| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use git rev-parse to determine the location of the .git directory, in
case it is not an immediate child of EXTERNALSRC (e.g. when using
submodules). In the event git can't resolve the .git directory, fall
back to the non-git method for hashing.
(From OE-Core rev: 95e1341b49f7184d280a03f64f131a4468a06867)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a custom image which uses the DATE variable the basehash
seems to change every day and lead to errors such as:
ERROR: console-tdx-image-2.7.6-r0 do_image_customimg: Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:set_image_size(d)
...
Add DATE to the variables which should not get expanded early and to the
vardepsexclude list for the image task.
(From OE-Core rev: 4af13a4855c74cea9cf6c168fd73165d7094bf93)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* since following commit:
commit 2ff9d40dc88d43567472218cf3d3faf414398c71
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 30 16:06:57 2017 +0100
image/rm_work: Promote do_image_complete to be more sstate like
all image rm_work tasks are failing with:
mv: 1.0-r0.do_image_complete.228730130ba309f85b73b72222ba11d7.raspberrypi3 and
1.0-r0.do_image_complete.228730130ba309f85b73b72222ba11d7.raspberrypi3 are the same file
it's because for $i 1.0-r0.do_image_complete.228730130ba309f85b73b72222ba11d7.raspberrypi3
there will be first SSTATETASK in $j do_deploy, so the sed call doesn't replace anything
It might be different order of SSTATETASKS in my builds (it might work only when
do_image_complete is the first one in the list), but here:
SSTATETASKS="do_deploy do_image_complete do_image_qa do_package do_package_qa do_package_write_ipk do_packagedata do_populate_lic do_populate_sdk do_populate_sdk_ext do_populate_sysroot"
(From OE-Core rev: 0c905d4e7fa8e5416945fa0d61ebc1d34409d1e6)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are optional per-recipe variables with the following meaning:
UPSTREAM_VERSION_UNKNOWN - set if the upstream version check fails reliably,
e.g. absent git tags, or weird version format used on our or on upstream side.
If this variable is not set and version check fails, or if it is set and
the version check succeeds, then the checkpkg selftest for the recipe will fail.
UPSTREAM_CHECK_UNRELIABLE - set if the upstream check cannot be reliably performed
due to transient network failures, or server behaving weirdly. This one should be used
sparingly, as it completely excludes a recipe from upstream checking, and thus
we don't get automatically notified about new upstream releases.
Also the upstream status string in the checkpkg csv output is clarified with the following
possible values:
MATCH - recipe is providing the latest upstream version
UPDATE - there is a new version released by upstream, recipe should be updated
CHECK_IS_UNRELIABLE - an upstream check was skipped as requested by recipe
via UPSTREAM_CHECK_UNRELIABLE
UNKNOWN - upstream version check was performed, but the upstream verison could
not be determined. The recipe acknowledges this via UPSTREAM_VERSION_UNKNOWN setting.
UNKNWON_BROKEN - same as previous, but the recipe does not include the acknowledgement
and should be fixed.
KNOWN_BROKEN - upstream check worked, but recipe claims it shouldn't; to fix this
remove UPSTREAM_VERSION_UNKNOWN from recipe.
[YOCTO #11896]
(From OE-Core rev: 2a44ac1add0338cd7ff012cda96bf113c9a01bd6)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is an error for populate_sdk when we exclude package by using
PACKAGE_EXCLUDE.
Reproduced steps:
echo "PACKAGE_EXCLUDE = \"psplash\"" >> conf/local.conf
bitbake core-image-sato -c populate_sdk
Error log:
ERROR: core-image-sato-1.0-r0 do_populate_sdk: Could not invoke dnf.
Command '/buildarea1/poky/build/tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/recipe-sysroot-native/usr/bin/dnf -y -c
/buildarea1/poky/build/tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/sdk/image/opt/poky/2.3/sysroots/i586-poky-linux/etc/dnf/dnf.conf
--setopt=reposdir=/buildarea1/poky/build/tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/sdk/image/opt/poky/2.3/sysroots/i586-poky-linux/etc/yum.repos.d
--repofrompath=oe-repo,/buildarea1/poky/build/tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/oe-rootfs-repo
--installroot=/buildarea1/poky/build/tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/sdk/image/opt/poky/2.3/sysroots/i586-poky-linux
--setopt=logdir=/buildarea1/poky/build/tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/temp
-x psplash --nogpgcheck install run-postinsts dnf
packagegroup-core-x11-base packagegroup-core-ssh-dropbear
packagegroup-core-standalone-sdk-target packagegroup-base-extended
packagegroup-core-x11-sato psplash packagegroup-core-boot rpm' returned 1:
Unable to detect release version (use '--releasever' to specify release version)
Added oe-repo repo from
/buildarea1/poky/build/tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/oe-rootfs-repo
Last metadata expiration check: 0:00:00 ago on Thu 10 Aug 2017 09:26:32 AM UTC.
