summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ruby: fix upstream version checkAlexander Kanavin2017-03-011-0/+1
| | | | | | | | (From OE-Core rev: 0299731f9c11fda2e0a17600f758e0d7ff31fbbe) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* initscripts/sysfs.sh: mount configfs if presentMike Looijmans2017-03-011-0/+4
| | | | | | | | | | | | configfs is another kernel virtual file system that should be mounted if configured, so if it's configured into the kernel, mount it. It is used to configure e.g. USB gadget mode and devicetree overlays. (From OE-Core rev: 4f52130475d026c32f0380d301f56f6fa3df7ac9) Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: fix ineffective include conf/target/${TARGET_SYS}.confAndre McCurdy2017-03-011-1/+1
| | | | | | | | | | | | | | | TARGET_SYS is defined in terms of TARGET_ARCH, so it's not valid until after TUNE_ARCH has been set by the machine config. The original order of includes resulted in an attempt to include non-existent files such as: conf/target/INVALID-oe-linux.conf (From OE-Core rev: b33e644da0d8b6edb97257b16430b545c289883a) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-pexpect: BBCLASSEXTEND to nativeMing Liu2017-03-011-1/+1
| | | | | | | | | | Some developers might need it. (From OE-Core rev: 4aca17e945c51c9ca1fff61c0ef7b512413dea81) Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-ptyprocess: BBCLASSEXTEND to nativeMing Liu2017-03-011-1/+1
| | | | | | | | | | Some developers might need it. (From OE-Core rev: 1b7421307e835904ebde17e8eeb9f2c04e0c758c) Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest: Avoid sstate corruption by calling cleansstateMariano Lopez2017-03-018-38/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently selftest doesn't use sstates because some tests clean sstate cache; using sstates would give a performance boost instead of building everything from scratch. With this sstates are not corrupted using different methods depending on tests: devtool: These tests needed to delete the cache so SSTATE_DIR as SSTATE_MIRRORS and set a temporal SSTATE_DIR. sstatetests: This module already used a temporal SSTATE_DIR, so just set up the SSTATE_MIRRORS. Rest: Removed cleansstate, some of them required to force a certain task, others were just removed or changed for another task. [YOCTO #10929] (From OE-Core rev: 62c61087a10cc3b26fbff32c9e2efd1704a39724) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.53.0Oleksandr Kravchuk2017-03-011-2/+2
| | | | | | | | (From OE-Core rev: 8889426d822fb403db1c2263e88ed7608202aafa) Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lib/oe/gpg_sign: fix rpm signing with gpg > 2.1Markus Lehtonen2017-03-011-0/+2
| | | | | | | | | | | | | We need to check the gpg version and alter its command line options accordingly. [YOCTO #11054] (From OE-Core rev: 44a44b7e582a5a654baf21829d168568481c13d9) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lib/oe/gpg_sign: make gpg version a property of the signerMarkus Lehtonen2017-03-011-5/+5
| | | | | | | | (From OE-Core rev: a00a362e3dc18ba04230cbbd6f91264e5d76f40d) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: support customizing gpg command lineMarkus Lehtonen2017-03-012-0/+44
| | | | | | | | | | | | | | | Add a new %_gpg_sign_cmd_extra_args macro that allows customizing the gpg options used when signing rpm packages. This is needed to be able to sign packages with gpg 2.1 which requires "--pinentry-mode loopback" to allow non-interactive signing. [YOCTO #11054] (From OE-Core rev: 373a7146d596d27376a003014df0d06f3df5348d) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lib/oe/gpg_sign: sign rpm packages in chunks of 100Markus Lehtonen2017-03-011-4/+5
| | | | | | | | | | | | | | | | Split the file list into chunks in order to avoid "OSError: [Errno 7] Argument list too long" This would happend when a package has huge amount of subpackages, e.g. glibc-locale. [YOCTO #11069] (From OE-Core rev: 874f5016fd4dc76bc867b68470297fe59e78a9e6) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix build with glibc-2.25Martin Jansa2017-03-012-0/+89
| | | | | | | | (From OE-Core rev: c0ab96a7b7d2c41167e2ad79be76f6eec2b6ebb5) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: Fix build with glibc-2.25Martin Jansa2017-03-012-0/+131
