Ross Burton [Sun, 8 Dec 2019 18:35:51 +0000 (20:35 +0200)]
cve-update-db-native: don't refresh more than once an hour
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.
Ross Burton [Sun, 8 Dec 2019 18:35:48 +0000 (20:35 +0200)]
cve-check: ensure all known CVEs are in the report
CVEs that are whitelisted or were not vulnerable when there are version
comparisons were not included in the report, so alter the logic to ensure that
all relevant CVEs are in the report for completeness.
sdk: Install nativesdk locales for all TCLIBC variants
install_locales() here is actually operating on nativesdk and only glibc
is the default library for nativesdk, since thats what most of
desktop/server distros use, therefore bailing out based on TCLIBC is not
needed here, since nativesdk-glibc would be required for all non-glibc
targetting SDKs as well.
Fixes SDK install time error
ERROR: OE-core's config sanity checker detected a potential misconfiguration.
Either fix the cause of this error or at your own risk disable the checker (see sanity.conf).
Following is the list of potential problems / advisories:
Your system needs to support the en_US.UTF-8 locale.
ERROR: SDK preparation failed
Ross Burton [Tue, 5 Nov 2019 21:44:48 +0000 (23:44 +0200)]
procps: whitelist CVE-2018-1121
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is the second last release of py 2.x; upstream support ends on
1 January 2020, there will be one final 2.x afterwards.
Note that the only thing that still needs python 2.x in oe-core is
u-boot; when the next u-boot update arrives, we should find out
where the py3 migration is for that component before merging the
update.
Kai Kang [Fri, 22 Nov 2019 02:04:26 +0000 (10:04 +0800)]
bind: fix CVE-2019-6471 and CVE-2018-5743
Backport patches to fix CVE-2019-6471 and CVE-2018-5743 for bind.
CVE-2019-6471 is fixed by 0001-bind-fix-CVE-2019-6471.patch and the
other 6 patches are for CVE-2018-5743. And backport one more patch to
fix compile error on arm caused by these 6 commits.
Richard Purdie [Wed, 6 Nov 2019 13:20:01 +0000 (13:20 +0000)]
pseudo: Add statx support to fix fedora30 issues
Modern distros (e.g. fedora30) are starting to use the new statx() syscall through
the newly exposed glibc wrapper function in software like coreutils (e.g. the ls
command). Add support to intercept this to pseudo.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for warrior context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Fri, 8 Nov 2019 14:36:36 +0000 (14:36 +0000)]
pseudo: Drop static linking to sqlite3
Back in 2010[1] we made pseudo statically link against sqlite3. Since then
the world has changed, pseudo now has separate processes for the database
in the server and the client and they have separate linking commands.
Also, whilst there were concerns about needing specific versions of sqlite3,
in the OE environment, this is always the case.
The static sqlite3-native is causing us problems, in particular:
tmp/work/x86_64-linux/pseudo-native/1.9.0+gitAUTOINC+060058bb29-r0/recipe-sysroot-native/usr/lib/libsqlite3.a(sqlite3.o):(.data.rel+0xb0): undefined reference to `fcntl64'
which occurs if sqlite3-native was built on a machine with glibc 2.28 or later
and pseudo-native is being built on glibc before that. With dyanmical linking,
libc is backwards compatible and works but with static linking it does not.
There appears to be no easy way to avoid this other than adding a copy of
sqlite3 into the pseudo recipe. Given the static linking doesn't seem to
be required any longer due to the separate processes, drop that to fix
those issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Jason Wessel [Mon, 5 Aug 2019 16:32:37 +0000 (09:32 -0700)]
pseudo: Fix openat() with a symlink pointing to a directory
While working with ostree disk generation in conjunction with wic, I
found a problem with pseudo where it tried to resolve a symlink when
it shouldn't, based on openat() flags. A C program has been
constructed to test pseudo to show that it is working properly with
the correct behavior around openat().
