| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a bug in patch 2.7.3 and earlier where index lines
in patches can change file modes when they shouldn't:
http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4
This leaks into debug sources in particular (e.g. tcp-wrappers where
source files are read-only). Add the dependency to target recipes
to avoid this problem until we can rely on 2.7.4 or later.
We could try and remove all index lines from patch files but it will be a
losing battle. We could try and identify all the recipes which change
modes on files in patches but again, its a losing battle.
Instead, compromise and have patch-native as a dependency
for target recipes. We use patch-replacement-native since patch-native
is in ASSUME_PROVIDED.
Also add nativesdk-patch to buildtools-tarball.
[YOCTO #13777]
(From OE-Core rev: 5ed0840c93804488cd1c1aba6cb382b2434714a5)
(From OE-Core rev: fd3bd61a6fe5190c575dc968f3a0be9c1cbf21ed)
(From OE-Core rev: 148f1f8caf5d9a262c1f55e437326ce6139a743e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch to recently released version 1.1 of NVD CVE JSON feed, as in
https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release
it is mentioned that
Due to changes required to support CVSS v3.1 scoring, the JSON
vulnerability feeds must be modified. This will require the consumers
of this data to update their internal processes. We will be providing
the JSON 1.1 schema on the data feeds page and the information below
to prepare for this transition.
...
The JSON 1.1 data feeds will be available on September 9th, 2019. At
that time the current JSON 1.0 data feeds will no longer available.
This change was tested briefly by issuing 'bitbake core-image-minimal'
with 'cve-check.bbclass' inherited via local.conf, and then comparing
the content between the resulting two
'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not
seem to contain any other change, except total of 167 entries like
CVSS v3 BASE SCORE: 0.0
were replaced with similar 'CVSS v3 BASE SCORE:' entries which had
scores that were greater than '0.0' (up to '9.8').
(From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323)
(From OE-Core rev: c92b8804d6e59b2707332859957f0e6a46db0a73)
Signed-off-by: Niko Mauno <niko.mauno@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.
(From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434)
(From OE-Core rev: 15f6b4b59805db40df4eff6d5a2809f6f05b66c1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create an index on the PRODUCTS table which contains a row for each CPE,
drastically increasing the performance of lookups for a specific CVE.
(From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e)
(From OE-Core rev: 1b4a524da1532d15eb34a96c5bda5ff2af25a953)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't hardcode the database filename, there's a variable for this in
cve-check.bbclass.
(From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab)
(From OE-Core rev: 1c10a3189aad5109f04d1fc208d579225bdd1431)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.
(From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a)
(From OE-Core rev: f9e9107dbe23293eb96e049d7f821d2e33c23f06)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit db5f08c16eff01f3af0b99119c09f68628e2331d.
(From OE-Core rev: 4ed7861875c3f28090e014265f1f576ae0608eb7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Ensure the task is properly regsistered as an sstate task as this
"half way" state confuses new code in bitbake and it isn't supported.
(From OE-Core rev: 53d6cd98216e3b73c0c90e42223efd1a2b649358)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we have installed some lib32 package which depends on perl/bash,
then populating sdk for that image would fail with the following error.
Error:
Problem: package lib32-libxml-namespacesupport-perl-1.12-r0.corei7_32 requires lib32-perl, but none of the providers can be installed
package target-sdk-provides-dummy-1.0-r0.sdk_provides_dummy_target conflicts with /usr/bin/perl provided by lib32-perl-5.30.0-r0.corei7_32
package target-sdk-provides-dummy-1.0-r0.sdk_provides_dummy_target conflicts with libperl.so.5 provided by lib32-perl-5.30.0-r0.corei7_32
This could be produced by the following steps:
1. IMAGE_INSTALL_append = " lib32-valgrind"
2. bitbake core-image-minimal -c populate_sdk
We need to extend all packages in DUMMYPROVIDES to avoid such problems.
(From OE-Core rev: 6a38c6aafc2956bb6f7824eff4ac0f630f02da75)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When https_proxy is set, use proxy opener to open CVE metadata and
database URLs, otherwise fallback to the urllib.request.urlopen.
