store.py: Enable add extra test environment data
Enable the option to add extra test environment data to the
configuration of each test result (as optional).
Example of optional test environment data include:
- custom packages included for runtime test
- detail machine specification used as target
- detail host environment used for bitbake
Signed-off-by: Yeoh Ee Peng <ee.peng.yeoh@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yeoh Ee Peng [Thu, 7 Nov 2019 09:50:28 +0000 (17:50 +0800)]
scripts/resulttool/report: Enable output raw test results
In case of debugging, report user need to acccess the raw
test result. Instead of going back to source file/directory/URL
to manually pull out the raw result, provide alternative
way to let report showing raw test results by providing
the result id (optional).
Signed-off-by: Yeoh Ee Peng <ee.peng.yeoh@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yeoh Ee Peng [Thu, 7 Nov 2019 09:50:27 +0000 (17:50 +0800)]
scripts/resulttool/report: Enable report to use regression_map
By default, report will use the store_map to generate the key
to reference each result set. In some situation when using store_map
with multiple set of tests sharing similar test configurations,
the report will only showing partial result set for results
that having identical result_id (use of multiconfig to run tests
where it generate identical result_id).
Enable report to have the option to use the regression_map (optional)
instead of the default store_map, where it will take larger
set of configurations to generate the key to reference each
result set, this will prevent the report from only showing
partial result set.
Signed-off-by: Yeoh Ee Peng <ee.peng.yeoh@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 7 Nov 2019 23:58:30 +0000 (23:58 +0000)]
cve-update-db-native: don't refresh more than once an hour
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
buildhistory: fix "version went backwards" QA error message
Fix parentheses placement in the message from:
Package version for package X went backwards which would break package feeds from (Y to Z)
to this one:
Package version for package X went backwards which would break package feeds (from Y to Z)
Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Haris Okanovic [Fri, 8 Nov 2019 21:46:31 +0000 (15:46 -0600)]
dhcp: Workaround busybox limitation in Linux dhclient-script
Busybox's implementation of chown and chmod doesn't provide a
"--reference" option used in the latest version of dhclient-script.
This change works around that limitation by using stat to read
ownership and permissions flags and simple chown/chmod calls
supported in both coreutils and busybox.
Patch submitted upstream to ISC, tracked as bug 48771.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Trevor Gamblin [Sat, 9 Nov 2019 01:46:40 +0000 (20:46 -0500)]
python3-misc: add python3-audio to RDEPENDS
Import issues are encountered for the python3 aifc module,
on images with python3-misc installed:
|>>> import aifc
|Traceback (most recent call last):
|File "<stdin>", line 1, in <module>
|File "/usr/lib64/python3.7/aifc.py", line 254, in <module>
|from chunk import Chunk
|ModuleNotFoundError: No module named 'chunk'
|>>>
The chunk module is part of python3-audio. Add python3-audio
to RDEPENDS for python3-misc to fix the error.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
include ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'perf-perl.inc', '', d)}
1. "${...}" part expands into empty string
2. bb.utils.which() takes empty string and returns first directory name from bbpath
3. shutil.copy() fails on copying directory:
Exception: IsADirectoryError: [Errno 21] Is a directory: ......
Hence, check "incfile" variable on each step.
Signed-off-by: grygorii tertychnyi <gtertych@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Agner [Mon, 11 Nov 2019 13:36:26 +0000 (13:36 +0000)]
dbus: drop unused group netdev
The whole D-Bus source has no reference to the netdev group. It
seems that the netdev group is nowhere used. Early avahi package
versions used this group for the D-Bus specific rules. However,
today avahi uses --with-avahi-priv-access-group=adm and hence
uses the adm group for its D-Bus policy rules.
If a package is using the netdev group in its D-Bus policy rules,
that package should add the group instead.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 11 Nov 2019 13:20:42 +0000 (13:20 +0000)]
sqlite3: Drop pic as we no longer need the sqlite3 static lib
This was added in:
https://git.openembedded.org/openembedded-core/commit/?id=6a58e12d19c539deac9e90679a68438497a42fa4
but is no longer needed now pseudo doesn't use sqlite's static lib.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 8 Nov 2019 14:36:36 +0000 (14:36 +0000)]
pseudo: Drop static linking to sqlite3
Back in 2010[1] we made pseudo statically link against sqlite3. Since then
the world has changed, pseudo now has separate processes for the database
in the server and the client and they have separate linking commands.
Also, whilst there were concerns about needing specific versions of sqlite3,
in the OE environment, this is always the case.
The static sqlite3-native is causing us problems, in particular:
tmp/work/x86_64-linux/pseudo-native/1.9.0+gitAUTOINC+060058bb29-r0/recipe-sysroot-native/usr/lib/libsqlite3.a(sqlite3.o):(.data.rel+0xb0): undefined reference to `fcntl64'
which occurs if sqlite3-native was built on a machine with glibc 2.28 or later
and pseudo-native is being built on glibc before that. With dyanmical linking,
libc is backwards compatible and works but with static linking it does not.
