| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Currently in NVD DB an item popped up, which hasn't set baseMetricV2.
Let the parser handle it as an optional item.
In case use baseMetricV2 before baseMetricV3
(From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
virtual/crypt-native is assume provided in bitbake.conf, so
buildtools-extended-tarball shoud provide crypt since it doesn't
use the host's headers/libraries.
[YOCTO #13714]
(From OE-Core rev: da948b25d5ef452fb35275d108e18d2a2829f4fb)
(From OE-Core rev: bc42406d83310398bc4d4db4244252411eff117d)
(From OE-Core rev: 6f6d7278358b042aca3e911aefd0d6128480f32d)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 6467eb4461f3cab16cab2ba63154c92fc2adacef)
(From OE-Core rev: 848c61a07f691638fa529bbe0f0ff1dfded4a967)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The autobuilder has been experiencing SSL: CERTIFICATE_VERIFY_FAILED
errors during error report uploads when using buildtools due to looking
for certs in /opt/poky
(From OE-Core rev: 197f1d5d14b8e57295f5a81c03c86abba5328614)
(From OE-Core rev: 35c6ab2501672083cf8b974d8b9c3daa3202de36)
(From OE-Core rev: 0cb479a5e99289b75e89b2ed5058f33605f15936)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
export OPENSSL_CONF to aviod SDK openssl can not find openssl.cnf.
(From OE-Core rev: 0aaf3dd17dcde959e9c0d62543cb91c9b33551b4)
(From OE-Core rev: 63d8569b2c9f66e8123e2672a7f8fb8e7cc1f0b4)
(From OE-Core rev: e733a5f3b0e3c3b8a830db5ae99b3fc6b7e56921)
Signed-off-by: Liwei Song <liwei.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Builds like native-openjdk, really wants a to link
some tools against the static version. Since when
using the extended tarball, its the only place to
get it, add the library.
(From OE-Core rev: 59c4a3fdbbfd5a6aaba7e0a1675dcd5866a7f3a4)
(From OE-Core rev: 152709dec03bbac582ca63b65f2efb835e0b33fb)
(From OE-Core rev: 5e3664e5f9a0dde07b0f8a56cdce1321456abaa5)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* For buildtools-extended-tarball, where we are adding all of build-essentials
to the nativesdk, we need additional perl modules for autoconf and automake.
(From OE-Core rev: f0f766160663407ea7683d31bbf5f011accc9ba2)
(From OE-Core rev: e7ade58a7da52ebb40120020dd86dd3ae9b2148e)
(From OE-Core rev: ed9d60fb5d471b4ec472088cc9307fd8575b187a)
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The eSDK installation code checks installed locales with the locale command which is
from glibc-utils. Add this so that we find the correct locales from the buildtools.
(From OE-Core rev: 7d35e4bc6ff94a2d03c48827d7d60a6855c9029d)
(From OE-Core rev: d99b6432decec0964ac0e08698abc782c9b114f5)
(From OE-Core rev: 3562a6848aa3e866ad8e2d3caed3211971817234)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to search our own libdirs, then fall back to the system ones as our
customised dynamic loader will. Have ld.so.conf reflect that.
This ensures that binutils finds libraries here when linking too.
(From OE-Core rev: ab729c362684474a8346e5256d636200826feb47)
(From OE-Core rev: 8de0aee6befc0541fa40563f63dfe1cc36f064fe)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* For some aging distros, such as CentOS 7, the native version
of gcc is simply too ancient and is a constant source of
headaches for moving forward.
* Add an extended version of buildtools-tarball which adds all
of build-essential, so that the host is now modernized and
capable of compiling the latest versions of components.
Fixes [YOCTO #13714]
(From OE-Core rev: f0377af2325613b63716b0bb4db1ab253d79f388)
(From OE-Core rev: bb4979f0e8367b475cc9a5274933a61bb0eb64b3)
(From OE-Core rev: f492e172e133a4b52dbe818d806cab783204e575)
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CPE version could be '-' to mean no version info.
Current cve_check treat it as not valid and does not report these
CVE but some of these could be a valid vulnerabilities.
Since non-valid CVE can be whitelisted, so treat '-' as all version
and report all these CVE to capture possible vulnerabilities.
Non-valid CVE to be whitelisted separately.