Also fix a minor issue where the json database which has been gzip
decompressed as byte object should be decoded as utf-8 string as
expected by update_db.
(From OE-Core rev: 95438d52b732bec217301fbfc2fb019bbc3707c8)
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
(From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The metadata parser is fragile: first it coerces a bytes() to a str() (so the
string is b'LastModifiedDate:2019...'), assumes the first line is the date, and
then uses a regex to parse (which then includes the trailing quote as part of
the date).
Clean this up by parsing the bytes as UTF-8 (ASCII is probably fine, but this is
safer), iterate through the lines and split on colons to find the right
key/value pair.
(From OE-Core rev: bb4e53af33d6ca1e9346464adbdc1b39c47530f3)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Instead of calling execute() repeatedly, rewrite the function to be a generator
and use executemany() for performance.
(From OE-Core rev: b309840b6aa3423b909a43499356e929c8761318)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
The recipe was called -native but didn't inherit native.
(From OE-Core rev: f0d822fad2a163d1ee32ed3b4c0359245140e19b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 4b301030cf9cf7a981dcff85a50e915c045e3130)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
djb2 hash algorithm was found to do collisions, so the database was
sometime missing data. Remove this hash mechanism, clear and populate
elements from scratch in PRODUCTS table if the current year needs an
update.
(From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 91770338f76ef35f3c4eeac216eb9d2b3188e575)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: c807c2a6409e122599196cd914a638b00121cab6)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using expanded list of affected versions that is not
reliable, use the 'cpe_match' node in the 'configurations' json node.
For cve-check to correctly match affected CVE, the sqlite database need to
contain operator_start, operator_end and the corresponding versions fields.
(From OE-Core rev: f7676e9a38d595564922e5f59acbc69c2109a78f)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
do_populate_cve_db is a native task.
(From OE-Core rev: 4078da92b49946848cddebe1735f301af161e162)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the NVD url is not accessible, print a warning on top of the CVE
report, and continue. The database will not be fully updated, but
cve_check can still run on the previous database.
(From OE-Core rev: 0325dd72714f0b447558084f481b77f0ec850eed)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to populate NVD database on a fetchall
(bitbake <image> --run-all=fetch), set the do_populate_cve_db task to be
executed before do_fetch.
Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE
variable because do_populate_cve_db can be called in a context where
cve-check class is not loaded.
(From OE-Core rev: 975793e3825a2a9ca6dc0e43577f680214cb7993)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With postgresql added to IMAGE_INSTALL, we will get the following
error when building for 64bit BSPs.
Problem: package postgresql-11.3-r0.corei7_64 requires libperl.so.5()(64bit), but none of the providers can be installed
A previous patch has added libperl.so.5 to DUMMY_PROVIDES, but this
is not enough. Because for 64bit BSP, it should also provide libperl.so.5()(64bit).
(From OE-Core rev: ae1414fcbe41a70a56021c4d240976dae0adad33)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
If https_proxy environment variable is defined, manage proxy to be able
to download meta and json data feeds from https://nvd.nist.gov
(From OE-Core rev: 09be21f4d1793b1e26e78391f51bfc0a27b76deb)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
urllib3 was used in this recipe but it was not set as a
dependency. As it is not specifically needed, rewrite the recipe with
urllib from the standard library.
(From OE-Core rev: c0eabd30d7b9c2517f4ec9229640be421ecc8a5e)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cve-check-tool-native do_populate_cve_db task was using deprecated NVD
xml data feeds, cve-update-db uses NVD json data feeds.
Sqlite database schema was updated to take into account CVSSv3 CVE
scores and operator in affected product versions.
A new META table was added to store the last modification date of the
NVD json data feeds.
(From OE-Core rev: 546d14135c50c6a571dfbf3baf6e9b22ce3d58e0)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This avoids sstate/uninative relocation issues where a binary was built against
a system with libcrypt.so.1 or libcrypt.so.2 and then run on the opposite by
ensuring both libraries are in uninative.
(From OE-Core rev: 6089bfbc059c8bebb63ae6b0bafe8fe035548ac0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add libperl.so.5 to DUMMY_PROVIDES to avoid do_rootfs failure like
below.