| | | | | | | | (From OE-Core rev: 1e8fc70596e27edca428dd78b8095e6b76aa8e58) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* syslinux: fix build with glibc-2.25Martin Jansa2017-03-012-0/+46
| | | | | | | | (From OE-Core rev: 383d1398b27705ee94523068fae2db961d365652) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* parted: fix build with glibc-2.25Martin Jansa2017-03-012-0/+33
| | | | | | | | (From OE-Core rev: 792568406f49be7a83cf7f69af3a17abd46adc7c) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* x264: Upgrade to stable branch headJussi Kukkonen2017-03-011-2/+2
| | | | | | | | | | Small number of bug fixes and x86 optimizations. (From OE-Core rev: a8aff2a0e77c401fee5a94a906ab355814505157) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: Upgrade to recent git revisionJussi Kukkonen2017-03-012-34/+1
| | | | | | | | | | | | | The update contains a small number of bug fixes. Removed one upstreamed patch. gst-player does not have releases: this is the current git master. (From OE-Core rev: 72889d45c610c4895c6a2f439439755ef4853fab) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xf86-video-intel: Upgrade to recent git revisionJussi Kukkonen2017-03-011-1/+1
| | | | | | | | | | | | | | This includes a number of small fixes and some new PCI IDs, no major changes. For background, xf86-video-intel does not get releases so we have to follow git. (From OE-Core rev: 7dd5a74df4b19c30456f4e7e844856c5e9cbaa7f) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* epiphany: update to 3.22.6Alexander Kanavin2017-03-011-2/+2
| | | | | | | | (From OE-Core rev: a093bad83994bcdb95e713e2d7a870ea9420d71b) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdk-pixbuf: Upgrade 2.36.1 -> 2.36.5Jussi Kukkonen2017-03-012-4/+55
| | | | | | | | | | | | | | | | | Mostly bug fix releases. Generating the thumbnailer metadata now requires running yet another tool at build time. This is broken for cross-compiling, add a work-around. Add gdk-pixbuf-native to DEPENDS to make the above workaround possible: We already build gdk-pixbuf-native anyway so this is not a huge deal. (From OE-Core rev: 645e14bb39d10a50648daaf7a015f2d75bf357db) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* menu-cache: Upgrade 1.0.1 -> 1.0.2Jussi Kukkonen2017-03-011-2/+2
| | | | | | | | | | Small bug fix release. (From OE-Core rev: ee1beb8c321b5aa9a26e7b5a9df9ceed83ca9056) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libdrm: Upgrade 2.4.74 -> 2.4.75Jussi Kukkonen2017-03-012-12/+22
| | | | | | | | | | | * Remove udev from depends (it's not actually used). * Rebase a patch (From OE-Core rev: a6ab6e6157e8045155639682881de4184e72704a) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgudev: Upgrade 230 -> 231Jussi Kukkonen2017-03-011-2/+4
| | | | | | | | | | | | | Very small bug fix release. Use --disable-umockdev: Testing is great but a single regression test isn't really worth a new build dependency (that isn't in oe-core yet). (From OE-Core rev: 942946a18ec2e644a297e45787a3947f3229a783) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gtk+3: Upgrade 3.22.7 -> 3.22.8Jussi Kukkonen2017-03-012-4/+4
| | | | | | | | | | Bug fix release. (From OE-Core rev: 62bf29691608794f2b7f810d020982b492c68358) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sudo: upgrade to 1.8.19p2Chen Qi2017-03-012-3/+3
| | | | | | | | | | | | The license checksum for doc/LICENSE is changed. It's a small change. '2015' is changed to '2017'. Nothing else is changed. So the licenses remain the same. (From OE-Core rev: a14b935461d231429b6dc3bd0fdc34142b48fe86) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* file: 5.29 -> 5.30Robert Yang2017-03-011-1/+1
| | | | | | | | (From OE-Core rev: 83a822e7b7810a9a59f0ad0efe6c827b89878b61) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* guile: 2.0.13 -> 2.0.14Robert Yang2017-03-011-2/+2
| | | | | | | | (From OE-Core rev: 335265b60c9c908bed323ffd8d280857001620a3) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* strace: 4.15 -> 4.16Robert Yang2017-03-014-70/+19
| | | | | | | | | | | | | | | | * The license cheksum is changed becuase a new line is added: Copyright (C) 2001-2017 The strace developers. * Remove use-asm-sgidefs.h.patch, it doesn't check sgidefs.h any more, it was use for building on mips, I checked it built well. * Update Makefile-ptest.patch and disable-git-version-gen.patch. (From OE-Core rev: 204e0e9916f6acfa02d7a49bf5e33678abb0578d) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dpkg: Upgrade to 1.18.10Aníbal Limón2017-03-014-19/+65