[YOCTO #13617]
(From OE-Core rev: 1d06fedf46c8f67fccde7a00d7199d7052c33b30)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c69ee3594079589d27c10db32bc288566ebde9ef)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch to recently released version 1.1 of NVD CVE JSON feed, as in
https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release
it is mentioned that
Due to changes required to support CVSS v3.1 scoring, the JSON
vulnerability feeds must be modified. This will require the consumers
of this data to update their internal processes. We will be providing
the JSON 1.1 schema on the data feeds page and the information below
to prepare for this transition.
...
The JSON 1.1 data feeds will be available on September 9th, 2019. At
that time the current JSON 1.0 data feeds will no longer available.
This change was tested briefly by issuing 'bitbake core-image-minimal'
with 'cve-check.bbclass' inherited via local.conf, and then comparing
the content between the resulting two
'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not
seem to contain any other change, except total of 167 entries like
CVSS v3 BASE SCORE: 0.0
were replaced with similar 'CVSS v3 BASE SCORE:' entries which had
scores that were greater than '0.0' (up to '9.8').
(From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323)
(From OE-Core rev: 72c22b8791707480c380f49305c6d394578b2a4b)
Signed-off-by: Niko Mauno <niko.mauno@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c92b8804d6e59b2707332859957f0e6a46db0a73)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.
(From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434)
(From OE-Core rev: 2ddf1c0bc4267d38069f9dbb0f716fdac29a49a9)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create an index on the PRODUCTS table which contains a row for each CPE,
drastically increasing the performance of lookups for a specific CVE.
(From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e)
(From OE-Core rev: 9abd2b5c4ddfb98f3b8574954e1fd0e95a47ebcc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't hardcode the database filename, there's a variable for this in
cve-check.bbclass.
(From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab)
(From OE-Core rev: f774665ee4dcdc5a1fe1f51384d82fb8e1b219e1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.
(From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a)
(From OE-Core rev: fd16e1bb582d3135411e2e3dad46731114d2b955)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As detailed at [1] the XML feeds provided by NIST are being discontinued on
October 9th 2019. As cve-check-tool uses these feeds, cve-check.bbclass will be
inoperable after this date.
To ensure that cve-check continues working, backport the following commits from
master to move away from the unmaintained cve-check-tool to our own Python code
that fetches the JSON:
546d14135c5 cve-update-db: New recipe to update CVE database
bc144b028f6 cve-check: Remove dependency to cve-check-tool-native
7f62a20b32a cve-check: Manage CVE_PRODUCT with more than one name
3bf63bc6084 cve-check: Consider CVE that affects versions with less than operator
c0eabd30d7b cve-update-db: Use std library instead of urllib3
27eb839ee65 cve-check: be idiomatic
09be21f4d17 cve-update-db: Manage proxy if needed.
975793e3825 cve-update-db: do_populate_cve_db depends on do_fetch
0325dd72714 cve-update-db: Catch request.urlopen errors.
4078da92b49 cve-check: Depends on cve-update-db-native
f7676e9a38d cve-update-db: Use NVD CPE data to populate PRODUCTS table
bc0195be1b1 cve-check: Update unpatched CVE matching
c807c2a6409 cve-update-db-native: Skip recipe when cve-check class is not loaded.
07bb8b25e17 cve-check: remove redundant readline CVE whitelisting
5388ed6d137 cve-check-tool: remove
270ac00cb43 cve-check.bbclass: initialize to_append
e6bf9000987 cve-check: allow comparison of Vendor as well as Product
91770338f76 cve-update-db-native: use SQL placeholders instead of format strings
7069302a4cc cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
78de2cb39d7 cve-update-db-native: Remove hash column from database.
4b301030cf9 cve-update-db-native: use os.path.join instead of +
f0d822fad2a cve-update-db: actually inherit native
b309840b6aa cve-update-db-native: use executemany() to optimise CPE insertion
bb4e53af33d cve-update-db-native: improve metadata parsing
94227459792 cve-update-db-native: clean up JSON fetching
95438d52b73 cve-update-db-native: fix https proxy issues
1f9a963b9ff glibc: exclude child recipes from CVE scanning
[1] https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement
(From OE-Core rev: 8c87e78547c598cada1bce92e7b25d85b994e2eb)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9bcfb1061c80fe51e47e102d6ad4c0d96392b90e)
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids errors when running populate_sdk under opkg:
* Problem 1/1:
* - package busybox-dev-1.30.1-r0.core2-64 requires busybox = 1.30.1-r0, but none of the providers can be installed
*
* Solution 1:
* - allow deinstallation of target-sdk-provides-dummy-1.0-r0.sdk-provides-dummy-target
* Solution 2:
* - do not ask to install a package providing busybox-dev
(From OE-Core rev: 8517cf2ac73277d606cc82b73cd4ae64c6bd0faa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When 'adduser' package, which is from meta-perl layer, is added to rootfs,
we will get do_populate_sdk failure like below.