Error:
Problem: package postgresql-11.3-r0.core2_32 requires libperl.so.5, but none of the providers can be installed
package target-sdk-provides-dummy-1.0-r0.sdk_provides_dummy_target conflicts with perl provided by perl-5.30.0-r0.core2_32
package target-sdk-provides-dummy-1.0-r0.sdk_provides_dummy_target conflicts with perl-module-strict provided by perl-5.30.0-r0.core2_32
This problem could be reproduced by add 'postgresql' to IMAGE_INSTALL
and then `bitbake core-image-minimal -c populate_sdk'.
(From OE-Core rev: 8a21559bd49feba6288ad02d928daed6c736df3d)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Switch uninative to use xz compression instead of bzip2. We can then directly
use the SDK_ARCHIVE_CMD.
(From OE-Core rev: c2e30917542297c0dbef2868d4aeebc05b13ef8b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
OE-Core rev: 57a33048a89a422cfdc986d3489c67b2d297e1e7 renamed the tar_sdk function
but didn't fix this recipe. This leads to broken uninative tarballs as the internal
structure isn't correct. Fix this.
(From OE-Core rev: 1cfe7cbb20a0eedd46ab6ee57f8d49bc652f818a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It exists a situation that there is a common config file includes
multilib.conf but variable MULTILIBS is not set by default:
require conf/multilib.conf
MULTILIBS ?= ""
When build target-sdk-provides-dummy in a build project, it fails with
following steps:
1 $ echo 'MACHINE = "qemux86"' >>conf/local.conf
$ bitbake target-sdk-provides-dummy
2 $ cat <<EOF >>conf/local.conf
MACHINE = "qemux86-64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "i586"
EOF
$ bitbake target-sdk-provides-dummy
$ bitbake lib32-target-sdk-provides-dummy
It fails to build lib32-target-sdk-provides-dummy with error messages:
| ERROR: target-sdk-provides-dummy-1.0-r0 do_packagedata: The recipe target-sdk-provides-dummy
| is trying to install files into a shared area when those files already exist. Those files
| and their manifest location are:
| .../tmp/pkgdata/qemux86-64/lib32-target-sdk-provides-dummy
| (matched in manifest-qemux86_64-lib32-target-sdk-provides-dummy.packagedata)
| .../tmp/pkgdata/qemux86-64/runtime/lib32-target-sdk-provides-dummy
| (matched in manifest-qemux86_64-lib32-target-sdk-provides-dummy.packagedata)
| ... snip ...
| Please verify which recipe should provide the above files.
Add related directories to SSTATE_DUPWHITELIST to avoid the failures.
(From OE-Core rev: 9de9daa3dcbe271b3684f9a6eea1554f377e35fa)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 9bcfb1061c80fe51e47e102d6ad4c0d96392b90e)
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids errors when running populate_sdk under opkg:
* Problem 1/1:
* - package busybox-dev-1.30.1-r0.core2-64 requires busybox = 1.30.1-r0, but none of the providers can be installed
*
* Solution 1:
* - allow deinstallation of target-sdk-provides-dummy-1.0-r0.sdk-provides-dummy-target
* Solution 2:
* - do not ask to install a package providing busybox-dev
(From OE-Core rev: 8517cf2ac73277d606cc82b73cd4ae64c6bd0faa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When 'adduser' package, which is from meta-perl layer, is added to rootfs,
we will get do_populate_sdk failure like below.
Error:
Problem: package perl-module-cwd-5.24.4-r0.core2_64 requires perl-module-dynaloader, but none of the providers can be installed
- package perl-module-file-temp-5.24.4-r0.core2_64 requires perl-module-cwd, but none of the providers can be installed
- package perl-module-dynaloader-5.24.4-r0.core2_64 requires perl-module-config, but none of the providers can be installed
- package adduser-3.118-r0.core2_64 requires perl-module-file-temp, but none of the providers can be installed
- package target-sdk-provides-dummy-1.0-r0.sdk_provides_dummy_target conflicts with perl provided by perl-5.24.4-r0.core2_64
This is because adduser depends on some perl modules which are not
listed in target-sdk-provides-dummy.
So add these perl modules to avoid such failure.