int target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK |
O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
if (target_dfd == -1) {
printf("Test 1 good\n");
} else {
printf("Test 1 failed\n");
close(target_dfd);
}
target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK |
O_DIRECTORY | O_CLOEXEC);
if (target_dfd == -1) {
printf("Test 2 failed\n");
} else {
printf("Test 2 good\n");
close(target_dfd);
}
/* Test 3 make sure the owner of the link is root */
struct stat sbuf;
if (!lstat("tlink", &sbuf) && sbuf.st_uid == 0) {
printf("Test 3 good\n");
} else {
printf("Test 3 failed\n");
}
/* Test 4 tests open with the "rb" flag, owner should not change */
int ofd = openat(dfd,"./tlink", O_RDONLY|O_CLOEXEC);
if (ofd >= 0) {
if (fstat(ofd, &sbuf) != 0)
printf("ERROR in fstat test 4\n");
else if (sbuf.st_uid == 0)
printf("Test 4 good\n");
close(ofd);
} else {
printf("Test 4 failed with openat()\n");
}
/* Test pseudo db to see the fstat() above did not delete the DB entry */
if (!lstat("tlink", &sbuf) && sbuf.st_uid == 0)
printf("Test 5 good\n");
else
printf("Test 5 failed... tlink is owned by %i and not 0\n", sbuf.st_uid);
return 0;
}
Mingli Yu [Mon, 5 Aug 2019 09:38:18 +0000 (02:38 -0700)]
python3: fix the test_locale output format
Before this patch:
# python3 -m test -v test_locale
[snip]
test_getsetlocale_issue1813 (test.test_locale.TestMiscellaneous) ... testing with ('tr_TR', 'ISO8859-9') ok
[snip]
After this patch:
# python3 -m test -v test_locale
[snip]
test_getsetlocale_issue1813 (test.test_locale.TestMiscellaneous) ... testing with ('tr_TR', 'ISO8859-9')... ok
[snip]
Make the test ended with "... ok" is common in python
unittest world, we should make it keep consistent
with other test cases in case it may be ignored to
record in the report if we use the common filter
"... ok".
Joshua Watt [Fri, 21 Jun 2019 13:35:54 +0000 (08:35 -0500)]
python3: Reformat sysconfig
Reformats the sysconfig file when packaging. This file is output by
using the python pprint function. This function will wrap long lines at
80 characters by default, and will even split strings at whitespace
boundaries to do so, e.g.:
'A': 'B is really'
' long'
This causes a problem for reproducibility however because there might be
lines of differing lengths depending on the build path. These
non-reproducible paths are removed, but their effect on string wrapping
from pprint remains.
To correct this, reformat the entire sysconfig file by re-printing using
pprint with an (effectively) unlimited line length.
When building x86->x86 the system will try to execute .so and related items
from the default PYTHONPATH. This will fail if the target CPU contains
instructions that the host CPU does not have, add CROSSPYTHONPATH
into PYTHONPATH so we can prepend the list to find correct libs.
Changqing Li [Wed, 8 May 2019 10:05:27 +0000 (18:05 +0800)]
python3: fix do_install fail for parallel buiild
When using make -j with the 'install' target, it's possible for altbininstall
(which normally creates BINDIR) and libainstall (which doesn't, though it
installs python-config there) to race, resulting in a failure due to
attempting to install python-config into a nonexistent BINDIR. Ensure it also
exists in the libainstall target.
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
lib/oe/lsb: Make sure the distro ID is always lowercased
In commit 8689e561 (lib/oe/lsb: attempt to ensure consistent distro id
regardless of source), the distro ID returned by
oe.lsb.distro_identifier() was lowercased, but only if a release
version is also present.
This changes the code to always lowercase the distro ID, including the
default distro ID "unknown", which is used if no other ID can be
identified.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Niclas Svensson [Tue, 5 Nov 2019 22:08:37 +0000 (23:08 +0100)]
devtool: finish: Keep patches ordered when updating bbappend
The _get_patchset_revs() function returns the patches in an
OrderedDict to keep them ordered. However, this information was lost
when the patches were added to the bbappend file.
Signed-off-by: Niclas Svensson <niclas.svensson@axis.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
tzdata: Correct the packaging of /etc/localtime and /etc/timezone
During restructuring of the packaging in 2af4d6eb (tzdata: Install
everything by default), these two files remained in the tzdata
package, which is supposed to be empty. Move them to tzdata-core where
they belong.
