summaryrefslogtreecommitdiffstats
path: root/meta/classes
diff options
context:
space:
mode:
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/cve-check.bbclass31
-rw-r--r--meta/classes/kernel-fitimage.bbclass6
-rw-r--r--meta/classes/kernel-yocto.bbclass3
-rw-r--r--meta/classes/kernel.bbclass2
-rw-r--r--meta/classes/kernelsrc.bbclass2
-rw-r--r--meta/classes/pypi.bbclass4
-rw-r--r--meta/classes/relocatable.bbclass20
-rw-r--r--meta/classes/sanity.bbclass12
8 files changed, 49 insertions, 31 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 01b3637469..514897e8b8 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -52,17 +52,20 @@ python do_cve_check () {
52 """ 52 """
53 53
54 if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): 54 if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
55 patched_cves = get_patches_cves(d) 55 try:
56 patched, unpatched = check_cves(d, patched_cves) 56 patched_cves = get_patches_cves(d)
57 except FileNotFoundError:
58 bb.fatal("Failure in searching patches")
59 whitelisted, patched, unpatched = check_cves(d, patched_cves)
57 if patched or unpatched: 60 if patched or unpatched:
58 cve_data = get_cve_info(d, patched + unpatched) 61 cve_data = get_cve_info(d, patched + unpatched)
59 cve_write_data(d, patched, unpatched, cve_data) 62 cve_write_data(d, patched, unpatched, whitelisted, cve_data)
60 else: 63 else:
61 bb.note("No CVE database found, skipping CVE check") 64 bb.note("No CVE database found, skipping CVE check")
62 65
63} 66}
64 67
65addtask cve_check before do_build 68addtask cve_check before do_build after do_fetch
66do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db" 69do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db"
67do_cve_check[nostamp] = "1" 70do_cve_check[nostamp] = "1"
68 71
@@ -129,6 +132,10 @@ def get_patches_cves(d):
129 for url in src_patches(d): 132 for url in src_patches(d):
130 patch_file = bb.fetch.decodeurl(url)[2] 133 patch_file = bb.fetch.decodeurl(url)[2]
131 134
135 if not os.path.isfile(patch_file):
136 bb.error("File Not found: %s" % patch_file)
137 raise FileNotFoundError
138
132 # Check patch file name for CVE ID 139 # Check patch file name for CVE ID
133 fname_match = cve_file_name_match.search(patch_file) 140 fname_match = cve_file_name_match.search(patch_file)
134 if fname_match: 141 if fname_match:
@@ -172,13 +179,13 @@ def check_cves(d, patched_cves):
172 products = d.getVar("CVE_PRODUCT").split() 179 products = d.getVar("CVE_PRODUCT").split()
173 # If this has been unset then we're not scanning for CVEs here (for example, image recipes) 180 # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
174 if not products: 181 if not products:
175 return ([], []) 182 return ([], [], [])
176 pv = d.getVar("CVE_VERSION").split("+git")[0] 183 pv = d.getVar("CVE_VERSION").split("+git")[0]
177 184
178 # If the recipe has been whitlisted we return empty lists 185 # If the recipe has been whitlisted we return empty lists
179 if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): 186 if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():
180 bb.note("Recipe has been whitelisted, skipping check") 187 bb.note("Recipe has been whitelisted, skipping check")
181 return ([], []) 188 return ([], [], [])
182 189
183 old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST") 190 old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST")
184 if old_cve_whitelist: 191 if old_cve_whitelist:
@@ -214,7 +221,7 @@ def check_cves(d, patched_cves):
214 (_, _, _, version_start, operator_start, version_end, operator_end) = row 221 (_, _, _, version_start, operator_start, version_end, operator_end) = row
215 #bb.debug(2, "Evaluating row " + str(row)) 222 #bb.debug(2, "Evaluating row " + str(row))
216 223
217 if (operator_start == '=' and pv == version_start): 224 if (operator_start == '=' and pv == version_start) or version_start == '-':
218 vulnerable = True 225 vulnerable = True
219 else: 226 else:
220 if operator_start: 227 if operator_start:
@@ -256,7 +263,7 @@ def check_cves(d, patched_cves):
256 263
257 conn.close() 264 conn.close()
258 265
259 return (list(patched_cves), cves_unpatched) 266 return (list(cve_whitelist), list(patched_cves), cves_unpatched)
260 267
261def get_cve_info(d, cves): 268def get_cve_info(d, cves):
262 """ 269 """
@@ -280,7 +287,7 @@ def get_cve_info(d, cves):
280 conn.close() 287 conn.close()
281 return cve_data 288 return cve_data
282 289
283def cve_write_data(d, patched, unpatched, cve_data): 290def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
284 """ 291 """
285 Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and 292 Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and