| | | | | | | | | | | | | | | | | | Add a patch to don't use --clamp-time when call tar because isn't supported in tar hosts versions. See 0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch patch for details. Rebased patch: - 0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch (From OE-Core rev: 4c23b8ce417551f2ee252426158fea272b8a9dfd) Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: Upgrade to 5.24.1Aníbal Limón2017-03-017-548/+88
| | | | | | | | | | | | | | | | | Upgrade config.sh to match new version. Removed CVE patches already in upstream: - perl-fix-CVE-2016-1238.patch - perl-fix-CVE-2016-6185.patch Update customized.dat patch to match new hashes. (From OE-Core rev: f3f1614b87aa5c55653fe8f3247fb094baf98087) Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "flex: upgrade to 2.6.2"Trevor Woerner2017-03-015-219/+146
| | | | | | | | | | | | | | | This reverts commit 3632abd01abb8dfff230e18f828af705da488f97. Multiple people have expressed issues with flex-2.6.2; personally I had problems compiling libsepol from meta-selinux (for libselinux). I tried upgrading to flex-2.6.3, but that caused binutils-cross_2.27 to fail. The simplest for now is to downgrade to flex-2.6.0. (From OE-Core rev: b45776bbdafa6f6afe815714ac329494ad57e644) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: upgrade to 3.17.0Maxin B. John2017-03-011-3/+2
| | | | | | | | | | | | | 3.16.2 -> 3.17.0 * Approximately 25% better performance from the R-Tree extension. * Other performance improvements. Uses about 6.5% fewer CPU cycles. (From OE-Core rev: 2ecc3dc9cb11feb6804ec08d1b7b1470f01aadbe) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: Upgrade both python and python-native to 2.7.13Alejandro Hernandez2017-03-017-289/+126
| | | | | | | | | | | | | | | | Rebased: - python-native/multilib.patch - python/multilib.patch - python/01-use-proper-tools-for-cross-build.patch Upstream: - CVE-2016-1000110 (From OE-Core rev: 2eaadc5464e3340359b626026d80afb6bc01d3f1) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-devsrc: remove symlink sourceRobert Yang2017-03-011-0/+7
| | | | | | | | | | | | | | | | Fixed: $ rpm -qplv tmp/deploy/rpm/qemuppc/kernel-devsrc-1.0-r0.qemuppc.rpm | grep kernel/source /usr/src/kernel/source -> /buildarea/lyang1/test_yocto/tmp/work/qemuppc-poky-linux/kernel-devsrc/1.0-r0/image/usr/src/kernel It is generated by kernel's "make clean _mrproper_scripts", the kernel-devsrc includeds full sources, this symlink is not needed, and the path is invalid on target, so remove it. (From OE-Core rev: 65804d1239e626bbe1a4b5772f2464db21163713) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scripts/lib/devtool/deploy.py: add --port/-P argument for target connectionTim Orling2017-03-011-4/+22
| | | | | | | | | | | | | Enable using, e.g. host port 2222 for connection to qemu target. Defaults to 22 for standard ssh/scp port. [YOCTO #11079] (From OE-Core rev: a2bfa2cc9ee19f617f7d3b6447896e45eb855d2e) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/license.bbclass: Don't copy unneeded licenses by packageAníbal Limón2017-03-011-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Usually a recipe only provides one package but when provides more than one package the LICENSE variable per package (i.e. linux-firmware) needs to take into account to avoid unnecesary copy of licenses into packages. The patch validates if LICENSE exists in package LICENSES in order to don't copy unneeded licenses. As result of this patch some packages will not contain licenses there are not into LICENSE variable. For example: acl contains GPLv2+ instead of GPLv2+ and LGPLv2.1+ libacl contains LGPLv2+ instead of GPLv2+ and LGPLv2.1+ This behaviour is declared on the acl recipe as: SUMMARY = "Utilities for managing POSIX Access Control Lists" HOMEPAGE = "http://savannah.nongnu.org/projects/acl/" SECTION = "libs" LICENSE = "LGPLv2.1+ & GPLv2+" LICENSE_${PN} = "GPLv2+" LICENSE_lib${BPN} = "LGPLv2.1+" [YOCTO #10325] (From OE-Core rev: 8c8c8edea9c9015e21f47f3d10e6f45446a2823b) Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* license.bbclass: Don't copy again LICENSE already handled as no-genericAníbal Limón2017-03-011-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | The NO_GENERIC_LICENSE mapping was added [1] to enable copy LICENSES from upstream source code into recipe licenses, previously that only common-licenses was processed. This result on copy twice the NO_GENERIC_LICENSE specified because there is a mapping between license in LIC_CHKSUM and NO_GENERIC_LICENSE. In order to avoid double copy one as generic_ and other as LICENSE. keep track of licenses already copied. For linux-firmware the result will be only generic_ licenses into common-licenses. [YOCTO #10325] [1] http://lists.openembedded.org/pipermail/openembedded-core/2015-April/104222.html (From OE-Core rev: 95b9e2cd26c7cae265ff52af90480b75251f00e5) Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake-user-manual: Added "path_spec" parameter to SVN FetcherScott Rifenbark2017-03-011-12/+18
| | | | | | | | | | | | | | | | | | | | | Fixes [YOCTO #10405] The section on the SVN Fetcher was missing information on the "path_spec" option. I added this option and also updated the examples at the bottom of the section to include that parameter. Also, made the other two examples consistent. I also removed the "date" parameter. Also, updated the "protocol" parameter as well as the "modify" parameter. For "modify" I removed the reference to "rsh". I applied a small wording change to the "protocol" parameter. Finally, I added a new "ssh" parameter. (Bitbake rev: 3ce6169afa646ef2b847e5fbabfe0191c93928b7) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake-user-manual: Rewrite dependency dot file generationScott Rifenbark2017-03-011-5/+10
| | | | | | | | | | | | | | | | | | | | | | | The package-depends.dot and pn-depends.dot files are inaccurate, missing out key dependencies such those made via the [depends] flags. As such they can be misleading to the user. They mainly exist for historical reasons, coming from a time before we had task based execution. This commit removes the two dated file formats and replaces them with a recipe-depends.dot which is a flattened version of task-depends.dot. The old format files are removed if present so that the user can't get confused about why data might not match between files. The code is also rewritten to use 'with f: f.write()' syntax as is more commonly used now. Also update the docs to match the change. (Bitbake rev: f82537d27f2a5bf9d576aa841593db9ec0985ea8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-0181-137/+97
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sanity: Require bitbake 1.33.2Richard Purdie2017-03-011-1/+1
| | | | | | | | We want to update to a version with the bb.utils.filter() function. (From OE-Core rev: 6db26339522a22c3e3c13287ea0c9daf40c7c15e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel, license, sstate, rootfs.py: Remove deploy directory READMEMike Crowe2017-03-015-17/+1
| | | | | | | | | | | | | | | | | | | | | | | | | It isn't clear that the README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt file in the deploy directory warrants the complexity it brings elsewhere. Let's just remove it entirely. In particular, if two do_image_complete tasks run in parallel they risk both trying to put their image into ${DEPLOY_DIR_IMAGE} at the same time. Both will contain a README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt file. In theory this should be safe because "cp -alf" will just cause one to overwrite the other. Unfortunately, coreutils cp also has a race[1] which means that if one copy creates the file at just the wrong point the other will fail with: cp: cannot create hard link ‘..../tmp-glibc/deploy/images/pantera/README_-_DO_NOT_DELETE_FILES_IN_THIS_D.txt’ to +‘..../tmp-glibc/work/rage_against-oe-linux-gnueabi/my-own-image/1.0-r0/deploy-my-own-image-complete/README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt’: File exists [1] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=25680 (From OE-Core rev: 71e9e88847d7000781642ea6187ebd8f40dfdcfe) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf: increase path length limitPatrick Ohly2017-03-012-0/+34