Also simplify the definition of CONFFILES_tzdata-core. As its value
only takes effect for files that actually exist, there is no need to
complicate its definition by checking if a file is created before
adding it to the list of configuration files.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
devtool: Avoid failure for recipes with S == WORKDIR and no local files
When extracting the sources for a recipe that has S == WORKDIR and no
local files in the SRC_URI (which, e.g., can happen for a recipe with
a URI that has the unpack=false attribute), the extraction fails with
the following backtrace:
Traceback (most recent call last):
File ".../scripts/devtool", line 344, in <module>
ret = main()
File ".../scripts/devtool", line 331, in main
ret = args.func(args, config, basepath, workspace)
File ".../poky/scripts/lib/devtool/standard.py", line 762, in
modify
initial_rev, _ = _extract_source(srctree, args.keep_temp,
args.branch, False, config, basepath, workspace,
args.fixed_setup, rd, tinfoil, no_overrides=args.no_overrides)
File ".../poky/scripts/lib/devtool/standard.py", line 647, in
_extract_source
bb.process.run('git %s commit -a -m "Committing local file
symlinks\n\n%s"' % (' '.join(useroptions),
oe.patch.GitApplyTree.ignore_commit_prefix), cwd=srctree)
File ".../poky/bitbake/lib/bb/process.py", line 178, in run
raise ExecutionError(cmd, pipe.returncode, stdout, stderr)
bb.process.ExecutionError: Execution of 'git commit -a -m
"Committing local file symlinks
%% ignore"' failed with exit code 1:
On branch devtool
nothing to commit, working tree clean
This is because no files were found in the oe-local-files directory
and consequently no symbolic links were added using `git add`, but the
`git commit` command was still executed.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
The options in ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS} are already passed
via ${CC}/${CXX} and there is no reason to pass them a second time. Thus
we can remove MESON_TOOLCHAIN_ARGS. And when it is removed, the other
MESON_*_ARGS variables revert to the standard CFLAGS, CXXFLAGS and
LDFLAGS, so just use them directly instead.
Apart from the obvious improvement with not passing a lot of options
twice, this also solves a problem where -pie would be passed on the
command line in a way that it would prevent building any dynamic
libraries using meson if using a toolchain that is not built with
--enable-default-pie and if security_flags.inc is used.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changqing Li [Tue, 29 Oct 2019 09:47:30 +0000 (10:47 +0100)]
sudo: fix CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308) Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit b1e0149c41e3c344a0496e64ab3b0c9dd4685ea4) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Tue, 29 Oct 2019 09:47:29 +0000 (10:47 +0100)]
libgcrypt: fix CVE-2019-12904
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.)
Yi Zhao [Tue, 29 Oct 2019 09:47:25 +0000 (10:47 +0100)]
python: add tk-lib as runtime dependency for python-tkinter
Fixes:
ERROR: python-2.7.16-r0 do_package_qa: QA Issue:
/usr/lib/python2.7/lib-dynload/_tkinter.so contained in package
python-tkinter requires libtk8.6.so, but no providers found in
RDEPENDS_python-tkinter? [file-rdeps]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit f78248a2380bbbbf271b5bb02c762f5bc7a3a92e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Tue, 29 Oct 2019 09:47:21 +0000 (10:47 +0100)]
linux-yocto/4.19: make drm-bochs feature available
The other active kernel versions have this feature available. To
consistently enable the same video output for qemu, we can cherry
pick the feature to 4.19.
Bruce Ashfield [Tue, 29 Oct 2019 09:47:19 +0000 (10:47 +0100)]
linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
>From the kernel patch:
[
It was observed that the kernel embeds the path in the x86 boot
artifacts.
From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458:
[
If you turn on the buildpaths QA test, or try a reproducible build, you
discover that the kernel image contains build paths.
$ strings bzImage-5.0.19-yocto-standard |grep tmp/
out of pgt_buf in
/data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!?
So the __FILE__ shouldn't be using the full path. However
arch/x86/boot/compressed/Makefile has this:
KBUILD_CFLAGS := -m$(BITS) -O2
So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option.
]
Other architectures do not clear the flags, but instead prune before
adding boot or specific options. There's no obvious reason why x86 isn't
doing the same thing (pruning vs clearing) and no build or boot issues
have been observed.
So we make x86 can do the same thing, and we no longer have embedded paths.
]
This issue has been reported upstream, and a patch submission is
pending, but for now, we'll soak the proposed patch in linux-yocto to
see if any issues are found
Bruce Ashfield [Tue, 29 Oct 2019 09:47:18 +0000 (10:47 +0100)]
linux-yocto: bsp/beaglebone: support qemu -machine virt
While we don't normally do a dual h/w and virt BSP (since they
tend to have conflicting requirements over time). A minimal overhead
option to do this was submitted to linux-yocto. Since it has no
impact on the h/w reference, has SDK testing value and can serve
as a template on how to do this for other arm boards, it is worth
making the configuration available.
The original commit log follows:
[
If the kernel supports Qemu's virt machine, runqemu works almost for free.
The device tree for machine virt is included in Qemu, which simplifies
everything quite a bit.