Error:
Problem: package perl-module-cwd-5.24.4-r0.core2_64 requires perl-module-dynaloader, but none of the providers can be installed
- package perl-module-file-temp-5.24.4-r0.core2_64 requires perl-module-cwd, but none of the providers can be installed
- package perl-module-dynaloader-5.24.4-r0.core2_64 requires perl-module-config, but none of the providers can be installed
- package adduser-3.118-r0.core2_64 requires perl-module-file-temp, but none of the providers can be installed
- package target-sdk-provides-dummy-1.0-r0.sdk_provides_dummy_target conflicts with perl provided by perl-5.24.4-r0.core2_64
This is because adduser depends on some perl modules which are not
listed in target-sdk-provides-dummy.
So add these perl modules to avoid such failure.
(From OE-Core rev: 1b12c176827c2d0cbb7867da73efac56826036ed)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opkg needs the replaces/conflicts/provides in order for this package
to function as intended. When enabled, this code caused failures for
core-image-sato -c populate_sdk.
The reason is that nativesdk-autoconf has several perl dependencies. We
need to list more of the things which this package provides/conflicts
with in order for it to function correctly. Therefore add the missing
entries.
(From OE-Core rev: 27412b377dda47daa87bfcb3a41babe53ff8b0a3)
(From OE-Core rev: e0db1beb6db624b3b743e780c298c63a1e177cfb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora28 repackages rpcgen program to rpcgen
package and the program will no longer be
part of the glibc-common package.
fedora 28:
$ rpm -qf /usr/bin/rpcgen
rpcgen-1.3.1-4.fc28.x86_64
fedora 27:
$ rpm -qf /usr/bin/rpcgen
glibc-common-2.26-27.fc27.x86_64
Once build a project on fedora28 host without
installing the extra rpcgen package, there
comes below error:
ERROR: Unable to start bitbake server
ERROR: Last 10 lines of server log for this session (/yocto/builds/upgrade2/bitbake-cookerdaemon.log):
self.cooker = bb.cooker.BBCooker(self.configuration, self.featureset)
File "/yocto/poky/bitbake/lib/bb/cooker.py", line 197, in __init__
self.initConfigurationData()
File "/yocto/poky/bitbake/lib/bb/cooker.py", line 356, in initConfigurationData
self.databuilder.parseBaseConfiguration()
File "/yocto/poky/bitbake/lib/bb/cookerdata.py", line 317, in parseBaseConfiguration
raise bb.BBHandledException
bb.BBHandledException
ERROR: The following required tools (as specified by HOSTTOOLS) appear to be unavailable in PATH, please install them in order to proceed:
rpcgen
So add nativesdk-rpcsvc-proto to provide the
program rpcgen to fix the gap.
(From OE-Core rev: 52fbf46a32f03266e31811fde7d4466e7ef85fc8)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Include cmake as part of build tree toolchain so that it is populated
into meta-ide-support's recipe-sysroot-native which is prepended to
$PATH, this ensures cmake-native is picked up first before host cmake.