No package psplash available.
Error: Unable to find a match
Add handling package exclusions to do_populate_sdk. The code copies from
do_rootfs in image.bbclass.
(From OE-Core rev: 86db855da4ee000737281ef7cc893d56854b3952)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For some reason prelink was refusing to prelink musl images but now sometimes
does modify the binaries. Since musl has no support for this, such images
end up broken and unable to boot.
To avoid this, be explicit and only apply prelinking for libc-glibc.
[YOCTO #11913]
(From OE-Core rev: 5a25ed1071f0d9b7d95edcc2b5b4545f960d5f95)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The test itself was removed but there were a few explicit checks and
dependencies for it, so remove those too.
(From OE-Core rev: 3a2feef644abff4feff371cc7175ac270f5fb671)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've already removed unsafe-references-in-binaries (which was fundamentally
broken) and nobody really cares about / and /usr being on different filesystems
anymore (at least if they, they're keeping very quiet and not fixing the bugs).
As this test was a minor detail in the scope of supporting separate / and /usr
which we don't support, it can be removed.
(From OE-Core rev: 5363a5e43462e22ed61e87923e00657b740f6823)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fwupd contains polkit policy files that it translates using polkit.its
and polkit.loc files that the next polkit release is going to
install (see https://github.com/hughsie/fwupd/issues/107).
In order to make that work with OE-core, the gettext tools must be
told to look also for files in the recipe-sysroot. Otherwise it only
uses the GETTEXTDATADIR set by the gettext-native tool wrappers, and
that only points to the files provided by gettext-native itself.
(From OE-Core rev: ebb706f9dafdbb7c4aa18e5595930bbc1a0497b1)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit d2ebee7c3a0c8ab9a09ebad12a2fda51f8d10954.
(From OE-Core rev: da7bc68c399bbcd1baf946931200eba72268b0b3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
do_bootdirectdisk and do_vmimg had been dropped by commit 929ba563:
[ image: Convert vmdk/vdi/qcow2 to strict CONVERSION_CMD types ]
Also drop the references to them and image-vm.
(From OE-Core rev: 609f7f4ecd17c8299b97d9face098e3cc44fa6eb)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The games we play with path manipulation of DL_DIR in uninative mean standard
PREMIRRORS don't work and we can't easily put 'chksum' into the url path from
a url parameter with the current fetcher url handling to make a generic
remapping. We therefore add to PREMIRRORS when we know the chksum to
create a premirror mapping which can work.
[YOCTO #9888]
(From OE-Core rev: 3b0309dbb5d52e9d7abf6fd89cc999ac4cc5d2fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Similar to do_image_complete, make do_image_qa a dummy sstate task
so that rm_work doesn't cause image generation to repeat on every
new build command.
(From OE-Core rev: ca61f5437cb2421a67f002785e644ba215e04aaf)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We relied on the missing do_image_complete_setscene task to ensure the dummy
sstate tarball that was created would never be used. This lead to its own
issues and a better fix for SSTATE_SKIP_CREATION has now been merged.
We can therefore make do_image_complete look like a more standard sstate
task which means image generation doesn't keep rerunning when using rm_work.
We do need to turn do_image_complete's stamp into an sstate version to
handle this (it otherwise matches the do_image_* glob).
(From OE-Core rev: 2ff9d40dc88d43567472218cf3d3faf414398c71)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
do_image_complete has the do_build dependency, these other two tasks
don't need it. If this is present, it complicates the dependency tree
and convinces rm_work that the tasks need to rerun even if they
already did since the stamps are removed.
Drop the unneeded dependency to help resolve this issue.
(From OE-Core rev: f61bcae0926a1ad79032119cc5656c0e862b13af)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, dummy archives are created for skipped sstate tasks. We relied
on these never being installed (the setscene task is missing) however this
leads to odd behaviour as for example the setscene stamps are never looked
at.