This change adds ARCH_VIRT=y and some drivers to the beaglebone kernel
configuration which allows to:
This also works out of an eSDK. Whithout this feature usually two
different SDKs need to be compiled and maintained. One SDK is used for development
in Qemu, another one is used to develop for the real target hardware.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
]
Bruce Ashfield [Tue, 29 Oct 2019 09:47:17 +0000 (10:47 +0100)]
linux-yocto/5.0: make scsi-debug include scsi core configs
Updating the scsi-debug fragment to include the core scsi config
options. This allows standalone use of the fragment, since all
supporting options will be enabled simply by including the top
level config in a BSP.
This also removes a configuration warning on qemuarm, since we
will no longer have missing / unavailable options during the
config audit.
Bruce Ashfield [Tue, 29 Oct 2019 09:47:16 +0000 (10:47 +0100)]
linux-yocto/5.0: bsp: add basic xilinx zynqmp support
Zumeng Chen has added core/basic support for the zynqmp that is bootable
using the 5.0 and 5.2-rcX kernels. This makes the fragments available
for future refinement and factoring. A bootlog follows:
Filename 'Image'.
Load address: 0x10000000
Loading:
###########
11.3 MiB/s
done
Bytes transferred = 16378368 (f9ea00 hex)
Using ethernet@ff0e0000 device
TFTP from server 128.224.162.211; our IP address is 128.224.162.99
Filename 'dtb'.
Load address: 0x11800000
Loading: ##
4.7 MiB/s
done
Bytes transferred = 19746 (4d22 hex)
Booting using the fdt blob at 0x11800000
Loading Device Tree to 0000000007ff8000, end 0000000007fffd21 ... OK
clk: Not disabling unused clocks
md: Waiting for all devices to be available before autodetect
md: If you don't use raid, use raid=noautodetect
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode. Opts:
(null)
VFS: Mounted root (ext4 filesystem) on device 179:3.
devtmpfs: mounted
Freeing unused kernel memory: 1216K
Run /sbin/init as init process
random: fast init done
systemd[1]: systemd 242-19-gdb2e367+ running in system mode. (+PAM
-AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP
-GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN
-)
systemd[1]: Detected architecture arm64.
Welcome to Wind River Linux development 19.23 Update 0!
systemd[1]: Set hostname to <xilinx-zynqmp>.
random: systemd: uninitialized urandom read (16 bytes read)
systemd[1]: Initializing machine ID from random generator.
systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument
systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= references
a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket �→ /run/dbus/system_bus_socket; please
update the unit f.
systemd[1]: /lib/systemd/system/rpcbind.socket:4: ListenStream=
references a path below legacy directory /var/run/, updating
/var/run/rpcbind.sock �→ /run/rpcbind.sock; please update the unit file
accordingly.
random: systemd: uninitialized urandom read (16 bytes read)
systemd[1]: Listening on Journal Socket (/dev/log).
[ OK ] Listening on Journal Socket (/dev/log).
random: systemd: uninitialized urandom read (16 bytes read)
systemd[1]: Listening on Syslog Socket.
[ OK ] Listening on Syslog Socket.
systemd[1]: Listening on udev Kernel Socket.
[ OK ] Listening on udev Kernel Socket.
[ OK ] Listening on udev Control Socket.
[ OK ] Created slice User and Session Slice.
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Reached target Swap.
[ OK ] Created slice system-serial\x2dgetty.slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Journal Socket.
Starting udev Coldplug all Devices...
Mounting POSIX Message Queue File System...
Mounting Temporary Directory (/tmp)...
Starting Journal Service...
Starting Remount Root and Kernel File Systems...
Mounting Kernel Debug File System...
EXT4-fs (mmcblk0p3): re-mounted. Opts: (null)
Starting Create list of re�…odes for the current kernel...
[ OK ] Started Forward Password R�…uests to Wall Directory Watch.
[ OK ] Reached target Remote File Systems.
[ OK ] Listening on Network Service Netlink Socket.
Starting Apply Kernel Variables...
[ OK ] Started Dispatch Password �…ts to Console Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Created slice system-getty.slice.
Mounting Huge Pages File System...
[ OK ] Started Journal Service.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Mounted Temporary Directory (/tmp).
[ OK ] Started Remount Root and Kernel File Systems.
[ OK ] Mounted Kernel Debug File System.
[ OK ] Started Create list of req�… nodes for the current kernel.
[ OK ] Started Apply Kernel Variables.
[ OK ] Mounted Huge Pages File System.
Starting Create System Users...