(From OE-Core rev: 0b51e0b2ac6f3cc95af4061253dc76a91df91349)
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* since following change:
allarch: only enable allarch when multilib is not used
the sstate-diff-machines.sh reports different signature for target-sdk-provides-dummy
when multilib is enabled
=== Comparing signatures for task do_populate_sysroot.sigdata between qemux86 and qemux86copy ===
ERROR: lib32-target-sdk-provides-dummy different signature for task do_populate_sysroot.sigdata between qemux86 and qemux86copy
basehash changed from b0a44b2c7003b6b4aa3a023d9cb9fe82 to 3a59fa25ddb6a95aff079d477ebf3457
Variable SSTATE_MANMACH value changed from 'qemux86' to 'qemux86copy'
ERROR: target-sdk-provides-dummy different signature for task do_populate_sysroot.sigdata between qemux86 and qemux86copy
basehash changed from 9e44f1deb3d15886ee96db1a3332764c to 6b417d08a5113c9b06d13b3681f5ab4f
Variable SSTATE_MANMACH value changed from 'qemux86' to 'qemux86copy'
It's using:
inherit allarch
python() {
# Put the package somewhere separate to ensure it's never used except
# when we want it
# (note that we have to do this in anonymous python here to avoid
# allarch.bbclass disabling itself)
d.setVar('PACKAGE_ARCH', '${DUMMYARCH}')
}
and DUMMYARCH = "sdk-provides-dummy-target"
The difference as shown with bitbake -e before and after reverting allarch.bbclass commit:
before revert:
$SSTATE_MANMACH [2 operations]
set? oe-core/meta/classes/sstate.bbclass:61
"${SSTATE_PKGARCH}"
set sstate.bbclass:100 [__anon_111_oe_core_meta_classes_sstate_bbclass]
"machineName"
pre-expansion value:
"machineName"
SSTATE_MANMACH="machineName"
$SSTATE_PKGARCH
set oe-core/meta/classes/sstate.bbclass:11
"${PACKAGE_ARCH}"
SSTATE_PKGARCH="sdk-provides-dummy-target"
$PACKAGE_ARCH [3 operations]
set oe-core/meta/conf/bitbake.conf:150
[_defaultval] "${TUNE_PKGARCH}"
set oe-core/meta/conf/documentation.conf:304
[doc] "The architecture of the resulting package or packages."
set dummy-sdk-package.inc:12 [__anon_12_oe_core_meta_recipes_core_meta_dummy_sdk_package_inc]
"${DUMMYARCH}"
pre-expansion value:
"${DUMMYARCH}"
PACKAGE_ARCH="sdk-provides-dummy-target"
after revert:
$SSTATE_MANMACH
set? oe-core/meta/classes/sstate.bbclass:61
"${SSTATE_PKGARCH}"
SSTATE_MANMACH="allarch"
$SSTATE_PKGARCH [2 operations]
set oe-core/meta/classes/sstate.bbclass:11
"${PACKAGE_ARCH}"
set sstate.bbclass:98 [__anon_111__oe_core_meta_classes_sstate_bbclass]
"allarch"
pre-expansion value:
"allarch"
SSTATE_PKGARCH="allarch"
$PACKAGE_ARCH [4 operations]
set oe-core/meta/conf/bitbake.conf:150
[_defaultval] "${TUNE_PKGARCH}"
set oe-core/meta/conf/documentation.conf:304
[doc] "The architecture of the resulting package or packages."
set oe-core/meta/classes/allarch.bbclass:5
"all"
set dummy-sdk-package.inc:12 [__anon_12_oe_core_meta_recipes_core_meta_dummy_sdk_package_inc]
"${DUMMYARCH}"
pre-expansion value:
"${DUMMYARCH}"
PACKAGE_ARCH="sdk-provides-dummy-target"
the relevant part of the anonymous python in sstate.bbclass:
elif bb.data.inherits_class('allarch', d) and d.getVar("PACKAGE_ARCH") == "all":
d.setVar('SSTATE_PKGARCH', "allarch")
else:
d.setVar('SSTATE_MANMACH', d.expand("${PACKAGE_ARCH}"))
So with allarch.bbclass change, the PACKAGE_ARCH isn't set to "all" because multilib is enabled,
but that causes sstate.bbclass to set SSTATE_MANMACH to MACHINE instead of SSTATE_PKGARCH
allarch, where it got MACHINE is still a bit of mystery to me.
(From OE-Core rev: f25cc92cfd692fd23f21fd736243b81f116fd37a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
They are required by oeqa.
(From OE-Core rev: 033459894d368652bc9127dcb3bb1bcc8d6f055e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
We need this to avoid symbol mismatch issues for binaries that use this
on newer systems which then won't run on older ones where it isn't present.
(From OE-Core rev: 39c1719a32ed5567e3bf2df5c4f9068d0f5a9400)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent glibc change removed libnss-nis module from glibc and a new
recipe libnss-nis.bb was added.
After this change, we need to make sure nativesdk-libnss-nis is also
included in buildtools-tarball, otherwise, we may encounter the following
error when using 'tar' command from buildtools-tarball.
tar: relocation error: /lib/x86_64-linux-gnu/libnss_nis.so.2: \
symbol _nsl_default_nss version GLIBC_PRIVATE not defined \
in file libnsl.so.1 with link time reference
This error occured on my ubuntu16.04 host with 'nis' configured in
/etc/nssswitch.conf.
