| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vulnerabilities" section
Add sub section to how Poky and OE-Core handle CVE security issues. This
is a generic intro chapter. Also add note that this is a process which
needs quite a bit of review and iteration to keep products and SW stack
secure, a process not a product.
Then change "Vulnerabilites in images" chapter to
"Vulnerability check at build time" since the process applies to
anything compiled with bitbake, not just images.
Explain details of how to work with cve-check.bbclass, especially
the states Patched, Unpatched and Ignored in the generated reports.
Rename recipe chapter to "Fixing CVE product name and version mappings"
since CVE check has some default which works for all recipes
but generated reports may be completely broken. Fixes are then done with
CVE_PRODUCT and CVE_VERSION.
Give some hints how to analyze "Unpatched" CVEs by checking what happens
in other Linux distros etc.
(From yocto-docs rev: 77a9c1a9fe651bf11f1d5a723b0741dd1764b2c8)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
best practices
Regular security scans and updates to fix issues and updates from
upstream maintainers are best practices.
(From yocto-docs rev: 24d3337b6cbb38297877f6ce6ec78896ce93e8b2)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
It is a quite important tool for maintaining yocto based products
so documentation should include the best practices.
(From yocto-docs rev: 3f7d09fc3c96f29ab80a2cb893c9b4b19a75a769)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Related to cve-check.bbclass.
(From yocto-docs rev: 1218775a9b32ac16556645c5d186007c19a5baf4)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
PENDING ON THIS OE-CORE PATCH:
install-buildtools: support buildtools-make-tarball and update to 4.1
https://lists.openembedded.org/g/openembedded-core/message/171522
Cover the use case and the new provided tarball.
(From yocto-docs rev: 3a06c35d059d7d43f7eb33a4f490f5d76afe6cb6)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Reordering the bootloader command options alphabetically
(From yocto-docs rev: 9d43fcf8ba023be1350ed2b26482d2d5e44cf0cb)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 8e0841c3418caa227c66a60327db09dfbe72054a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds support for the Langdale (4.1) release and update the current
dev branch to Mickledore.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: 271ae164ba901acacaf2fc910db78246637994aa)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 99dac0ecc497d50be652a47c8a2ce8855975e360)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[YOCTO #14508]
Reported-by: Quentin Schulz <foss@0leil.net>
(From yocto-docs rev: 664b658d9d23bb97b236bc0d09c9d3f118c582fc)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
--
Doing this to consistently replace any reference to a class
by the corresponding link. This is a bit trivial within the declaration
of a class, but helps making sure that this rule applies everywhere.
This helps for example to rename or remove classes from the
documentation.
See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14508
As this change is time consuming, submitting the first part of it
as an RFC, to double check there is an agreement on doing this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Use the Wikipedia naming scheme: WSL 2 instead of WSLv2
- Take into account Windows Server 2019 and 2022 which are
supported too.
- Improve some explanations
(From yocto-docs rev: 35c5fb01d3543ef5e1f4edf337a2ab080b4e7956)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Quentin Schulz <foss@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 0f088df1027b38a47f4161fe0910150ff42c1861)
Signed-off-by: Takayasu Ito <ito@lineo.co.jp>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: e0dc444cc1807a36f0e83f025bbf212b741d01f8)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: 988efd0d1663e4369043c5b53d7e1dcd9e54d3cd)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Clarfify the eSDK issue, and document the externalsrc issue.
(From yocto-docs rev: 25cbbe19c935293e0549d89b6716a0fae229113c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 34ad768a05d6ba87aab64f0aa85e63d4233e0696)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: aef76d4e5190aad98c19d91ed56c256504dd4660)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
From the "Signed-off-by" information from his commits
(From yocto-docs rev: 7a2416b8d920f2af6d98df7aeb10d51268a15cd6)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reorganize the FAQ into sections and subsections, which allows
to have a table of contents at the top. This makes it easier
to find relevant questions without having to scroll down the entire page.
Reduce the size of questions so that they fit in a subsection title.
Merged two redundant questions about fetching sources and working
through proxies.
Minor updates to other sections.
(From yocto-docs rev: 3e24f94e9c2186a6e1d65d82a87323ef2fc6f87d)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: 34fea9a84b6a7dadc5aa4218213a76e56cad7ea7)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This currently does not include known issues or download information.
(From yocto-docs rev: a5c991235e2c063a065d610b3d2a96f5ac534a01)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: 105a44efe290ac36a370a4946aadc2e046a86e64)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
The overlayfs class was added in the honister release.
(From yocto-docs rev: cff6b5a167d8f7d99a351c7989bc86af5e553552)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
create-spdx was added in the honister release. This is a stub since I
unfortunately don't have time to fully document this class and related
variables, hopefully someone else can expand it in future.
(From yocto-docs rev: 5a4aa9dca1468d56ab5ec2c3a5ebf1ea364df5d0)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Not new in 4.1, but the syntax and usage in packagegroup-base is.