| | | | | | | | | | | | The VfrCompile tool has a hard-coded maximum length for path names which turned out to be too small by around 20 characters in the Yocto autobuilder setup. Increasing the maximum by a factor of 4 is relatively easy and makes the problem less likely. (From OE-Core rev: ea296ab42a7a65055657b950d8248d94f0ac56f1) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf: remove BGRT patchPatrick Ohly2017-03-012-111/+0
| | | | | | | | | | This patch was added to meta-luv for kernel testing purposes and probably is not relevant for OE-core. (From OE-Core rev: 240e96e6196c32ddabb0c1aff3ee83458c98a9bd) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf: build image which enrolls standard keysPatrick Ohly2017-03-014-0/+1167
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When booting a qemu virtual machine with ovmf.secboot, it comes up with no keys installed and thus Secure Boot disabled. To lock down the machine like a typical PC, one has to enroll the same keys that PC vendors normally install, i.e. the ones from Microsoft. This can be done manually (see https://wiki.ubuntu.com/SecurityTeam/SecureBoot and https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf) or automatically with the EnrollDefaultKeys.efi helper from the Fedora ovmf rpm. To use this with qemu: $ bitbake ovmf-shell-image ... $ runqemu serial nographic qemux86 ovmf-shell-image wic ovmf.secboot ... UEFI Interactive Shell v2.1 EDK II UEFI v2.60 (EDK II, 0x00010000) Mapping table FS0: Alias(s):HD2b:;BLK4: PciRoot(0x0)/Pci(0x5,0x0)/HD(1,GPT,06AEF759-3982-4AF6-B517-70BA6304FC1C,0x800,0x566C) BLK0: Alias(s): PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0) BLK1: Alias(s): PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1) BLK2: Alias(s): PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0) BLK3: Alias(s): PciRoot(0x0)/Pci(0x5,0x0) Press ESC in 1 seconds to skip startup.nsh or any other key to continue. Shell> fs0:EnrollDefaultKeys.efi info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 info: success Shell> reset Remember that this will modify deploy/images/qemux86/ovmf.secboot.qcow2, so make a copy and use the full path of that copy instead of the "ovmf" argument if needed. The ovmf-shell-image contains an EFI shell, which is what got started here directly. After enrolling the keys, Secure Boot is active and the same image cannot be booted anymore, so the BIOS goes through the normal boot targets (including network boot, which can take a while to time out), and ends up in the internal EFI shell. Trying to invoke bootia32.efi (the shell from the image) or EnrollDefaultKeys.efi then fails: Shell> bootia32.efi Command Error Status: Security Violation The main purpose at the moment is to test that Secure Boot enforcement really works. If we had a way to sign generated images, that part could also be tested by booting in a locked down qemu instance. 0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch is from https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch?id=b1781931894bf2057464e634beed68b1e3218c9e with one line changed to fix https://bugzilla.redhat.com/show_bug.cgi?id=132502: "EFI_STATUS Status = EFI_SUCCESS;" in EnrollListOfX509Certs() lacked the initializer. (From OE-Core rev: 1913ace7d0898b5a23a2dbdc574ab1d8648927c5) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: support UEFI with OVMF firmwarePatrick Ohly2017-03-011-1/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the simplest case, "runqemu qemux86 <some-image> qcow2 ovmf" for an EFI-enabled image in the qcow2 format will locate the ovmf.qcow2 firmware file deployed by the ovmf recipe in the image deploy directory, override the graphics hardware with "-vga std" because that is all that OVMF supports, and boot with UEFI enabled. ovmf is not built by default. Either do it explicitly ("bitbake ovmf") or make it a part of the normal build ("MACHINE_ESSENTIAL_EXTRA_RDEPENDS_append = ' ovmf'"). The firmware file is activated as a flash drive instead of using the qemu BIOS parameters, because that is the recommended method (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764918#47) as it allows storing UEFI variables in the file. Instead of just "ovmf", a full path to an existing file can also be used, just as with the rootfs. That may be useful when making a permanent copy of the virtual machine data files. It is possible to specify "ovmf*" parameters more