(From OE-Core rev: 1b12c176827c2d0cbb7867da73efac56826036ed)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opkg needs the replaces/conflicts/provides in order for this package
to function as intended. When enabled, this code caused failures for
core-image-sato -c populate_sdk.
The reason is that nativesdk-autoconf has several perl dependencies. We
need to list more of the things which this package provides/conflicts
with in order for it to function correctly. Therefore add the missing
entries.
(From OE-Core rev: 27412b377dda47daa87bfcb3a41babe53ff8b0a3)
(From OE-Core rev: e0db1beb6db624b3b743e780c298c63a1e177cfb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora28 repackages rpcgen program to rpcgen
package and the program will no longer be
part of the glibc-common package.
fedora 28:
$ rpm -qf /usr/bin/rpcgen
rpcgen-1.3.1-4.fc28.x86_64
fedora 27:
$ rpm -qf /usr/bin/rpcgen
glibc-common-2.26-27.fc27.x86_64
Once build a project on fedora28 host without
installing the extra rpcgen package, there
comes below error:
ERROR: Unable to start bitbake server
ERROR: Last 10 lines of server log for this session (/yocto/builds/upgrade2/bitbake-cookerdaemon.log):
self.cooker = bb.cooker.BBCooker(self.configuration, self.featureset)
File "/yocto/poky/bitbake/lib/bb/cooker.py", line 197, in __init__
self.initConfigurationData()
File "/yocto/poky/bitbake/lib/bb/cooker.py", line 356, in initConfigurationData
self.databuilder.parseBaseConfiguration()
File "/yocto/poky/bitbake/lib/bb/cookerdata.py", line 317, in parseBaseConfiguration
raise bb.BBHandledException
bb.BBHandledException
ERROR: The following required tools (as specified by HOSTTOOLS) appear to be unavailable in PATH, please install them in order to proceed:
rpcgen
So add nativesdk-rpcsvc-proto to provide the
program rpcgen to fix the gap.
(From OE-Core rev: 52fbf46a32f03266e31811fde7d4466e7ef85fc8)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Include cmake as part of build tree toolchain so that it is populated
into meta-ide-support's recipe-sysroot-native which is prepended to
$PATH, this ensures cmake-native is picked up first before host cmake.
(From OE-Core rev: 0b51e0b2ac6f3cc95af4061253dc76a91df91349)
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* since following change:
allarch: only enable allarch when multilib is not used
the sstate-diff-machines.sh reports different signature for target-sdk-provides-dummy
when multilib is enabled
=== Comparing signatures for task do_populate_sysroot.sigdata between qemux86 and qemux86copy ===
ERROR: lib32-target-sdk-provides-dummy different signature for task do_populate_sysroot.sigdata between qemux86 and qemux86copy
basehash changed from b0a44b2c7003b6b4aa3a023d9cb9fe82 to 3a59fa25ddb6a95aff079d477ebf3457
Variable SSTATE_MANMACH value changed from 'qemux86' to 'qemux86copy'
ERROR: target-sdk-provides-dummy different signature for task do_populate_sysroot.sigdata between qemux86 and qemux86copy
basehash changed from 9e44f1deb3d15886ee96db1a3332764c to 6b417d08a5113c9b06d13b3681f5ab4f
Variable SSTATE_MANMACH value changed from 'qemux86' to 'qemux86copy'
It's using:
inherit allarch
python() {
# Put the package somewhere separate to ensure it's never used except
# when we want it
# (note that we have to do this in anonymous python here to avoid
# allarch.bbclass disabling itself)
d.setVar('PACKAGE_ARCH', '${DUMMYARCH}')
}
and DUMMYARCH = "sdk-provides-dummy-target"
The difference as shown with bitbake -e before and after reverting allarch.bbclass commit:
before revert:
$SSTATE_MANMACH [2 operations]
set? oe-core/meta/classes/sstate.bbclass:61
"${SSTATE_PKGARCH}"
set sstate.bbclass:100 [__anon_111_oe_core_meta_classes_sstate_bbclass]
"machineName"
pre-expansion value:
"machineName"
SSTATE_MANMACH="machineName"
$SSTATE_PKGARCH
set oe-core/meta/classes/sstate.bbclass:11
"${PACKAGE_ARCH}"
SSTATE_PKGARCH="sdk-provides-dummy-target"
$PACKAGE_ARCH [3 operations]
set oe-core/meta/conf/bitbake.conf:150
[_defaultval] "${TUNE_PKGARCH}"
set oe-core/meta/conf/documentation.conf:304
[doc] "The architecture of the resulting package or packages."