There appears to be no easy way to avoid this other than adding a copy of
sqlite3 into the pseudo recipe. Given the static linking doesn't seem to
be required any longer due to the separate processes, drop that to fix
those issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jacob Kroon [Thu, 7 Nov 2019 15:35:15 +0000 (16:35 +0100)]
rm_work: Simplify logic for setscene promotion
* Instead of overwriting the stamp name with 'dummy', handle
setscene promotion in the default case block
* Merge '*do_image_complete_setscene*' and '*do_image_qa_setscene*'
case handling
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Replacing TUNE_FEATURES from aarch64 to armv8a will solve the above
build issue.
- Changed BASE_LIB to 'lib', as cortex-a32 is a 32bit ARMv8a architecture.
The sample machine config file (qemuarma32.conf) used to reproduce
the error looks like:
Mikko Rapeli [Thu, 7 Nov 2019 13:39:11 +0000 (15:39 +0200)]
harfbuzz: split libharfbuzz-subset.so to its own binary package
harfbuzz binary package size increased from 624608 bytes in yocto 2.5 to 1365431 bytes in yocto 3.0. Most of the size increase is in the new
libharfbuzz-subset.so* library
https://harfbuzz.github.io/utilities.html#utilities-command-line-hbsubset
Split it to its own binary package which will be installed if anyone needs it.
Effect to harfbuzz binary package size is:
Haris Okanovic [Thu, 7 Nov 2019 22:07:36 +0000 (16:07 -0600)]
meta/lib/oe/package_manager.py: Enable sha256 checksums in opkg indexer
Pass `--checksum md5` and `--checksum sha256` to opkg-make-index.
Sha256 checksum enables more reliable install-time validation of IPKs.
This is particularly useful when installing from signed feeds --
I.e. feeds using signed Packages index files that deliver otherwise
unsigned IPKs. Such feeds rely on hash validation of enclosed IPKs to
thwart tampering. After download, opkg verifies IPK's checksum against
the (signed) Packages index file. Weak hashes like md5 are prone to
collision and therefore tampering.
The md5 checksum is purely for backward compatibility. Sha256 validation
was recently added to opkg. Newer builds of opkg will use it. Older
builds still look for an md5 checksum. Md5 is deprecated and should be
removed once old build are phased out.
Testing: I ran `bitbake package-index` after building a few IPKs and
verified MD5Sum and SHA256sum attributes are present in Packages.
Using opkg-utils 0.4.0.
Performance Impact: It takes about 40 seconds to cleanly re-index 8000
IPKs on an Intel Xeon E5-1620 machine. This was previously about
20 seconds.
NOTE: It's recommended to delete all Packages* files after applying this
patch. Otherwise, some IPKs won't have sha256.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Haris Okanovic [Thu, 7 Nov 2019 22:04:21 +0000 (16:04 -0600)]
opkg: RDEPEND "gnupg-gpg" instead of "gnupg"
gnupg-gpg is a minimal installation of gnupg with enough functionality
to verify signatures and manage keys. Use this package instead of full
gnupg to slim down opkg installations with "--enable-gpg".
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Haris Okanovic [Thu, 7 Nov 2019 22:04:19 +0000 (16:04 -0600)]
gnupg: Split gpg and gpg-agent into a minimal gnupg-gpg package
Add minimal "gnupg-gpg" package containing just enough binaries to run
gpg and gpg-agent. Add dependency in normal "gnupg" package to preserve
old behavior.
Some applications like opkg don't need all functionality provided by
normal gnupg installations. This minimal package provides just enough
functionality to verify and manage keys in opkg, in order to minimize
disk overhead.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
André Draszik [Thu, 7 Nov 2019 15:36:39 +0000 (15:36 +0000)]
libevent: update packaging (one package per shared library)
libevent produces several libraries that might or might not
be used in the end. We can prevent those potentially unused
libraries from being pulled into a file-system by splitting
the individual shared libraries into individual packages.
Because this recipe only provides shared libraries which are
handled automatically by bitbake (shlibs), there is no need
to add the subpackages to the RDEPENDS of PN for backwards
compatibility. The packaging process of dependees will
simply pull in the sub-packages as runtime dependency as
needed.
This also how Debian splits this up.
While updating the packaging, we can also drop event_rpcgen.py
which appears to be a tool for generating rpc bindings, i.e.
something that should normally be in -dev. Given Debian
doesn't package this at all, and given it actually requires
python to run but no runtime dependency is stated at the
moment, it would appear that no users of this exist.
Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Haris Okanovic [Thu, 7 Nov 2019 19:24:54 +0000 (13:24 -0600)]
initscripts/sysfs.sh: Mount /sys/firmware/efi/efivars when possible
Without this change, efibootmgr is unable to recover BootOrder if lost
during a previous write operation, e.g. exceeded storage capacity. This
is problematic using EFI to manage boot flow from Linux (E.g. via RAUC).