than once, then each parameter creates a separate flash drive. This way it is possible to use separate flash drives for firmware code and variables: $ runqemu qemux86 <some-image> qcow2 ovmf.code ovmf.vars" Note that rebuilding ovmf will overwrite the ovmf.vars.qcow2 file in the image deploy directory. So when the goal is to update the firmware while keeping variables, make a copy of the variable file and use that: $ mkdir my-machine $ cp tmp/deploy/images/qemux86/ovmf.vars.qcow2 my-machine/ $ runqemu qemux86 <some-image> qcow2 ovmf.code my-machine/ovmf.vars.qcow2 When Secure Boot was enabled in ovmf, one can pick that instead of the non-Secure-Boot enabled ovmf.code: $ runqemu qemux86 <some-image> qcow2 ovmf.secboot.code my-machine/ovmf.vars.qcow2 (From OE-Core rev: b91fc0893651b9e3069893e36439de0b4e70ad13) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: also accept -image suffix for rootfs parameterPatrick Ohly2017-03-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | The magic detection of the rootfs parameter only worked for image recipes which embedd the "image" string in the middle, as in "core-image-minimal". Sometimes it is more natural to call an image "something-image". To get such an image detected by runqemu, "-image" at the end of a parameter must also cause that parameter to be treated as the rootfs parameter. Inside the image directory, "something-image" has an -<arch> suffix and thus no change is needed for those usages of re.search('-image-'). However, while at it also enhance those string searches a bit (no need for re; any()+map() a bit closer to the intended logic). (From OE-Core rev: ca0fad3ad9d75d4198388b2a3133326267fc58db) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: fix undefined variable reference in check_arg_path()Patrick Ohly2017-03-011-1/+1
| | | | | | | | | | | | | | | | 'arg' isn't defined, the right name there is 'p'. This fixes a rather obscure error message when that code path ends up being taken: $ runqemu some/existing-file-name runqemu - ERROR - name 'arg' is not defined runqemu - ERROR - Try 'runqemu help' on how to use it (From OE-Core rev: 3f11e4cbb36fc65ff92296065e5f0a508b210ac7) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf_git.bb: enable Secure BootPatrick Ohly2017-03-011-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When enabled via PACCKAGECONFIG = "secureboot" (off by default because of the extra work and license change), the recipe compiles OVMF twice, once without Secure Boot, once with. This is the same approach as in https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec The results are "ovmf.qcow2" and "ovmf.secboot.qcow2" in the image deploy directory, so runqemu <machine> <image> ovmf.secboot will boot with Secure Boot enabled. ovmf.secboot.code.qcow2 is provided for those who want separate code and variable flash drives. The normal ovmf.vars.qcow2 can be used with it. In contrast to Fedora, no attempt is made to strip potentially patent encumbered algorithms out of the OpenSSL archive. OVMF does not use the ones considered problematic for Fedora, so this shouldn't be a problem. Fixes: luv-yocto/#38 (From OE-Core rev: d493f0b4760808f880a0fd6dedf918a3b85006b7) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf_git.bb: enable parallel compilationPatrick Ohly2017-03-011-2/+3
| | | | | | | | | | | | | | | | | | | The Fedora srpm [1] seems to have no problems with parallel compilation, so let's also use that for the target. The native tools however indeed have dependency problems: | test_Ecc_CParser (CheckPythonSyntax.Tests) ... gcc -o ../bin/EfiRom -L/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -L/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-rpath-link,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath-link,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-rpath,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-O1 EfiRom.o -L../libs -lCommon | /usr/bin/ld: cannot find -lCommon | collect2: error: ld returned 1 exit status ERROR: Task (virtual:native:.../meta/recipes-core/ovmf/ovmf_git.bb:do_compile) failed with exit code '1' [1] https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec (From OE-Core rev: be307609a067b7d23dc2cd8e39e3a35f770bebc7) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>