Starting Rebuild Hardware Database...
Starting Flush Journal to Persistent Storage...
[ OK ] Started udev Coldplug all Devices.
systemd-journald[148]: Received request to flush runtime journal from
PID 1
[ OK ] Started Flush Journal to Persistent Storage.
[ OK ] Started Create System Users.
Starting Create Static Device Nodes in /dev...
[ OK ] Started Create Static Device Nodes in /dev.
[ OK ] Reached target Local File Systems (Pre).
Mounting /var/volatile...
[ OK ] Mounted /var/volatile.
[ OK ] Reached target Local File Systems.
Starting Create Volatile Files and Directories...
Starting Load/Save Random Seed...
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Create Volatile Files and Directories.
Starting Network Time Synchronization...
Starting Rebuild Journal Catalog...
Starting Update UTMP about System Boot/Shutdown...
Starting Run pending postinsts...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Started Network Time Synchronization.
[ OK ] Reached target System Time Set.
[ OK ] Reached target System Time Synchronized.
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started Run pending postinsts.
[ OK ] Started Rebuild Hardware Database.
Starting udev Kernel Device Manager...
Starting Update is Completed...
[ OK ] Started Update is Completed.
[ OK ] Started udev Kernel Device Manager.
[ OK ] Reached target System Initialization.
Starting Console System Startup Logging...
[ OK ] Listening on RPCbind Server Activation Socket.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Listening on dropbear.socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Started System Logging Service.
[ OK ] Started Dynamic Host Configuration Protocol (DHCP).
[ OK ] Started Kernel Logging Service.
Starting Login Service...
[ OK ] Started D-Bus System Message Bus.
[ OK ] Started Xserver startup without a display manager.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
Starting Telephony service...
Starting Network Service...
[ OK ] Started Console System Startup Logging.
[ OK ] Found device /dev/ttyPS0.
[ OK ] Listening on Load/Save RF �…itch Status /dev/rfkill Watch.
[ OK ] Started Network Service.
Starting Network Name Resolution...
[ OK ] Started Login Service.
[ OK ] Started Network Name Resolution.
[ OK ] Started Telephony service.
[ OK ] Reached target Network.
Starting Berkeley Internet Name Domain (DNS)...
Starting /etc/rc.local Compatibility...
Starting Permit User Sessions...
Starting Avahi mDNS/DNS-SD Stack...
[ OK ] Started /etc/rc.local Compatibility.
[ OK ] Started Permit User Sessions.
[ OK ] Started Getty on tty1.
[ OK ] Started Serial Getty on ttyPS0.
[ OK ] Started Avahi mDNS/DNS-SD Stack.
[ OK ] Started Berkeley Internet Name Domain (DNS).
[ OK ] Reached target Host and Network Name Lookups.
Wind River Linux development 19.23 Update 0 xilinx-zynqmp ttyPS0
xilinx-zynqmp login: root
root@xilinx-zynqmp:~# uname 0a
uname: extra operand '0a'
Try 'uname --help' for more information.
root@xilinx-zynqmp:~# uname -a
Linux xilinx-zynqmp 5.2.0-rc3-yoctodev-standard #1 SMP PREEMPT Thu Jun 6
00:53:26 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux
kernel.bbclass: fix installation of modules signing certificates
If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
File "/workdir/build/tmp/work/dbfp4-poky-linux/qv4l2/1.17.0+gitAUTOINC+95f39aae48-r0/recipe-sysroot-native/usr/lib/python3.7/site-packages/mesonbuild/dependencies/base.py", line 574, in _call_pkgbin
cache[(self.pkgbin, targs, fenv)] = self._call_pkgbin_real(args, env, use_native)
File "/workdir/build/tmp/work/dbfp4-poky-linux/qv4l2/1.17.0+gitAUTOINC+95f39aae48-r0/recipe-sysroot-native/usr/lib/python3.7/site-packages/mesonbuild/dependencies/base.py", line 556, in _call_pkgbin_real
cmd = self.pkgbin.get_command() + "-native" + args
TypeError: can only concatenate list (not "str") to list
Armin Kuster [Sun, 6 Oct 2019 04:30:56 +0000 (21:30 -0700)]
qemu: fix build issue on new hosts with glibc 2.30
This fixes the following error:
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:254:16: error: static declaration of ‘gettid’ follows non-static declaration
254 | _syscall0(int, gettid)
| ^~~~~~
TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:185:13: note: in definition of macro ‘_syscall0’
185 | static type name (void) \
| ^~~~
In file included from /usr/include/unistd.h:1170,
from TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/include/qemu/osdep.h:90,
from TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:20:
/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here
34 | extern __pid_t gettid (void) __THROW;
| ^~~~~~
Jan Klare [Tue, 27 Aug 2019 14:52:04 +0000 (16:52 +0200)]
systemd: update SRCREV for systemd v241-stable
Currently systemd 241 does break for kernels 5.2+ with the error described here:
* https://github.com/systemd/systemd/issues/12784
The issue has been fixed in master and will be fixed in the release 243. The
necessary patches have been backported to systemd/systemd-stable in the branch
v241-stable, but currently in warrior an old version of that branch is pulled
in.