Rather than trying to continue with the two separate behaviours, really
skip package creation. We do need the file manipulation steps to install files
under sstate control from a manifest perspective so we only skip at the final
creation step.
(From OE-Core rev: 1e95fc5419a131a5e4091b8ff01639de99284399)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than requiring each user to handle this individually, handle
addto_recipe_sysroot in the core class. As well as preserving the
sysroot directory, this also ensures the stamp is preserved rather
than rerunning the task every time as currently happens.
(From OE-Core rev: bf8b9858d9ccce27173d13938a83d249294cc473)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vmdk/vdi/qcow2 IMAGE_FSTYPEs predate wic. As such, they provide
some similar underlying functionality in order to produce a "disk" image
that in turn can be converted into different formats that various
hypervisor types work with. They do not however provide the ability for
other disk image types to be converted into these same output types.
Furthermore, they are less flexible than what wic does provide. This
drops the old style vmdk/vdi/qcow2 types and re-introduces them under
the CONVERSION_CMD framework. The equivalent of vmdk is now wic.vmdk
and so forth for the other types.
(From OE-Core rev: 929ba563f1bc7195c4981b8e139c432b2cc388ea)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are at least two terminals types (gnome and tmux) that when
launched to show the kernel's menuconfig, we lost track of the corresponding
process ID, thus there is no way to see when they finish, yielding identical
timestamps before and after menuconfig thus compile's task
is never tainted. This commit takes the solution from [1] but now in the menuconfig's
context.
[1] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=c706bfbabbf9f7caf2cf509eb91381fb49aa44cb
[YOCTO #11146]
(From OE-Core rev: 7d02ea283b6587f3f79c5846b64b9ba1d6fe8026)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is in case that sometimes the copied target files might be
expected to have a desired mode, for instance, the ssh keys should not
be too open, otherwise the users will get a "Permission denied" error.
(From OE-Core rev: 0ae4c1eeb1a70bae324347445895c7d312cf503d)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tar exists with 1 and produces warning "file changed as we read it"
if content is changed while tar archives it. Even hardlinking content
causes tar to fail this way as it changes file ctime.
Other tasks running in parallel with do_image_tar may need to hardlink
rootfs content in order to change it, e.g. do_image_wic does this to
update etc/fstab.
Ignored tar exit code 1 to be able to hardlink rootfs content while
do_rootfs_tar is tarring it.
[RP: Removed bashism]
(From OE-Core rev: 402b4cffbb4c58cfee93db18192f2b218ee0ae35)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The siteconfig cache files in ACLOCALDIR setup by autotools.bbclass
has been dropped after switching to RSS, so change the siteconfig
search path back to SITECONFIG_SYSROOTCACHE and the parameter
name changed from aclocalcache to sysrootcache.
(From OE-Core rev: 5b1454304483a0bc725b32fd5458e5281c68112f)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configuration variable PACKAGE_DEBUG_SPLIT_STYLE includes
the new mode debug-with-srcpkg that instructs the system to
remove the source files from the debug package but include them in
a separate package with a "-src" suffix in the name.
[YOCTO #9998]
(From OE-Core rev: b8f9ffa37f67172a01837c88c861dc736d267569)
Signed-off-by: Juan M Cruz Alcaraz <juan.m.cruz.alcaraz@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Some out of tree modules require the scripts for configuration. For
example, backport-iwlwifi.
(From OE-Core rev: 7a045f6df2366026d28fe8d36e6d594ce5aa559a)
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use MIRRORS to provide git repo fallbacks using the https protocol,
for cases where git native protocol fetches may fail due to local
firewall rules, etc.
These rules should cover all git native repos used by recipes within
oe-core, with the exception of mtd-utils, for which there's currently
no upstream alternative to the git native protocol for anonymous
access ( see http://git.infradead.org/mtd-utils.git ).
(From OE-Core rev: abb8895d5b42a5dc171360a261a2652acd14ee7e)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Put it in goarch.bbclass which all go related recipes inherit.
(From OE-Core rev: 9e899bbc081cb932c1492f6d6802b908d70ef42f)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added e2fsprogs-native to the list of default dependencies for
wic (WKS_FILE_DEPENDS_DEFAULT) as all fs-related utilities
have to be in this list.
Thanks to Patrick Ohly for noticing this.