286 CVE manifest if enabled. 293 CVE manifest if enabled.
@@ -294,9 +301,11 @@ def cve_write_data(d, patched, unpatched, cve_data):
294 301
295 for cve in sorted(cve_data): 302 for cve in sorted(cve_data):
296 write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") 303 write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
297 write_string += "PACKAGE VERSION: %s\n" % d.getVar("PV") 304 write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
298 write_string += "CVE: %s\n" % cve 305 write_string += "CVE: %s\n" % cve
299 if cve in patched: 306 if cve in whitelisted:
307 write_string += "CVE STATUS: Whitelisted\n"
308 elif cve in patched:
300 write_string += "CVE STATUS: Patched\n" 309 write_string += "CVE STATUS: Patched\n"
301 else: 310 else:
302 unpatched_cves.append(cve) 311 unpatched_cves.append(cve)
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 1bcb09c598..6cd1b76fde 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -53,6 +53,9 @@ UBOOT_MKIMAGE_DTCOPTS ??= ""
53# fitImage Hash Algo 53# fitImage Hash Algo
54FIT_HASH_ALG ?= "sha256" 54FIT_HASH_ALG ?= "sha256"
55 55
56# fitImage Signature Algo
57FIT_SIGN_ALG ?= "rsa2048"
58
56# 59#
57# Emit the fitImage ITS header 60# Emit the fitImage ITS header
58# 61#
@@ -246,6 +249,7 @@ EOF
246fitimage_emit_section_config() { 249fitimage_emit_section_config() {
247 250
248 conf_csum="${FIT_HASH_ALG}" 251 conf_csum="${FIT_HASH_ALG}"
252 conf_sign_algo="${FIT_SIGN_ALG}"
249 if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then 253 if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
250 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" 254 conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
251 fi 255 fi
@@ -327,7 +331,7 @@ EOF
327 331
328 cat << EOF >> ${1} 332 cat << EOF >> ${1}
329 signature@1 { 333 signature@1 {
330 algo = "${conf_csum},rsa2048"; 334 algo = "${conf_csum},${conf_sign_algo}";
331 key-name-hint = "${conf_sign_keyname}"; 335 key-name-hint = "${conf_sign_keyname}";
332 ${sign_line} 336 ${sign_line}
333 }; 337 };
diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index ed9bcfa57c..ab05ac91f4 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -1,5 +1,5 @@
1# remove tasks that modify the source tree in case externalsrc is inherited 1# remove tasks that modify the source tree in case externalsrc is inherited
2SRCTREECOVEREDTASKS += "do_kernel_configme do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch" 2SRCTREECOVEREDTASKS += "do_validate_branches do_kernel_configcheck do_kernel_checkout do_fetch do_unpack do_patch"
3PATCH_GIT_USER_EMAIL ?= "kernel-yocto@oe" 3PATCH_GIT_USER_EMAIL ?= "kernel-yocto@oe"
4PATCH_GIT_USER_NAME ?= "OpenEmbedded" 4PATCH_GIT_USER_NAME ?= "OpenEmbedded"
5 5
@@ -301,6 +301,7 @@ do_validate_branches[depends] = "kern-tools-native:do_populate_sysroot"
301do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot" 301do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot"
302do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}gcc:do_populate_sysroot" 302do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}gcc:do_populate_sysroot"
303do_kernel_configme[depends] += "bc-native:do_populate_sysroot bison-native:do_populate_sysroot" 303do_kernel_configme[depends] += "bc-native:do_populate_sysroot bison-native:do_populate_sysroot"
304do_kernel_configme[depends] += "kern-tools-native:do_populate_sysroot"
304do_kernel_configme[dirs] += "${S} ${B}" 305do_kernel_configme[dirs] += "${S} ${B}"
305do_kernel_configme() { 306do_kernel_configme() {
306 set +e 307 set +e
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 750988f4e5..9ace74564c 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -452,7 +452,7 @@ do_shared_workdir () {
452 452
453 # Copy files required for module builds 453 # Copy files required for module builds
454 cp System.map $kerneldir/System.map-${KERNEL_VERSION} 454 cp System.map $kerneldir/System.map-${KERNEL_VERSION}
455 cp Module.symvers $kerneldir/ 455 [ -e Module.symvers ] && cp Module.symvers $kerneldir/
456 cp .config $kerneldir/ 456 cp .config $kerneldir/
457 mkdir -p $kerneldir/include/config 457 mkdir -p $kerneldir/include/config
458 cp include/config/kernel.release $kerneldir/include/config/kernel.release 458 cp include/config/kernel.release $kerneldir/include/config/kernel.release
diff --git a/meta/classes/kernelsrc.bbclass b/meta/classes/kernelsrc.bbclass
index 675d40ec9a..a951ba3325 100644
--- a/meta/classes/kernelsrc.bbclass
+++ b/meta/classes/kernelsrc.bbclass
@@ -1,7 +1,7 @@
1S = "${STAGING_KERNEL_DIR}" 1S = "${STAGING_KERNEL_DIR}"
2deltask do_fetch 2deltask do_fetch