So add nativesdk-libnss-nis to buildtools-tarball to fix this problem.
(From OE-Core rev: f7c703dd43e112b6cd63c7512645a1d418569ad7)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's useful for the post-relocate scripts to be able to see the SDK
environment, for example to see the values of CC, CXX etc. in order to
dynamically generate toolchain files.
To enable this, source the SDK environment script prior to calling the
relocate scripts.
(From OE-Core rev: adcf69ee3310171580c28e141fec6997b1f06da4)
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
packages like fontforge-native fail with mysterious errors like
| ../../git/inc/gwwiconv.h:44:21: error: conflicting types for ‘gww_iconv_close’
| #define iconv_close gww_iconv_close
| ^~~~~~~~~~~~~~~
| ../../git/inc/gwwiconv.h:37:13: note: previous declaration of ‘gww_iconv_close’ was here
| extern void gww_iconv_close( gww_iconv_t cd);
| ^~~~~~~~~~~~~~~
The reason behind this is that a check for iconv fails during native
configure run, the check fails because the autoconf test to check for iconv
pokes for these gconv's in test runs before declaring iconv support successful.
Therefore when uninative is active the package fails to build but when
uninative is inactive all works fine. this patch fixes that
(From OE-Core rev: b4f5ed7a8bb2f76ab4a50b3f0073a9d18a51923e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flag
Without this change, there will be two sstate index files in
tmp/sstate-control for any machine that contains a dash in the
name.
(From OE-Core rev: 29e7799bdb3773c40492e01448e0c614ed44583d)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora28[1] has decided to go ahead and use libxcrypt to replace libcrypt from glibc
despite the change not having merged into glibc upstream yet. This breaks the use of
uninative in OE on fedora28 since binaries there are now using new symbols only found
in libxcrypt. libxcrypt is meant to be backwards compatible with libcrypt but not the
reverse.
Since this will impact OE in the next release cycle, this changes nativesdk only
to use this new model and adds libxcrypt to work in that case. This allows us to
build a uninative which is compatible with fedora28 and previous other OSes.
In order to work, recipes will now need to depend on virtual/crypt where they use
libcrypt since its now a separate library and we can't depend on it from glibc to
preseve backwards compatibility since glibc needs to build first. For now, only the
problematic nativesdk recipes have been fixed up. For target use, the default
provider remains glibc for now. Assuming this change is merged into upstream glibc,
we will need to roll this change out for the target but we will do this in the next
release cycle when we can better deal with the resulting bugs.
[1] https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
Original patch from Charles-Antoine Couret <charles-antoine.couret@essensium.com>,
tweaked by RP to add virtual provides, SkipRecipe for libxcrypt and other minor
tweaks.
(From OE-Core rev: c1573cb7faeb296fe7077a60d02443d5ed5bded0)
Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
This is basically a copy/paste of buildtools-tarball so copy some of the
recent changes to buildtools across.
(From OE-Core rev: bb10cec25e3683de4fda11e66f827c882488cb1a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As glibc 2.27 can't read older locale-archives, SDKs using glibc 2.27 on hosts
using glibc earlier than 2.27 won't be able to find any locales, so bitbake
won't start and Python can't use UTF-8.
So by default install all locales into the SDK. Special-case Extensible SDKs by
installing no locales as they ship glibc in a buildtools, and that will have the
locales.
Locale installation requires cross-localedef, so add that to DEPENDS.
Also remove the explicit en_US addition in buildtools-tarball as it is now
redundant.
(From OE-Core rev: 96896568d197cd06302713c24c0f7d91bfaea6c1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
The recipe depends on many machine specific tasks and should be marked
as machine specific itself. This fixes signature tests after some dependency
issues were fixed at the bitbake level which exposed that issue.
(From OE-Core rev: 4889704fed9ec205eb964b9e8ee7ff384e5c741d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Recipes can now install post-relocation scripts which will be run when
the SDK is installed.
(From OE-Core rev: 93ec145f421a45077b40ae99ee6a96bc11f91f18)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using host gpg has been problematic, and particularly this removes
the need to serialize package creation, as long as --auto-expand-secmem
is passed to gpg-agent, and gnupg >= 2.2.4 is in use
(https://dev.gnupg.org/T3530).