set dummy-sdk-package.inc:12 [__anon_12_oe_core_meta_recipes_core_meta_dummy_sdk_package_inc]
"${DUMMYARCH}"
pre-expansion value:
"${DUMMYARCH}"
PACKAGE_ARCH="sdk-provides-dummy-target"
after revert:
$SSTATE_MANMACH
set? oe-core/meta/classes/sstate.bbclass:61
"${SSTATE_PKGARCH}"
SSTATE_MANMACH="allarch"
$SSTATE_PKGARCH [2 operations]
set oe-core/meta/classes/sstate.bbclass:11
"${PACKAGE_ARCH}"
set sstate.bbclass:98 [__anon_111__oe_core_meta_classes_sstate_bbclass]
"allarch"
pre-expansion value:
"allarch"
SSTATE_PKGARCH="allarch"
$PACKAGE_ARCH [4 operations]
set oe-core/meta/conf/bitbake.conf:150
[_defaultval] "${TUNE_PKGARCH}"
set oe-core/meta/conf/documentation.conf:304
[doc] "The architecture of the resulting package or packages."
set oe-core/meta/classes/allarch.bbclass:5
"all"
set dummy-sdk-package.inc:12 [__anon_12_oe_core_meta_recipes_core_meta_dummy_sdk_package_inc]
"${DUMMYARCH}"
pre-expansion value:
"${DUMMYARCH}"
PACKAGE_ARCH="sdk-provides-dummy-target"
the relevant part of the anonymous python in sstate.bbclass:
elif bb.data.inherits_class('allarch', d) and d.getVar("PACKAGE_ARCH") == "all":
d.setVar('SSTATE_PKGARCH', "allarch")
else:
d.setVar('SSTATE_MANMACH', d.expand("${PACKAGE_ARCH}"))
So with allarch.bbclass change, the PACKAGE_ARCH isn't set to "all" because multilib is enabled,
but that causes sstate.bbclass to set SSTATE_MANMACH to MACHINE instead of SSTATE_PKGARCH
allarch, where it got MACHINE is still a bit of mystery to me.
(From OE-Core rev: f25cc92cfd692fd23f21fd736243b81f116fd37a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
They are required by oeqa.
(From OE-Core rev: 033459894d368652bc9127dcb3bb1bcc8d6f055e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
We need this to avoid symbol mismatch issues for binaries that use this
on newer systems which then won't run on older ones where it isn't present.
(From OE-Core rev: 39c1719a32ed5567e3bf2df5c4f9068d0f5a9400)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent glibc change removed libnss-nis module from glibc and a new
recipe libnss-nis.bb was added.
After this change, we need to make sure nativesdk-libnss-nis is also
included in buildtools-tarball, otherwise, we may encounter the following
error when using 'tar' command from buildtools-tarball.
tar: relocation error: /lib/x86_64-linux-gnu/libnss_nis.so.2: \
symbol _nsl_default_nss version GLIBC_PRIVATE not defined \
in file libnsl.so.1 with link time reference
This error occured on my ubuntu16.04 host with 'nis' configured in
/etc/nssswitch.conf.
So add nativesdk-libnss-nis to buildtools-tarball to fix this problem.
(From OE-Core rev: f7c703dd43e112b6cd63c7512645a1d418569ad7)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's useful for the post-relocate scripts to be able to see the SDK
environment, for example to see the values of CC, CXX etc. in order to
dynamically generate toolchain files.
To enable this, source the SDK environment script prior to calling the
relocate scripts.