3deltask do_unpack 3deltask do_unpack
4do_patch[depends] += "virtual/kernel:do_patch" 4do_patch[depends] += "virtual/kernel:do_shared_workdir"
5do_patch[noexec] = "1" 5do_patch[noexec] = "1"
6do_package[depends] += "virtual/kernel:do_populate_sysroot" 6do_package[depends] += "virtual/kernel:do_populate_sysroot"
7KERNEL_VERSION = "${@get_kernelversion_file("${STAGING_KERNEL_BUILDDIR}")}" 7KERNEL_VERSION = "${@get_kernelversion_file("${STAGING_KERNEL_BUILDDIR}")}"
diff --git a/meta/classes/pypi.bbclass b/meta/classes/pypi.bbclass
index e5d7ab3ce1..87b4c85fc0 100644
--- a/meta/classes/pypi.bbclass
+++ b/meta/classes/pypi.bbclass
@@ -22,5 +22,5 @@ SECTION = "devel/python"
22SRC_URI += "${PYPI_SRC_URI}" 22SRC_URI += "${PYPI_SRC_URI}"
23S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}" 23S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
24 24
25UPSTREAM_CHECK_URI ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/" 25UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/"
26UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)" 26UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
diff --git a/meta/classes/relocatable.bbclass b/meta/classes/relocatable.bbclass
index 582812c1cf..af04be5cca 100644
--- a/meta/classes/relocatable.bbclass
+++ b/meta/classes/relocatable.bbclass
@@ -6,13 +6,15 @@ python relocatable_binaries_preprocess() {
6 rpath_replace(d.expand('${SYSROOT_DESTDIR}'), d) 6 rpath_replace(d.expand('${SYSROOT_DESTDIR}'), d)
7} 7}
8 8
9relocatable_native_pcfiles () { 9relocatable_native_pcfiles() {
10 if [ -d ${SYSROOT_DESTDIR}${libdir}/pkgconfig ]; then 10 for dir in ${libdir}/pkgconfig ${datadir}/pkgconfig; do
11 rel=${@os.path.relpath(d.getVar('base_prefix'), d.getVar('libdir') + "/pkgconfig")} 11 files_template=${SYSROOT_DESTDIR}$dir/*.pc
12 sed -i -e "s:${base_prefix}:\${pcfiledir}/$rel:g" ${SYSROOT_DESTDIR}${libdir}/pkgconfig/*.pc 12 # Expand to any files matching $files_template
13 fi 13 files=$(echo $files_template)
14 if [ -d ${SYSROOT_DESTDIR}${datadir}/pkgconfig ]; then 14 # $files_template and $files will differ if any files were found
15 rel=${@os.path.relpath(d.getVar('base_prefix'), d.getVar('datadir') + "/pkgconfig")} 15 if [ "$files_template" != "$files" ]; then
16 sed -i -e "s:${base_prefix}:\${pcfiledir}/$rel:g" ${SYSROOT_DESTDIR}${datadir}/pkgconfig/*.pc 16 rel=$(realpath -m --relative-to=$dir ${base_prefix})
17 fi 17 sed -i -e "s:${base_prefix}:\${pcfiledir}/$rel:g" $files
18 fi
19 done
18} 20}
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 936fe913b4..5c2f8f9d75 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -625,13 +625,14 @@ def check_sanity_version_change(status, d):
625 # In other words, these tests run once in a given build directory and then 625 # In other words, these tests run once in a given build directory and then
626 # never again until the sanity version or host distrubution id/version changes. 626 # never again until the sanity version or host distrubution id/version changes.
627 627
628 # Check the python install is complete. glib-2.0-natives requries 628 # Check the python install is complete. Examples that are often removed in
629 # xml.parsers.expat 629 # minimal installations: glib-2.0-natives requries # xml.parsers.expat and icu
630 # requires distutils.sysconfig.
630 try: 631 try:
631 import xml.parsers.expat 632 import xml.parsers.expat
632 except ImportError: 633 import distutils.sysconfig
633 status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n') 634 except ImportError as e:
634 import stat 635 status.addresult('Your Python 3 is not a full install. Please install the module %s (see the Getting Started guide for further information).\n' % e.name)
635 636
636 status.addresult(check_make_version(d)) 637 status.addresult(check_make_version(d))
637 status.addresult(check_patch_version(d)) 638 status.addresult(check_patch_version(d))
@@ -667,6 +668,7 @@ def check_sanity_version_change(status, d):
667 status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n') 668 status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n')
668 669
669 # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS) 670 # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
671 import stat
670 tmpdir = d.getVar('TMPDIR') 672 tmpdir = d.getVar('TMPDIR')
671 status.addresult(check_create_long_filename(tmpdir, "TMPDIR")) 673 status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
672 tmpdirmode = os.stat(tmpdir).st_mode 674 tmpdirmode = os.stat(tmpdir).st_mode
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-01 19:24:47 +0000