| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support to generate a dm-verity image and the parameters required to
assemble the corresponding table for the device-mapper driver. The latter will
be stored in the file ${DEPLOY_DIR_IMAGE}/<IMAGE_LINK_NAME>.verity-params.
Note that in the resulting image the hash tree data is appended to the contents
of the original image without an explicit superblock to keep things simple and
compact.
The above mentioned parameter file can be sourced by a shell to finally create
the desired blockdevice via "dmsetup" (found in meta-oe's recipe
"libdevmapper"), e.g.
. <IMAGE_LINK_NAME>.verity-params
dmsetup create <dm_dev_name> --readonly --table "0 $VERITY_DATA_SECTORS verity \
1 <dev> <hash_dev> \
$VERITY_DATA_BLOCK_SIZE $VERITY_HASH_BLOCK_SIZE \
$VERITY_DATA_BLOCKS $VERITY_DATA_BLOCKS \
$VERITY_HASH_ALGORITHM $VERITY_ROOT_HASH $VERITY_SALT \
1 ignore_zero_blocks"
As the hash tree data is found at the end of the image, <dev> and <hash_dev>
should be the same blockdevice in the command shown above while <dm_dev_name> is
the name of the to be created dm-verity-device.
The root hash is calculated using a salt to make attacks more difficult. Thus,
please grant each image recipe its own salt which could be generated e.g. via
dd if=/dev/random bs=1k count=1 | sha256sum
and assign it to the parameter VERITY_SALT.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The function signing_import_pubkey_from_pem is defined twice, one of
them should really be named signing_import_pubkey_from_der. Fix this and
while at it fix some argument names in the comments above the functions
as well.
Reported-by: Miklos Toth <Miklos.Toth@knorr-bremse.com>
Fixes: 4a6ac691f ("add signing.bbclass as infrastructure for build artifact signing")
Signed-off-by: Sascha Hauer <sha@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
"openssl rsa" works with RSA keys only. Use "openssl pkey" instead which
is a frontend that picks the right operation automatically and works
with RSA keys, eliptic curve keys and also DSA keys.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* the first example isn't very useful anymore since:
SRCPV is deferred now from PV to PKGV since:
https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=a8e7b0f932b9ea69b3a218fca18041676c65aba0
* but keep it in the bbclass in case someone is still using it
for whatever reason (the version with tag still makes some sense)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
exported globally for any recipe that inherits signing. This not only
affects the tasks that use the signing infrastructure, but also unrelated
tasks like e.g. do_fetch. Avoid this by exporting the variables only
for these tasks that actually call signing_prepare.
This resolves a breakage I observed on Ubuntu 18.04, where the host
tool wget is called with the environment variables set and then fails
with a SSL error (exit code 5).
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the image type:
IMAGE_FSTYPES += " wic.sparse"
IMAGE_CLASSES += " image_types_sparse"
The following error arises:
Syntax error: Bad function name
So need to remove function in favor of variable.
Also remove IMAGE_NAME_SUFFIX as per:
https://git.openembedded.org/openembedded-core/commit/?id=26d97acc71379ab6702fa54a23b6542a3f51779c
Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes
DeprecationWarning: 'pipes' is deprecated and slated for removal in Python 3.13
pipes is an alias for shlex therefore switch to using shlex
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds common infrastructure to access and used asymmetric keys to
sign build artifacts. The approach and implementation was presented at
the recent OpenEmbedded Workshop:
https://pretalx.com/openembedded-workshop-2023/talk/3C8MFF/
A working demo setup for verified boot based on qemu is available at
https://github.com/jluebbe/meta-code-signing.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
By default, img2simg will only generate raw and fill chunks. This adds
support for "don't care" chunks, based on file holes. This is similar to
how bmaptool works. "don't care" chunks do not need to be written,
speeding up flashing time.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the source image's size is not aligned to the sparse image's block
size, then conversion will fail with
img2simg: libsparse/sparse.cpp:133: int write_all_blocks(sparse_file*, output_file*): Assertion `pad >= 0' failed.
This is a bug in img2simg, but an easy way to work around it is to pad
the source image ourselves. The default block size of 4096 matches
img2simg's default block size.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Under some conditions ext2simg can corrupt the file system (see
https://lore.kernel.org/linux-ext4/CAP71WjwVdqmLEq1NGWK36JkEd-i05YcAu4jeY6GFjsk6TS=Mtg@mail.gmail.com/).