This patch updates the SRCREV to the latest commit from that branch and
therefore pulls in the needed fix to run systemd 241 on 5.2+ kernels.
Signed-off-by: Jan Klare <jan.klare@bisdn.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Adrian Bunk [Sun, 29 Sep 2019 20:44:53 +0000 (23:44 +0300)]
json-c: Don't --enable-rdrand
In recent years AMD CPUs have had various problems with RDRAND
giving either non-random data or no result at all, which is
problematic if either build or target machine has a CPU with
this problem.
The fallback is /dev/urandom, and I'd trust the kernel here.
--enable-rdrand was added in an upgrade to a new upstream
version without mentioning any reason.
[YOCTO #13534]
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Tue, 1 Oct 2019 00:56:00 +0000 (17:56 -0700)]
runqemu: Add support for kvm on aarch64
The main issue is to make the x86 checks apply to x86 targets only. We may
end up with better checks on other architectures but this adapts the code to
allow for that and its still controlled by whether QB_CPU_KVM is set.
The code needed minor refactoring so the qemu-system-XXX name is set
earlier so the kvm code can use it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 1 Oct 2019 00:55:59 +0000 (17:55 -0700)]
qemuarm64: Add QB_CPU_KVM to allow kvm acceleration
This allows kvm acceleration on arm systems that support it. "host" is the
best option I can find right now to attempt to use the acceleration. It
potentially might not be correct but arm systems are sensitive to the
correct values and I don't want to encode the autobuilders CPU type here.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f13788541f64774a586971ed57699e4397b38b32) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 25 Sep 2019 11:11:02 +0000 (12:11 +0100)]
cve-check: backport rewrite from master
As detailed at [1] the XML feeds provided by NIST are being discontinued on
October 9th 2019. As cve-check-tool uses these feeds, cve-check.bbclass will be
inoperable after this date.
To ensure that cve-check continues working, backport the following commits from
master to move away from the unmaintained cve-check-tool to our own Python code
that fetches the JSON:
546d14135c5 cve-update-db: New recipe to update CVE database bc144b028f6 cve-check: Remove dependency to cve-check-tool-native 7f62a20b32a cve-check: Manage CVE_PRODUCT with more than one name 3bf63bc6084 cve-check: Consider CVE that affects versions with less than operator c0eabd30d7b cve-update-db: Use std library instead of urllib3 27eb839ee65 cve-check: be idiomatic 09be21f4d17 cve-update-db: Manage proxy if needed. 975793e3825 cve-update-db: do_populate_cve_db depends on do_fetch 0325dd72714 cve-update-db: Catch request.urlopen errors. 4078da92b49 cve-check: Depends on cve-update-db-native f7676e9a38d cve-update-db: Use NVD CPE data to populate PRODUCTS table bc0195be1b1 cve-check: Update unpatched CVE matching c807c2a6409 cve-update-db-native: Skip recipe when cve-check class is not loaded. 07bb8b25e17 cve-check: remove redundant readline CVE whitelisting 5388ed6d137 cve-check-tool: remove 270ac00cb43 cve-check.bbclass: initialize to_append e6bf9000987 cve-check: allow comparison of Vendor as well as Product 91770338f76 cve-update-db-native: use SQL placeholders instead of format strings 7069302a4cc cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST 78de2cb39d7 cve-update-db-native: Remove hash column from database. 4b301030cf9 cve-update-db-native: use os.path.join instead of + f0d822fad2a cve-update-db: actually inherit native b309840b6aa cve-update-db-native: use executemany() to optimise CPE insertion bb4e53af33d cve-update-db-native: improve metadata parsing 94227459792 cve-update-db-native: clean up JSON fetching 95438d52b73 cve-update-db-native: fix https proxy issues 1f9a963b9ff glibc: exclude child recipes from CVE scanning
Bedel, Alban [Wed, 31 Jul 2019 13:53:45 +0000 (13:53 +0000)]
kernel-uboot: compress arm64 kernels
AArch64 images are not self-decompressing, thus usually much larger.