Sadly, gpg-agent itself is single-threaded, so in the longer run
we might want to seek alternatives:
https://lwn.net/Articles/742542/
(a smaller issue is that rpm itself runs the gpg fronted in a serial
fashion, which slows down the build in cases of recipes with very
large amount of packages, e.g. glibc-locale)
Note that sstate signing and verification continues to use host
gpg, as depending on native gpg would create circular dependencies.
[YOCTO #12022]
(From OE-Core rev: 08fef6198122fe79d4c1213f9a64b862162ed6cd)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we migrated rpm v5 -> v4, we lost the ability to drop "per file"
dependencies from the rpm backend for things like "/bin/bash" and
"/usr/bin/env" which meant the sdks were becomming 'bloated'.
This restores the functionality using a dummy package, similarly to
the way the buildtools perl issue was addressed. It also removes
the non-functional old code so as not to confuse people in future.
I ran into this problem trying to filter dependencies to only rpms
a build directly depends upon and it turns out we have some determinism issues
in this area so this is something key to fix.
(From OE-Core rev: 9d490dc01dcedb216129b22cbe17a6c99efc4f5c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently systemd-boot actually incorporates libgcc, since the
systemd-boot needs to be built with 64bit instructions it can not
use the x32 based libgcc.
Use the new override to ensure it gets overriden, linux-gnux32 could
not be used because x86-64 has higher priority.
(From OE-Core rev: 6046b9a3d76738c459ad76f5296e7b0a54c0b2e0)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the meta-go-toolchain. It enables the generation of a Go
toolchain allowing for cross compiling for target architecture.
(From OE-Core rev: 8e16694b2f4c4038c56226821699d0d21578bdf0)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DISTRO_VERSION may contain the current date, and so is prone to mismatches
particularly when keys are created on one date, and dnf is configured to use the keys
on another date.
[YOCTO #11983]
(From OE-Core rev: b8f33f3f0a1e24f89151743d5c0b82efe45a9df1)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added sfdisk, e2fsck, mkswap, resize2fs, mkdosfs to the
list of used tools in Disk class. They're going to be used
in 'wic write' implementation.
Added dependency to util-linux to wic-tools to ensure that
sfdisk and mkswap are available from wic-tools native sysroot.
(From OE-Core rev: 1add68e4d6150e3038609d8ce7e3cff28fe8fbb8)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In particular, do_unpack needs to be deleted as it was causing missing
subpackages. Do_unpack cleans the builddir and if it was run after
do_get_public_keys it cleaned up all keys causing no packages to be
built.
(From OE-Core rev: 8fbe0d60322f1b02c1e9de1c6ab19648db97dbd9)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Added e2fsprogs-native to the list of dependencies for wic-tools
as all fs-related utilities have to be in this list.
(From OE-Core rev: d0ebcf62109d6a131e02cd4c0f04bba203ed6579)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
They are redundant since nopackages are being inherited.
(From OE-Core rev: 71af69fa898e5614920710ca9e0cea832a2401e4)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
They are redundant since nopackages are being inherited.
(From OE-Core rev: 2414e9f286d34af2db5982a988b78362decb7961)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Drop deltask do_package* syntax, inheriting nopackages instead.
(From OE-Core rev: 2eee6c4ac9ce1b020e9a6658a957459f1915fdb1)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wic will attempt to use pseudo from the wic-tools sysroot to run, but it
was only sure to be in there if do_install had executed - which is not
the case if it had been restored from sstate, in which case it failed
horribly as seen when running the wic.Wic.test_fs_types and
test_mkfs_extraopts tests on the Yocto Project autobuilder recently. Add
an explicit dependency on pseudo-native to ensure it's always there.
(From OE-Core rev: ada7408a55ec58e4aa1b094462f8a681e60be613)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
wic-tools.env was uses only when wic is run from bitbake.
As wic doesn't use wic-tools anymore in this mode there is
no need for this file.
(From OE-Core rev: 47b569553f1211e04ee21ebdece2ee3a509a83be)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The results of meta-ide-support are used by utilities like runqemu and
runqemu-extract-sdk. Since the usr/bin that meta-ide-support creates is
subsequently removed bu rm_work, we exclude this recipe from the rm_work
list.
[YOCTO #11119]
(From OE-Core rev: 6c0fc4daee0e32c85c8895ce77126d3d0c6c2ed5)
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Added btrfs-tools-native and squashfs-tools-native to DEPENDS as
wic uses these tools to support btrfs and squashfs filesystems.
(From OE-Core rev: d6fea657671637af30fe9bf9a2264746b5bd6deb)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|