This has been reproduced with the ext2simg currently found meta-oe's
android-tools-native). Stop using ext2simg and always use img2simg. This
results in bigger images, but without the risk of image corruption.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After changing image_types_sparse to follow new override syntax, using
this class generates the syntax error, because CONVERSION_CMD:sparse()
function is added to the generated shell file, but color can not be a
part of the function name. Rewrite it to be the variable rather than the
function, so that it does not end up the run.do_image_FOO file.
DEBUG: Executing shell function do_image_ext4
[.......]/temp/run.do_image_ext4.1247938: line 184: `CONVERSION_CMD:sparse': not a valid identifier
WARNING: [.......]/temp/run.do_image_ext4.1247938:151 exit 2 from 'export systemd_user_unitdir="/usr/lib/systemd/user"'
WARNING: Backtrace (BB generated script):
#1: main, [.......]/temp/run.do_image_ext4.1247938, line 151
ERROR: Execution of '[.......]/temp/run.do_image_ext4.1247938' failed with exit code 2:
[.......]/temp/run.do_image_ext4.1247938: line 184: `CONVERSION_CMD:sparse': not a valid identifier
WARNING: [.......]/temp/run.do_image_ext4.1247938:151 exit 2 from 'export systemd_user_unitdir="/usr/lib/systemd/user"'
WARNING: Backtrace (BB generated script):
#1: main, [.......]/temp/run.do_image_ext4.1247938, line 151
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the overrides syntax conversion
* re-run the latest version of the script which converts CONVERSION_CMD as well since
https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=d9e81d66db2bc2aa56d177cef78c814c29679a4a
* skip many incorrect s/_linux/:linux/g changes which were introduced by:
https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=9ea1041f8eab26ee871a9176e9691e5d3e6745bd
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Adds a class to create sparse image files using the Android tools
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Introduce GITPKGV_TAG_REGEXP (which defaults to "v(\d.*)") to support
dropping other unwanted parts of the found tags than just a leading
"v". Any matching groups in the regexp will be concatenated to yield
the final version.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When checking for commit specific tags during GITPKGVTAG resolution, use
additional '--tags' and '--exact-match' options for 'git describe'
command.
This changes the behaviour so that in case an annotated tag does not
exist for the particular commit, then the latest lightweight
(non-annotated) tag is used instead, in case that commit has at least
one such tag.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Avoid redundant shell working directory change by resorting to
'--git-dir' option for git command instead.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
itstool was reworked in [1] to not use host's python. This patch introduced the
'-S' option for coreutils's env [2]. Unfortunately that option is relatively
young [3] and elder build-host don't support it [4].
The only way to get around this is:
* remove '-S' and -s' from native shebang
* add a class itstool.bbclass. This class depends itstool-native and creates a
valid python3 runtime environment. Most notable in the environment is
export PYTHONNOUSERSITE = "1"
which does same as '-s' option: force python to avoid adding (host) user sites.
[1] http://cgit.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/itstool/itstool/0001-Don-t-use-build-time-hardcoded-python-binary-path.patch?id=e5ac325b7974a346b218d1f43b92d06f5b0dd078
[2] http://cgit.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/itstool/itstool/0001-Don-t-use-build-time-hardcoded-python-binary-path.patch
[3] https://github.com/coreutils/coreutils/commit/668306ed86c8c79b0af0db8b9c882654ebb66db2#diff-83d9d52b1f12ac589739ab1334ae4f30
[4] https://errors.yoctoproject.org/Errors/Details/274743/
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
${GITSHA} gives the following error otherwise
gitrev_run() missing 1 required positional argument: 'path'
Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A couple have still been missed in the past despite multiple
attempts at doing so (or simply have re-appeared?).
Search & replace made using the following command:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \
-i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \
| cut -d':' -f1 \
| sort -u)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Google breakpad requires a very specific folder structure which is only known after dump_syms has been executed.
Therefore the .sym file's first line has to be parsed in order to move the file where breakpad wants it.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Its in OE-Core now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is adding the functionality to run scancode utility on code.
You need to set the following variables to use it. You can override
these from local.conf or auto.conf.
1) SCANCODE_GIT_LOCATION: Git Path for scancode-toolkit cloning, default is set.
2) SCANCODE_TAG: Select tag, if you want.
3) SCANCODE_FORMAT: Output file format json or html-app.
4) SCANCODE_SRC_LOCATION: Location to store scancode-toolkit.
This belongs to OI-2.