[YOCTO #11817]
(From OE-Core rev: b1d9f5ba5d75c6e4dae10d9d9b2c03fd3099721d)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we have more than one CONVERSION_CMD being used, for example
ext4.gz.sha256sum we will see errors about "metadata is not
deterministic". This is because we do not have a stable order of
intermediate files that will be removed in the generated shell command.
We fix this by calling sorted() on the set of rm_tmp_images so that we
will have a stable hash again.
Cc: Patrick Ohly <patrick.ohly@intel.com>
(From OE-Core rev: 98a2afeb3a53bec7a72a4a9846e1dba636cc6f3d)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the introduction of chaining compression/conversion support we can
convert the old image_types_uboot.bbclass code that did a hand-chaining
of a set of ${filesystem}.${compression} into generic and arbitrary
support to sign whatever the user wants to sign for their image.
This, for the record, does remove setting a valid compression type in
the record in favour of just saying none. This is not a generally
useful feature in U-Boot and I believe being versatile in terms of being
able to pass in arbitrary compressions is more important.
(From OE-Core rev: 65f27122950a35a67ce39ae4cfe93d0dca6b0dab)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When chaining of compression/conversion types was added, we had a new
way to handle doing things like "ext4.bz2.sha256sum" or
"ext2.gz.u-boot". However, because the U-Boot image class isn't
included normally, it wasn't properly converted at the time. After the
support was added the "clean" argument that the .u-boot code uses no
longer functions. The fix for this inadvertently broke chaining
compression/conversion. First, correct the u-boot conversion code.
Fixes: 46bc438374de ("image.bbclass: do exact match for rootfs type")
Cc: Zhenhua Luo <zhenhua.luo@nxp.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Patrick Ohly <patrick.ohly@intel.com>
(From OE-Core rev: 0a7ce0b971a208956cb895ba5a869ec8c5d94703)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As we're not using them and they're getting in the way of
reproducibility.
[YOCTO #11718]
(From OE-Core rev: 1bd3ed18379c330c1c733dc9f043dbbe8aa0d254)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using shutil.copy2() to copy .git/index to a temporary file tries to
copy SELinux attributes which might fail for confined users in SELinux
environments.
E.g. our builders are running in docker containers and modification of
sources (inclusive updated of .git/index) is done outside. Trying to
copy .git/index fails with
| $ python3 -c 'import shutil; shutil.copy2("index", "a")'
| ...
| PermissionError: [Errno 13] Permission denied: 'a'
and an AVC like
| denied { relabelto } for pid=18043 comm="python3" name="a" dev="dm-29" ino=1067553 scontext=system_u:system_r:container_t:s0:c39,c558 tcontext=unconfined_u:object_r:build_file_t:s0 tclass=file permissive=0
is created. This can not be solved by adapting the SELinux policy because
this is a very deep constraint violation:
| constrain file { create relabelfrom relabelto } ((u1 == u2 -Fail-) or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
|
| Possible cause is the source user (system_u) and target user (unconfined_u) are different.
I do not see much sense in using 'shutil.copy2()' here; 'shutil.copyfile()'
seems to be a better choice (target file is created in a secure way by
tempfile.NamedTemporaryFile()).
By placing the tempfile into /tmp we avoid potential problems related to
git's 'core.sharedRepository'. As a (positive) side effect, the source
tree will not be modified anymore (at least by this part of code) which
prevented to mount it read-only from somewhere else.
(From OE-Core rev: 3c3c8ecc61dfed68987750d79b5482ab2f6fa02f)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PV is the recipe major version number. cve-check tries to map that to
NVD database release versions of the component. If the recipe sources
are taken from git, the PV can be automatically modified to include
git details, but the syntax is like 233+gitAUTOINC+a1e2ef7ec9.
In CVE checks we want to remove the git details and just use the major
version information, in this example 233.
Thus use "+git" as the separator and use the first part before the separator
as SW product version number in CVE check.
Fixes version number for e.g. systemd recipe. If systemd PV is
233+gitAUTOINC+a1e2ef7ec9 there will be no matches from CVE database where
latest release mentioned is plain 233. If the filter is set to +git, then
CVE PV is 233 and issues like this are detected by do_cve_check:
https://nvd.nist.gov/vuln/detail/CVE-2017-1000082
(From OE-Core rev: db8815abe3db60b0510fb378bf6d82172c2f2768)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is used by NVD database CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-7273
Setting this in kernel.bbclass fixes CVE reporting for all users of
the class.