(From OE-Core rev: adcf69ee3310171580c28e141fec6997b1f06da4)
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
packages like fontforge-native fail with mysterious errors like
| ../../git/inc/gwwiconv.h:44:21: error: conflicting types for ‘gww_iconv_close’
| #define iconv_close gww_iconv_close
| ^~~~~~~~~~~~~~~
| ../../git/inc/gwwiconv.h:37:13: note: previous declaration of ‘gww_iconv_close’ was here
| extern void gww_iconv_close( gww_iconv_t cd);
| ^~~~~~~~~~~~~~~
The reason behind this is that a check for iconv fails during native
configure run, the check fails because the autoconf test to check for iconv
pokes for these gconv's in test runs before declaring iconv support successful.
Therefore when uninative is active the package fails to build but when
uninative is inactive all works fine. this patch fixes that
(From OE-Core rev: b4f5ed7a8bb2f76ab4a50b3f0073a9d18a51923e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
flag
Without this change, there will be two sstate index files in
tmp/sstate-control for any machine that contains a dash in the
name.
(From OE-Core rev: 29e7799bdb3773c40492e01448e0c614ed44583d)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora28[1] has decided to go ahead and use libxcrypt to replace libcrypt from glibc
despite the change not having merged into glibc upstream yet. This breaks the use of
uninative in OE on fedora28 since binaries there are now using new symbols only found
in libxcrypt. libxcrypt is meant to be backwards compatible with libcrypt but not the
reverse.
Since this will impact OE in the next release cycle, this changes nativesdk only
to use this new model and adds libxcrypt to work in that case. This allows us to
build a uninative which is compatible with fedora28 and previous other OSes.
In order to work, recipes will now need to depend on virtual/crypt where they use
libcrypt since its now a separate library and we can't depend on it from glibc to
preseve backwards compatibility since glibc needs to build first. For now, only the
problematic nativesdk recipes have been fixed up. For target use, the default
provider remains glibc for now. Assuming this change is merged into upstream glibc,
we will need to roll this change out for the target but we will do this in the next
release cycle when we can better deal with the resulting bugs.
[1] https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
Original patch from Charles-Antoine Couret <charles-antoine.couret@essensium.com>,
tweaked by RP to add virtual provides, SkipRecipe for libxcrypt and other minor
tweaks.
(From OE-Core rev: c1573cb7faeb296fe7077a60d02443d5ed5bded0)
Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This is basically a copy/paste of buildtools-tarball so copy some of the
recent changes to buildtools across.
(From OE-Core rev: bb10cec25e3683de4fda11e66f827c882488cb1a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As glibc 2.27 can't read older locale-archives, SDKs using glibc 2.27 on hosts
using glibc earlier than 2.27 won't be able to find any locales, so bitbake
won't start and Python can't use UTF-8.
So by default install all locales into the SDK. Special-case Extensible SDKs by
installing no locales as they ship glibc in a buildtools, and that will have the
locales.
Locale installation requires cross-localedef, so add that to DEPENDS.
Also remove the explicit en_US addition in buildtools-tarball as it is now
redundant.
(From OE-Core rev: 96896568d197cd06302713c24c0f7d91bfaea6c1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The recipe depends on many machine specific tasks and should be marked
as machine specific itself. This fixes signature tests after some dependency
issues were fixed at the bitbake level which exposed that issue.
(From OE-Core rev: 4889704fed9ec205eb964b9e8ee7ff384e5c741d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Recipes can now install post-relocation scripts which will be run when
the SDK is installed.
(From OE-Core rev: 93ec145f421a45077b40ae99ee6a96bc11f91f18)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using host gpg has been problematic, and particularly this removes
the need to serialize package creation, as long as --auto-expand-secmem
is passed to gpg-agent, and gnupg >= 2.2.4 is in use
(https://dev.gnupg.org/T3530).
Sadly, gpg-agent itself is single-threaded, so in the longer run
we might want to seek alternatives:
https://lwn.net/Articles/742542/
(a smaller issue is that rpm itself runs the gpg fronted in a serial
fashion, which slows down the build in cases of recipes with very
large amount of packages, e.g. glibc-locale)
Note that sstate signing and verification continues to use host
gpg, as depending on native gpg would create circular dependencies.
[YOCTO #12022]
(From OE-Core rev: 08fef6198122fe79d4c1213f9a64b862162ed6cd)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