(From yocto-docs rev: 01f8393989528ed655fd20338c8764ac12bba010)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: a410d4b7a5cd38badc318508f003e3151846776e)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
These were supported in releases prior to 4.1.
(From yocto-docs rev: 86f367fc9946904b5056fb86fb2cc339a0f96b0a)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New IMAGE_FEATURES item in 4.1.
(From yocto-docs rev: 0fdd9079743a4a4205afcaaaa783af855ce5f21f)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add missing IMAGE_FEATURES, DISTRO_FEATURES and MACHINE_FEATURES items.
Additionally, add a note that DISTRO_FEATURES doesn't have any impact on
the kernel configuration so that users are aware they have to take care
of that as well. (I thought the same was true of MACHINE_FEATURES, but
it seems we have a couple of isolated cases where that will adjust the
kernel configuration - few enough that I suspect they might have slipped
in and thus probably shouldn't be documented yet.)
(From yocto-docs rev: 488a5896feefd6d0dbc197e7cc431b4d23085104)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This no longer does anything in 4.1.
(From yocto-docs rev: a288b422cf9753a393e0c6791292ac5dad2fe732)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a note to the COMPLEMENTARY_GLOB variable glossary entry mentioning
that recommends aren't installed (since this seems to be the only place
that complementary package installation is really discussed). Also turn
the paragraph about globbing into a regular paragraph as I don't think
it should be called out in a note block.
(From yocto-docs rev: abc67b101b0821b174eb65bc13922a8bee1016eb)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Make reference to meta/classes* instead of just meta/classes
* Update each reference to the path where the class has moved
* Add a brief explanation to the classes reference explaining the split
* Add a note to INHERIT, INHERIT_DISTRO, IMAGE_CLASSES and USER_CLASSES
variable glossary entries mentioning where the specified classes must
be located. I contemplated adding the same note to PACKAGE_CLASSES
but decided against it, as it has a very specific usage and such a
note might distract from the narrative of that entry.
* Also trim the IMAGE_CLASSES entry which was quite outdated.
* INHERIT += no longer works with testimage so drop the note about that
(From yocto-docs rev: e76bed00b452d3049f6c22afbfb980b557a141bd)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
testimage-auto was removed in the thud release.
(From yocto-docs rev: 618351169c09470280aeee53a63aba88788efc4b)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable for 4.1.
(From yocto-docs rev: 91c6c3dcb36e52e276f000b0e60aba02d546e994)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: efd1a6f5d13a031c0c093bbcfb4bcf935e37ed25)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: 580e0f3b23ee3a553ffc797b97c5b146316e32e4)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: 78199299405ae0ed3da543773859dc6309144cf6)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: ddf89c32f774bf6217c9bf02fa07603bf0fcfc4e)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
In 4.1 the pypi class has been updated to set a default CVE_PRODUCT
value.
(From yocto-docs rev: e4b25d6790c3966bad3c63818729c1baaf2b3ca9)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Add missing documentation for the pypi class.
(From yocto-docs rev: d387ca891ad3a7d00ec3cb5f994dc5832c885d54)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: d8d9f9fb8b8acc47888cc61fa5565806b100eba4)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: 5be23dc56574697cf18cbc4f3b7130cefe84abfd)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
New variable in 4.1.
(From yocto-docs rev: d79c1c29607bc3750bcb4e4c171593f4d7ac89cb)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The buildpaths QA check is now practically usable and enabled by
default, so update the comment and add a section with the warning
message since users may start seeing it in their builds.
(From yocto-docs rev: a14997e3b8576cd1a6e1c38d13b5b8e05ac03b88)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add a note regarding the 4.1 change to add openssh-sftp-server as a
recommends from ssh-server-dropbear.
(From yocto-docs rev: dd4775d666ca8309ef029fd329a248397bcdedc6)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Newly added class in 4.1.
(From yocto-docs rev: 391750e417d7a6b88222e03aa0a57ea87d9f618a)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The default changed to "1" back in 2017 (OE-Core revision
8018a2349b7ad5ab27731c93a49603adf5f72fc2). It seems I missed updating
the documentation to match.
(From yocto-docs rev: f5eb40a361661d8399c5bafeda3e76ed45d0e3fb)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
In 4.1 the WATCHDOG_TIMEOUT variable is now used in two places, so let's
actually document it.
(From yocto-docs rev: c8e51a968a5942cd153dd4bcf82ba9d1cc5340c0)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Expand the documentation on the image-buildinfo class, and add variable
glossary entries for IMAGE_BUILDINFO_FILE, IMAGE_BUILDINFO_VARS and
SDK_BUILDINFO_FILE (latter is new in 4.1).
(From yocto-docs rev: f69b2f614aaa56a19432538cb1adf33a441ea31d)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This was added all the way back in krogoth.
(From yocto-docs rev: 932870c5746718fb6ac3073bb4c79f4e085b089f)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