(From OE-Core rev: 2e3d325440a50265c73f7d2e782530a02458bc33)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This way also bbclasses can override it. For example kernel.bbclass
could set CVE_PRODUCT to linux_kernel for all users of the class
which compile Linux kernels.
(From OE-Core rev: 74672a7de5ada45ab8e25b89cbdea3ec33b63b7f)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unzip is required for jar files. Without this patch:
ERROR: junit4-4.3.1-r0 do_unpack: Unpack failure for URL:
'http://downloads.sourceforge.net/junit/junit-4.3.1-src.jar'. Unpack
command
PATH="/var/lib/jenkins/workspace/qt5122-dyspro/build/tmp/sysroots-uninative/x86_64-linux/usr/bin ......."
unzip -q -o '/var/lib/yocto/downloads/junit-4.3.1-src.jar' failed with
return value 127
Suggested-by: Ross Burton <ross.burton@intel.com>
(From OE-Core rev: 96665f8b204b0f0ba571bb6634203aada5983f8a)
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows for other scripts to know that they are being executed in
the context of the eSDK in order to provide different behaviour as
needed.
[YOCTO #11155]
(From OE-Core rev: ebdd9b5a19eb6fb6c3249be4f0e2480a3de2aa8f)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* without this we cause nativesdk-linux-libc-headers to depend
on target specific KERNEL_CC (through icecc_get_tool ->
icecc_is_kernel -> KERNEL_CC -> HOST_CC_KERNEL_ARCH ->
TARGET_CC_KERNEL_ARCH -> TUNE_FEATURES(thumb) as shown by
bitbake-diffsigs:
OE qemux86@ ~/build/oe-core $ ls /OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemu*/*sdk*/*/*do_configure.sigdata*
/OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemuarm/x86_64-nativesdk-oesdk-linux/nativesdk-linux-libc-headers/4.10-r0.do_configure.sigdata.3a9a423878d56524e0ee8e42eba1804f
/OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemux86/x86_64-nativesdk-oesdk-linux/nativesdk-linux-libc-headers/4.10-r0.do_configure.sigdata.401071dbaa88903ece37d35a47965ff2
OE qemux86@ ~/build/oe-core $ bitbake-diffsigs /OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemu*/*sdk*/*/*do_configure.sigdata*
basehash changed from 39774238b66763c598153132e87a2c1a to aa2d66e770bf533e312536eb0a401c4c
Variable TARGET_CC_KERNEL_ARCH value changed from '${@bb.utils.contains('TUNE_FEATURES', 'thumb', '-mno-thumb-interwork-marm', '', d)} TUNE_FEATURES{thumb} = Set' to ''
(From OE-Core rev: aef5d6052a60f506e842110381a221aed042e054)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mkelfImage was failing trying to use initrd from ${DEPLOY_DIR_IMAGE}:
DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing shell function do_image_elf
| Cannot open `tmp/deploy/images/qemux86/core-image-minimal-qemux86.cpio.gz':
No such file or directory
As the images have only one deploy point it's not possible to reference
something the images themselves are deploying. They need to reference it
in the "pre-sstate" directory ${IMGDEPLOYDIR}, not the post sstate one
${DEPLOY_DIR_IMAGE}.
Fixed by using ${IMGDEPLOYDIR} instead of ${DEPLOY_DIR_IMAGE} in
mkelfImage command line.
[YOCTO #11767]
(From OE-Core rev: 13d675b0f8968bcfdf36035fd959be285e3da378)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If we're unpacking any rpm (not just .src.rpm) then we'll need to call
rpm2cpio.sh. As of OE-Core rev a7da1aade118d1ccf1b286f82556cd9f706bd2a4
that script no longer uses file-native, but there is a chance that the
rpm file will be compressed internally using xz (for example, rpms from
Fedora) and therefore the script will need xzcat provided xz-native.
(From OE-Core rev: 2f31f1795bc0c85b1646bc7d9596bbe778cb84e5)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These messages were added for debugging during the recipe specific
sysroot work. They may still be useful but they don't need to be notes -
if they are they show up in recipetool / devtool output when fetching
source.
(From OE-Core rev: a0e93d5c5dcf59d1898a3db727a5ab2d75e3d20e)
(From OE-Core rev: bc1a4af950a2600028d89b7dcb4ff8f409b52739)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the new server structure we no longer need this separate
environment init script. Just set BB_SERVER_TIMEOUT to be greater
than zero and bitbake will remain in memory and the UI will auto-reconnect
to it.
