Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=dunfell-23.0.14 2022-01-22T17:56:52+00:00 2022-01-22T17:56:52+00:00 Konrad Weihmann kweihmann@outlook.com 2022-01-07T09:48:51+00:00 urn:sha1:6ec2230291b61e33d70f98d0bec832d5ce3d06f4 this should prevent running into the very rare error sqlite3.OperationalError: attempt to write a readonly database As highlighted by https://www.sqlite.org/faq.html#q5 it is likely that the adapter won't allow use multiple exec calls at the same time. So it's best to prevent multiple accesses at a time, by reusing the already in place CVE_CHECK_DB_FILE_LOCK YOCTO #14110 (From OE-Core rev: 3c69e4eb08701516150c78cf8b48f3e90d197b2b) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 677f5741bd265be49d4a5bb933b3e8d8c4eec653) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-01-22T17:56:52+00:00 Ross Burton ross@burtonini.com 2020-09-10T21:04:13+00:00 urn:sha1:ee62d4540e6a2ad5d071209b7bef26b367719b42 Instead of inventing a new task to fetch the CVE data, use the existing fetch task. (From OE-Core rev: 1ed53d5cfc2be40b2d57b5392ec4d30313209934) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f5f97d33a1703d75b9fd9760f2c7767081538e00) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-12-08T20:28:01+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-11-22T15:32:36+00:00 urn:sha1:038e25aec3b70ea847736be288f66afbde4d2f3d The code was assuming that the a recipe with only one srcrev wouldn't "name" it. This isn't the case as the glibc or bzip2 recipes show, you can have a single srcrev which is named. We can pull the data from the fetcher and in fact we already have it, we just need to handle the "default" case and make that code the default for all srcrev regardless of length. [YOCTO #14017] (From OE-Core rev: 9a7ea10660d0efd87e8cadf866e6dbed112b7f94) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 45ae567932ba52b758eb41754453e9828d9533a1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-12-02T16:53:08+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-09-21T09:07:32+00:00 urn:sha1:e24afc304af2212ba5253b20fcabb958275ed4cc (From OE-Core rev: c8c0757f06a8cfa2159575e0b98530b899a889b1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 938e4dfb68a465f61cb754b2cd28d0728616b5a9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-15T11:53:56+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-11-12T17:48:25+00:00 urn:sha1:4b36bbb24396c77e6c16e741472240cca0980d9e kernel.org now has a mirror of the downloads.yoctoproject.org sources archive so include this in our mirrors list. (From OE-Core rev: dbbec36638f035aefbaf22f152a2ca95836d08bd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-15T11:53:55+00:00 Mark Hatle mark.hatle@xilinx.com 2021-09-10T02:22:12+00:00 urn:sha1:0d6ebaf8ff3232248ebf0e859cd09aefaee54a8a Previously if BUILD_REPRODUCIBLE_BINARIES was set to 0, the system would fall back and select the default epoch (April 2011), but still perform the reproducible build actions. This resulted in binaries that had an unusually old date. Simplify the functions and remove the anonymous python as no longer necessary. Also improve the documentation to better explain what the class is doing and how a recipe can override the behavior if necessary. (From OE-Core rev: 814bedacac9f5c343c9888c0b14649189a84f817) Signed-off-by: Mark Hatle <mark.hatle@xilinx.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1976013b026cfba94de32a13e994d92d7e9e39e5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-15T11:53:55+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-09-19T15:20:28+00:00 urn:sha1:116b22a1ce02aa00a5783b5c3a4ce3e212f5ba20 This sstate task is only needed when depended upon, it can be skipped if there are no tasks running that directly depend upon it. This reduced the number of sstate tasks in something like an image build. (From OE-Core rev: 884e44701ada57abe4d8ad9ece424435be25c6a5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 601cee016da5c7505915e26641a085714de175ce) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-15T11:53:55+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-09-13T22:56:16+00:00 urn:sha1:54560698c63c14814b8e22bd0f9e094106561a02 When creating packages we build them with --clamp-mtime and use SOURCE_DATE_EPOCH as the maximum mtime. This makes the end packages reproducible. The data stored in sstate for do_package and the package task doesn't benefit from this though and have varying timestamps. This means their outhash varies and means hash equivalance isn't effective at all and doesn't work as intended/desired. We could create the sstate archives with the same clamping however that would lead to different results depending on whether a task was installed from sstate or not. Making that differ is a path to madness. It also wouldn't fix the outhash of the task to be determninistic without clamping of the date in the hash calculation code. Instead, iterate over the files in sstate output and clamp them at the code level. This isn't ideal but does make the file timestamps determnistic everywhere and means we don't have to change the hash calculation code. This issue can be clearly seen looking at the do_package outhash for a recipe which you then re-run the package task for after adding something like whitespace to the install task. The outhash shouldn't change but currently does. (From OE-Core rev: 06b8f2a5a24be1a87f0eaf29fdba719ebe3bb06e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c3b3cc4745811b48b9193f83889946b2e1788932) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-15T11:53:55+00:00 Jose Quaresma quaresma.jose@gmail.com 2021-11-07T11:36:52+00:00 urn:sha1:c989f6f4e0388da7a66a1dfccdcdd949a4f8193b This patch is a fixup for 676757f "sstate: fix touching files inside pseudo" running the 'id' command inside the sstate_unpack_package function shows that this funcion run inside the pseudo: uid=0(root) gid=0(root) groups=0(root) The check for [ -w ${SSTATE_PKG} ] and [ -O ${SSTATE_PKG}.siginfo ] will always return true and the touch can fail when the real user don't have permission or in readonly filesystem. As the documentation refers: - the file test operator "-w" check if the file has write permission (for the user running the test). - the file test operator "-O" check if you are owner of file We can avoid this test running the touch and mask any return errors that we have. (From OE-Core rev: 29fc85997ade490ae46ffca37ef8e1a56957c876) (From OE-Core rev: e7d94a9cc5ab1b2c5d160fd06d643a4bc3409d26) Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5b9210d66c78bb3f79056e5586cea7b0edd714a9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-15T11:53:55+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-11-09T13:21:31+00:00 urn:sha1:8392750d4fdebdbc30d5bdb136899ce8c638f035 At the last nas outage, we realised that we don't have good mirrors of the uninative tarball if our main system can't be accessed. kernel.org mirrors some Yocto Project data so we've ensured uninative is there. Add the appropriate mirror url to make use of that. (From OE-Core rev: ebeb1458c7f24cd97978beb7cddf814cae43c6a2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>