Boot times can be reduced by compressing them in FIT and uImages.
This commit is a backport of commit a725d188b5 (kernel-uboot: compress
arm64 kernels) and commit 60bc7e180e (kernel-uboot: remove useless
special casing of arm64 Image) from master. Both commit were melted
into one to avoid some useless churn.
Signed-off-by: Alban Bedel <alban.bedel@aerq.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Will Page [Thu, 12 Sep 2019 15:02:15 +0000 (15:02 +0000)]
uboot: fixes to uboot-extlinux-config attribute values
The way this class uses overrides to support generation of multiple
sections is subject to two different issues: 1) labels that conflict
with existing override names causing the value for the conflicting label
to be set for all labels, and 2) reusing the override list through each
iteration, prepending each new label to the list of overrides makes
earlier labels' value take precedence over later labels, making later
labels virtually impossible to customize.
The first issue is resolved by removing all label names from overrides
before iterating over labels. The second issue is resolved by
generating a fresh list of overrides with only the current label added.
The current label is also appended to the list of overrides instead of
prepended, which makes it the highest priority override. This is
matches the behavior of devtool-source.bbclass, which similarly
monkey-patches overrides.
Richard Purdie [Fri, 31 May 2019 07:54:00 +0000 (08:54 +0100)]
useradd: Fix build architecture corruption of sstate artefacts
When mixing aarch64 and x86_64 host builds with common sstate, useradd failures
were found. This was due to references to:
/home/pokybuild/yocto-worker/qemuarm/build/build/tmp/sysroots-components/aarch64/pseudo-native/usr/bin/pseudo
or
/home/pokybuild/yocto-worker/qemuarm/build/build/tmp/sysroots-components/x86_64/pseudo-native/usr/bin/pseudo
on the wrong architecture within the useradd postinst files.
Instead of using COMPONENTS_DIR as the FIXME, use PSEUDO_SYSROOT which contains
the arch component as well to avoid this.
Add extra comments to cause the relavent sstate to be rebuilt.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0384622f72a6c0bd8225cf06f692340fdef67d4a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
$ bitbake core-image-minimal
update-alternatives: libtool has multiple providers with the same priority,
please check
/path/to/rootfs/usr/lib/opkg/alternatives/libtool for details
Both libtool and lib32-libtool have the same priority (as they're the same
recipe), so update-alternatives won't deterministically pick a provider. This
means you could end up with an image using a 32-bit pkgconfig and 64-bit
libtool, for example.
Make extended recipes reduce priority by 1 (or 2, 3 ... when there are multiple
variants in MULTILIB_VARIANTS) to fix the problem.
[YOCTO #13418]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Adrian Bunk [Mon, 9 Sep 2019 10:25:19 +0000 (13:25 +0300)]
libxcrypt: Fix the build with -Os
| In file included from ../git/lib/alg-des.c:66:
| ../git/lib/alg-des.c: In function '_crypt_des_set_key':
| ../git/lib/byteorder.h:24:1: error: inlining failed in call to 'be32_to_cpu': call is unlikely and code size would grow [-Werror=inline]
| be32_to_cpu (const unsigned char *buf)
| ^~~~~~~~~~~
| ../git/lib/alg-des.c:81:13: note: called from here
| rawkey1 = be32_to_cpu (&key[4]);
| ^~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bruce Ashfield [Wed, 14 Aug 2019 15:31:29 +0000 (11:31 -0400)]
kernel-devsrc: tweak for v5.3+
The 5.3 kernel has two changes that require tweaks to the minimal
kernel-devsrc package.
- 4ce97317f [x86/purgatory: Do not use __builtin_memcpy and __builtin_memset]
This change removes the need for arch/x86/purgatory/string.c and
instead reuses a copy in arch/x86/boot/compressed/, so we can't copy
the file anymore. To support older kernels, we make the copy survive
the non-existence of the file.
- b1663d7e [docs: Kbuild/Makefile: allow check for missing docs at build time]
This change adds the sourceing of Documentation/Kbuild to the top
level Kbuild file. So we now leave the copy of Documention/'s Kbuild
in the devsrc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
u-boot.bin with dtb & signature should be placed in ${B} so that
it can be deployed by u-boot as expected. Otherwise, the version
without signature is installed.