Signed-off-by: H M Irfan Sadiq <irfan_sadiq@mentor.com>
Signed-off-by: Noor Ahsan <noor_ahsan@mentor.com>
|
| |
|
|
|
|
|
|
| |
Update following the SkipPackage -> SkipRecipe change in oe-core.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
They have been moved to oe-core layer, as meson is increasingly
the primary build system for many projects, particularly in the
Gnome stack.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Tell Meson that even if it looks like the architectures are compatible, not to
bother executing binaries: differences in tunes, C libraries and so on mean
binaries may not work.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
As well as setting CC/CXX, export CFLAGS/CXXFLAGS and so on.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
By default Meson uses 'pkg-config' in native builds but as that is the cross
pkg-config, export PKG_CONFIG to use the correct pkg-config-native binary.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
For historic reasons the localedir directory is where binary locales are stored
(/usr/lib/locale) , not where application translations belong (typically,
/usr/share/locale). Don't pass localedir explicitly, and let Meson use the
default of $datadir/locale to match the behaviour of autotools.bbclass and the
expectations of the system.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch was incorrect: meson and autotools (thus OE) don't have conflicting
terminology, and using HOST_* for the host_machine variables is correct.
This reverts commit 77eae90ef5ca3f9a4bdf5727a29713dd2b215165.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
>From Adam Foltzer:
Apologies, this line was inadvertently committed. It was a fix I tried before
learning that adding TARGET_CC_ARCH was the solution to linking the wrong
ld.so.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`inherit externalsrc gitver` is a very useful combo to get development trees
in your workspace having a ${PN}_git.bb with PV=${GITVER} coexisting with a regular
${PN}_${PV}.bb
but not everyone wants to checkout all developments sources and managinging different
layers for each options is quite troublesome.
making `gitver` skip the .bb instead of panic()ing every time EXTERNALSRC is missing
allows people to have a single development layer where packages get enabled if
the right sources are present or falling back to the last release if not
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Class for use to convert all CRLF line terminators to LF provided
that some projects are being developed/maintained on Windows so they
have different line terminators(CRLF) vs on Linux(LF), which can
cause annoying patching errors during git push/checkout processes.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
This adds compiler flags for C++ projects, and fixes the linker
arguments for both C and C++ to avoid the GNU_HASH qa failure
Signed-off-by: Adam C. Foltzer <acfoltzer@galois.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
Meson and Bitbake use different terminology for the build and host;
this provides the correct build machine info to Meson.
Signed-off-by: Adam C. Foltzer <acfoltzer@galois.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
cpp_args and cpp_link_args must be set on the meson.cross file to
compile c++ applications. Otherwise variables such as the sysroot
are not set correctly and libraries/headers are not found.
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
When externalsrc.bbclass is used, any changes to meson.build files
should trigger do_configure to be re-run.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
A couple of more standard installation directories are supported with
meson 0.37.1, so make sure they are configured.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
https://www.python.org/dev/peps/pep-3110/
It's backward compatible with 2.6+
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
ninja provides progress information when building so let's make use of
it.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gitpkgv class is supposed to use SRCREV_FORMAT variable to define
how to smoosh together revision info from multiple repos that are
used in a single recipe. It is incorrectly repeating the rev hash
for the first repo instead of including the rev from each listed repo.
Example:
SRC_URI = "git://some-server/purple.git;destsuffix=git/purple;name=purple"
SRC_URI += "git://other-server/blue.git;destsuffix=git/blue;name=blue"
SRCREV_purple = "${AUTOREV}"
SRCREV_blue = "${AUTOREV}"
SRCREV_FORMAT = "purple_blue"
Suppose gitpkgv calculates "67+ea121ea" for purple repo,
and "123+feef001" for blue repo. This should result in a
package version with them joined together like so:
"67+ea121ea_123+feef001"
It didn't. Instead the git hash part for the first repo got repeated:
"67+ea121ea_123+ea121ea"
Fix this by looking in the right place for the git revisions of 2nd
(and following) repos when assembling the full version string.
Signed-off-by: S. Lockwood-Childs <sjl@vctlabs.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a class for packages that uses the meson build system.
Meson uses a cross-file that contain needed tools and information about
the host and target system. Such a file will be created in {WORKDIR}.
Meson only allows installation directories to be specified as relative
to prefix, except for sysconfdir, which can be absolute.
This patch is based on a prototype patch by
Ross Burton <ross.burton@intel.com>.
Signed-off-by: Linus Svensson <linussn@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recipes that fetch from a single git source, assign a name to this
source and do not set SRCREV_FORMAT to this name will always get
a GITPKGV value of "default", which causes version-going-backwards QA
errors.
Fix this by automatically determining a suitable SRCREV_FORMAT from the
SRC_URI if none is set explicitly. This code does not run for multiple
git sources, because bitbake's fetcher enforces setting SRCREV_FORMAT
when multiple version-controlled sources are used.
Signed-off-by: Clemens Lang <clemens.lang@bmw-carit.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