Zhixiong Chi [Thu, 7 Nov 2019 03:30:29 +0000 (19:30 -0800)]
libtirpc: create the symbol link for rpc header files
Since the Sun RPC is deprecated in glibc, the rpc header files
are not provided any more, but it allows alternative RPC
implementations, such as TIRPC or rpcsvc-proto, to be used.
So we create the symbol link for rpc header files for tirpc to
be more compatible with the glibc version and the application usage.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andreas Müller [Thu, 7 Nov 2019 00:11:49 +0000 (01:11 +0100)]
webkitgtk: upgrade 2.26.1 -> 2.26.2
>From announcement:
What's new in the WebKitGTK 2.26.2 release?
===========================================
- Improve performance of querying system fallback fonts.
- Don't use prgname in dbus-proxy socket path.
- Fix thread-safety issues in image decoders.
- Fix the build with WebDriver disabled.
- Disable accelerated compositing when we fail to initialize the EGL dispaly under Wayland.
- Fill the objects category in emoji picker.
- Fix several crashes and rendering issues.
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 6 Nov 2019 13:20:01 +0000 (13:20 +0000)]
pseudo: Add statx support to fix fedora30 issues
Modern distros (e.g. fedora30) are starting to use the new statx() syscall through
the newly exposed glibc wrapper function in software like coreutils (e.g. the ls
command). Add support to intercept this to pseudo.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Thu, 24 Oct 2019 18:07:19 +0000 (13:07 -0500)]
oeqa: reproducible: Add option to capture bad packages
Adds an option that can be used to copy the offending packages to a temp
directory for later evaluation. This is useful on the Autobuilder to
investigate failures.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 3 Jul 2019 09:41:57 +0000 (10:41 +0100)]
dhcp/ruby/ffpmeg: Use CFLAGS, not TARGET_CFLAGS
There isn't anything specific about the target in these cases an in
general recipes should touch CFLAGS. This ensures people don't
copy/paste bad example usages. In reality, behaviour is mostly
unchanged.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 27 Oct 2019 10:59:03 +0000 (10:59 +0000)]
selftest/signing: Fix test_locked_signatures to use a temporary layer
Tests shouldn't be writing to layers during tests as this could corrupt
other tests running in parallel.
Modify the test to write the bbappend to a separate temporary layer
which is added and removed by the test. This avoids race failures
on the autobuilder.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 4 Nov 2019 17:28:58 +0000 (17:28 +0000)]
sstate: Add ability to hide summary output for sstate
Its confusing to keep seeing sstate summary messages when hash equivalency is
active. This adds an option to control it. A default value is given which
maintains compatibility with different bitbake versions.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 4 Nov 2019 14:26:53 +0000 (14:26 +0000)]
procps: whitelist CVE-2018-1121
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andreas Müller [Fri, 1 Nov 2019 23:08:59 +0000 (00:08 +0100)]
vte: upgrade 0.56.3 -> 0.58.2
* they moved to meson build
* all autotools specific patches must go
* although not inheriting gettext dependency on intltool-native can go
* tested with all variants of PACKAGECONFIG
* need it for gnome-terminal 3.34
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The change in 5cea0448c5c75b9defc5fc2582e9b0c14e26a4e9 cases the
following to be printed during boot:
/etc/rcS.d/S00psplash.sh: line 28: [: -q: binary operator expected
and the volume is thus never mounted, neither when invoked during
boot nor shutdown/reboot.
Signed-off-by: Torbjörn Svensson <azoff@svenskalinuxforeningen.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 4 Nov 2019 12:14:57 +0000 (12:14 +0000)]
file: run test suite when building natively
As we apply the same patches to native and target builds of file, we can verify
that the patches are not breaking by executing the test suite during the build
of file-native.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
- Fix issue with handling CID 0 context identifier
- Fix issue with handling detach state and running LTE
- Fix issue with handling SIM states and Quectel modems
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Changelog:
- Fix issue with memory leak and TLS certificates
- Fix issue with buffer size and TLS PRF handling
- Add support for D-Bus non-root ObjectManager
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Trevor Gamblin [Tue, 29 Oct 2019 19:29:47 +0000 (12:29 -0700)]
libgcrypt: upgrade 1.8.4 -> 1.8.5
Upgrade libgcrypt. Upstream repo now has a pkg-config
feature. The new patch for compatibility with oe-core
is a replacement for a patch that added pkg-config as
a feature when upstream did not have it.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
gstreamer: Change SRC_URI to use HTTPS access instead of HTTP
Some GStreamer recipes like gstreamer1.0-vaapi already use HTTPS instead
of http. Also, access to http:// is simply redirected by the freedesktop
server to https://, and using HTTPS is anyway generally recommended over
plain HTTP for security reasons. So, normalize the URLs to use HTTPS only.
Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
