Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=mickledore 2023-11-11T18:23:01+00:00 2023-11-11T18:23:01+00:00 Ross Burton ross.burton@arm.com 2023-10-23T17:38:21+00:00 urn:sha1:fb3a1733c07cb601069b23a2c73b778d6654cd35 The JSON report generated by the cve-check class is basically a huge list of packages. This list of packages is, however, unsorted. To make things easier for people comparing the JSON, or more specifically for git when archiving the JSON over time in a git repository, we can sort the list by package name. (From OE-Core rev: e32b4655e79561dd9c38efdf99858372bde806b0) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e9861be0e5020830c2ecc24fd091f4f5b05da036) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-10-25T14:51:01+00:00 Antoine Lubineau antoine.lubineau@easymile.com 2023-09-21T08:23:52+00:00 urn:sha1:39bec240c26b2a0b7dfb7e3078f95003a15c0102 This allows building detailed vulnerability analysis tools without relying on external resources. (From OE-Core rev: 587ae7bc85fc471d927308d866821d463799023d) Signed-off-by: Antoine Lubineau <antoine.lubineau@easymile.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 048ff0ad927f4d37cc5547ebeba9e0c221687ea6) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-08-30T14:52:36+00:00 Peter Suti peter.suti@streamunlimited.com 2023-07-31T09:34:15+00:00 urn:sha1:018d214f9db255e20b612bc89fe72c864fa4f26b Instead of deleting setscene tasks, now SSTATE_SKIP_CREATION is set instead. This seems to fix the compile issues where the populate_sysroot task was not run when an externalsrc recipe was built as a dependency. [YOCTO #15164] [RP addition: The deltask was added by me in 2012 when the class was created. The trouble is bitbake assumes 'sstate' tasks have a setscene task and by deleting the setscene task, bitbake stops thinking the task can be accelerated. There is other code in the sysroot code which assumes some tasks are always sstate tasks. We cannot delete the task without changes to the way bitbake learns about 'setscene' tasks so the patch is correct, avoiding creating files is the better approach given the way the world works now. There would be concerns about exisitng sstate reuse however this shouldn't occur since SRC_URI changes and that will change the underlying hashes. Hash equivalency could potentially cause issues by joining hashes together again however if the output matches, that shouldn't in theory cause any issue.] (From OE-Core rev: 18d0ace2d7becf2a1588d2d2b7ca0f6f2108b64f) Signed-off-by: Peter Suti <peter.suti@streamunlimited.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ee4667a24ccdd8c9d547e73aecf661e6a1283890) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-07-04T15:32:29+00:00 Mikko Rapeli mikko.rapeli@linaro.org 2023-06-13T08:02:16+00:00 urn:sha1:beb7517072678dfc30e2255c41f7dc4b66aae203 Current error message is difficult to read: ERROR: Nothing PROVIDES 'image' trs-image was skipped: image - image: normal username test does not have a static ID defined. Add test to one of these files It's not clear that first "image" is recipe name, second "image" is binary package name and that "test" is the user account which does not have a static ID defined. Improve the error message so that these are more explicit. Now the error message looks like: image was skipped: Recipe image, package image: normal username "test" does not have a static ID defined. (From OE-Core rev: 3285f6080161ccc808efb7fce7db9dc0dd236ffa) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 07898218f3908a83e07178b6530dfa48d55d4ec2) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2023-04-04T12:11:50+00:00 Mingli Yu mingli.yu@windriver.com 2023-04-03T09:35:51+00:00 urn:sha1:93196f698a7aab014d3999e3d21dd4ffd7a05d79 Make the report-error catch Nothing PROVIDES error and then we can check it directly via error report web. (From OE-Core rev: a57d8f82b83554c821a83eacc02f9c73b263ff02) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-01T10:36:26+00:00 Frederic Martinsons frederic.martinsons@gmail.com 2023-03-31T05:45:24+00:00 urn:sha1:da1bcf08089d8276a156a221af405863b6746b7b Without that, the possible git urls that are in SRC_URI of a recipe are removed from SRC_URI during devtool process and so the cargo_common_do_patch_paths in cargo_common.bbclass cannot patch these packages to fetch them locally. I use a generic type name because I foresee this change will be useful for recipe that used a package manager (cargo but also npm) see https://bugzilla.yoctoproject.org/show_bug.cgi?id=11015 (From OE-Core rev: 474658a3681c343385c359a21c3693401217298d) Signed-off-by: Frederic Martinsons <frederic.martinsons@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-01T10:36:26+00:00 Marta Rybczynska rybczynska@gmail.com 2023-03-29T10:02:56+00:00 urn:sha1:15dc92a4b19baedbb9bfa95fbe2c8b6a7c9987c8 Add new fetcher for the NVD database using the 2.0 API [1]. The implementation changes as little as possible, keeping the current database format (but using a different database file for the transition period), with a notable exception of not using the META table. Minor changes that could be visible: - the database starts in 1999 instead of 2002 - the complete fetch is longer (30 minutes typically) [1] https://nvd.nist.gov/developers/vulnerabilities (From OE-Core rev: fb62c4c3dbca4e58f7ce6cf29d4b630a06411a97) Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-30T11:30:38+00:00 Geoffrey GIRY geoffrey.giry@smile.fr 2023-03-28T10:23:49+00:00 urn:sha1:81740facf458a5a3326c0cfca20ebf75d8fe91d0 NVD DB store version and update in the same value, separated by '_'. The proposed patch check if the version from NVD DB contains a "_", ie 9.2.0_p1 is convert to 9.2.0p1 before version comparison. [YOCTO #14127] Reviewed-by: Yoann CONGAL <yoann.congal@smile.fr> (From OE-Core rev: 7d00f6ec578084a0a0e5caf36241d53036d996c4) Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-09T21:06:37+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2023-03-08T10:12:45+00:00 urn:sha1:a5352932d927a164b460a2e117bfb1bd9aeb345a The previous fix wasn't enough to address all the possible ways the manifests might be ordered. Rework the previous fix so it is tied to the multilib cross-canadian code which is causing the problem. RECIPE_SYSROOT_MANIFEST_SUBDIR is not documented as I'd hope nobody ever needs to use this outside the core multilib code. (From OE-Core rev: beab42e00713880cd95a04729c892f8662fbcbed) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-06T09:52:16+00:00 Maanya Goenka maanyagoenka@linux.microsoft.com 2023-03-03T00:35:43+00:00 urn:sha1:094984833ac27c632701f763c5ee447564d63f62 The issue encountered is about local stos builds failing (when these builds are preceded by a local SoC OS or MOS build). Essentially, the failure is seen when building two different configs with shared state, one where gcc-cross-<arch> has a dependency and one where it doesn't (specifically, one where the abicheck class in meta-binaryaudit is inherited and one where it isn't). Hence, the task signatures change but a rerun of those said tasks does not occur. The result is that when the config with the dependency is built and then the one without is built, due to incorrect dependencies, the SPDX manifest creation stage errors out. create-spdx relies on BB_TASKDEPDATA to get dependencies and then adds that variable to vardepsexclude. A change in dependencies therefore, does not result in a re-execution of the tasks. This commit adds an explicit dependency on DEPENDS which influences BB_TASKDEPDATA and triggers reruns for new config builds having different dependencies. (From OE-Core rev: 1a0dac4f45c489d107d9627d3c3ab7ccf1c60920) Signed-off-by: Maanya Goenka <maanyagoenka@microsoft.com> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>