Also clean out the old shutdown code from oe-init-build-env which
also doesn't make sense now.
(From OE-Core rev: a17724d687f9c04dc21f2f369da2b492f7119ba0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out by klapperichpaul@johndeere.com, missing configuration
fragments were being picked up twice, once by the tools and once by the
bbclass. Unfortunately, the tools error message was being detected as
configs, and hence no error was reported at all.
Rather than catching the output of the tools, we can instead check the
return code and propagate the error message from the tools directly to
the user.
[YOCTO #11649]
(From OE-Core rev: 960652416e2390337df6d9734375d6829ceb6420)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, RPM4 supports to sign the files in RPM payload with plugin
mechanism. We introduce more definitions to make the file signing
available for the users:
- RPM_FILE_CHECKSUM_DIGEST
Global switch to enable file signing.
- RPM_FSK_PATH
The file signing key.
- RPM_FSK_PASSWORD
The password of file signing key.
- RPM_FILE_CHECKSUM_DIGEST
The file checksum digest.
(From OE-Core rev: 95b9ee33d5595078e90c633f6155ec9ba3d184f0)
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dependencies required for squashfs-lzo and squashfs-xz image builds were
assigned to do_image_squashfs-lzo and do_image_squashfs-xz. As these
tasks don't exist the dependencies were not installed and builds
were failing.
Correct task names for these image types are: do_image_squashfs_lzo and
do_image_squashfs_xz because '-' and '.' are replaced by '_' in all
do_image* task names.
[YOCTO #11760]
(From OE-Core rev: 1f8fc803262cdcc26dabc28af70bf0fdaf2e5847)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default set of dependencies used via wic-tools is not used
anymore as wic images don't depend on wic-tools.
Set of packages required to produce wic image depends on the content
of the .wks file, so WKS_FILE_DEPENDS variable should be used to
provide correct list of dependencies when WKS_FILE variable is set.
As WKS_FILE_DEPENDS is not used in many existing recipes yet we need
to provide default value for it to ensure that removal of wic-tool
dependency doesn't cause image build failures.
Initialized WKS_FILE_DEPENDS with the set of dependencies previously
brought by wic-tool. This is done to provide compatibility and to
avoid breakages of existing image recipes that rely on current set
of dependencies.
Note: This is a temporary solution for transition period.
After some time the list will be either reduced or removed.
Recommended solution is to use WKS_FILE_DEPENDS in image recipes
together with WKS_FILE to specify dependencies.
(From OE-Core rev: 01fc31854f7da6b3a4546121f809875c35bbf0e0)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment, when building images with IMAGE_FSTYPES=wic one ends up
depending on wic-tools and thus syslinux and grub-efi even when not
using those at all. Ideally, building an image with wic should only
build the tools and components really needed.
The problem is that "wic-tools" is needed also for the manual
invocations of wic, in which case everything that might be needed has to
be built in advance.
Replaced dependency on wic-tools with dependency to a much shorter set
of tools that wic uses almost for any image: 'parted', 'gptfdisk',
'dosfstools' and 'mtools'.
[YOCTO #11552]
(From OE-Core rev: 33ca15b94dbe7204c556c4b5526edd529f6d85f4)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes it's needed to create FAT filesystem with specific
sector or cluster size, FAT size or to use one of other useful
mkdosfs options.
Introduced MKDOSFS_EXTRAOPTS variable to set options for mkdosfs.
[YOCTO #11709]
(From OE-Core rev: 18b52577484d3b86bc31980a50da04141afda5f9)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
IMAGE_EXTENSION_live is no longer used. It was used by Hob to map the
live image type, but Hob is no longer part of the Bitbake codebase.
(From OE-Core rev: 2b30dcdc903c1b0c18e14e39b954177628d058bd)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Case-insensitive file systems fail during builds in very mysterious ways, such
as mpfr:
ERROR: patch_do_patch: Not a directory
The problem here being that mpfr has a PATCHES file, so when we try to copy the
patches into ${S}/patches/ it fails.
We can't and won't support case-insensitive file systems so add a sanity check
to abort the build if one is found.
(From OE-Core rev: 20ce04fb64f559e64490d53678fa00644a92894a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