Signed-off-by: Jun Nie <jun.nie@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
When using sstate, or performing an incremental build any change to
the do_stash_locale() will cause a build failure because
do_stash_locale() was destroying the results obtained from the
do_install() with several mv operations. A recent change to
do_stash_locale() for a different problem illustrated a number of
build failures for users in the community.
To fix the problem, do_stash_locale() must use copy operations instead
of the mv operations. Because this is changed to a copy, the sysroot
and package stage need to remove the files that would have been
previously removed. The correct "fixup" code to deal with the removal
already existed in the previous do_poststash_install_cleanup(). All
that needed change was the path to where to remove the files
from the sysroot and package stages.
In order to force a re-compilation of glibc some unused white space
was removed from do_compile() for glibc. I could not find any other
way around this and we don't want to have all the community folks to
have another iteration where they have to remove their tmp directories
or purge some portion of the sstate. It also makes this change
bisectable. If the change to the glibc is not included, it will fail
with the following message:
=====
| DEBUG: Executing shell function do_prep_locale_tree
| tar: i18n: Cannot stat: No such file or directory
| tar: Exiting with failure status due to previous errors
| gzip: /poky/build/tmp/work/core2-64-poky-linux/glibc-locale/2.29-r0/locale-tree//usr/share/i18n/charmaps/*gz.gz: No such file or directory
=====
After this one time change I tested changing only the
do_stash_locale() function and it now works well because it is
deterministically operating off the sstate data or a local build.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Jason Wessel [Tue, 2 Jul 2019 20:16:09 +0000 (13:16 -0700)]
glibc/glibc-locale: Fix do_stash_locale to work with usrmerge and multilibs
The do_stash_locale was not working consistently across the 4 build
configurations and the multilib, usrmerge configuration would fail
entirely with the obscure message:
| DEBUG: Executing shell function do_prep_locale_tree
| tar: i18n: Cannot stat: No such file or directory
| tar: Exiting with failure status due to previous errors
| gzip: /poky/build/tmp/work/core2-64-poky-linux/glibc-locale/2.29-r0/locale-tree//usr/share/i18n/charmaps/*gz.gz: No such file or directory
| WARNING: /poky/build/tmp/work/core2-64-poky-linux/glibc-locale/2.29-r0/temp/run.do_prep_locale_tree.124690:1 exit 1 from 'gunzip $i'
Here is the 4 build configurations without the patch applied:
A) x86-64 no multilibs, no usrmerge
find ./tmp/work/*/glibc/2.29-r0/stashed-locale -type f |grep -v nscd.service |wc -l
909
B) x86-64 no multilibs, usrmerge
find ./tmp/work/*/glibc/2.29-r0/stashed-locale -type f |grep -v nscd.service |wc -l
909
C) x86-64 multilibs, no usrmerge
find ./tmp/work/*/glibc/2.29-r0/stashed-locale -type f |grep -v nscd.service |wc -l
885
D) x86-64 multilibs, usrmerge
find ./tmp/work/*/glibc/2.29-r0/stashed-locale -type f |grep -v nscd.service |wc -l
864
The issue here is that all the moves should be processed first, then a
copy should be made of the lib directories, but only in the case they
are different when using the usrmerge feature. Even though the build
worked for the multilib configuration without usrmerge, the content
was not the same.
After applying the patch the same number of files are in all the
configurations. The list of files was also diffed, after normalizing
the directory names to ensure all the correct files were copied.
Ultimately there are probably additional files that should be pruned
from what is copied to the stated_locale, but the purpose of this
patch is make it 100% consistent between the build types and fix the
builds.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Jason Wessel [Tue, 2 Jul 2019 20:16:08 +0000 (13:16 -0700)]
glibc-locale: Fix build error with PACKAGE_NO_GCONV = "1"
When the PACKAGE_NO_GCONV is set to 1 an empty directory is left behind from the do_install rule:
=====
ERROR: glibc-locale-2.29-r0 do_package: QA Issue: glibc-locale: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/locale
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
glibc-locale: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: glibc-locale-2.29-r0 do_package: Fatal QA errors found, failing task.
=====
The simple fix is to prune the empty directory.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Nathan Rossi [Wed, 28 Aug 2019 05:06:29 +0000 (05:06 +0000)]
binutils: Fix mips patch which changes default emulation
The patch incorrectly removes 'mips_elf32_ntrad_le_vec' from the
'targ_selvecs' replacing it with duplicate entries for
'mips_elf32_ntrad_be_vec'. Correct this so that the default binutils can
still handle 'mips_elf32_ntrad_le_vec' binaries.
