Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=mickledore-next 2023-04-04T12:11:50+00:00 2023-04-04T12:11:50+00:00 Mingli Yu mingli.yu@windriver.com 2023-04-03T09:35:51+00:00 urn:sha1:93196f698a7aab014d3999e3d21dd4ffd7a05d79 Make the report-error catch Nothing PROVIDES error and then we can check it directly via error report web. (From OE-Core rev: a57d8f82b83554c821a83eacc02f9c73b263ff02) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-01T10:36:26+00:00 Frederic Martinsons frederic.martinsons@gmail.com 2023-03-31T05:45:24+00:00 urn:sha1:da1bcf08089d8276a156a221af405863b6746b7b Without that, the possible git urls that are in SRC_URI of a recipe are removed from SRC_URI during devtool process and so the cargo_common_do_patch_paths in cargo_common.bbclass cannot patch these packages to fetch them locally. I use a generic type name because I foresee this change will be useful for recipe that used a package manager (cargo but also npm) see https://bugzilla.yoctoproject.org/show_bug.cgi?id=11015 (From OE-Core rev: 474658a3681c343385c359a21c3693401217298d) Signed-off-by: Frederic Martinsons <frederic.martinsons@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-01T10:36:26+00:00 Marta Rybczynska rybczynska@gmail.com 2023-03-29T10:02:56+00:00 urn:sha1:15dc92a4b19baedbb9bfa95fbe2c8b6a7c9987c8 Add new fetcher for the NVD database using the 2.0 API [1]. The implementation changes as little as possible, keeping the current database format (but using a different database file for the transition period), with a notable exception of not using the META table. Minor changes that could be visible: - the database starts in 1999 instead of 2002 - the complete fetch is longer (30 minutes typically) [1] https://nvd.nist.gov/developers/vulnerabilities (From OE-Core rev: fb62c4c3dbca4e58f7ce6cf29d4b630a06411a97) Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-30T11:30:38+00:00 Geoffrey GIRY geoffrey.giry@smile.fr 2023-03-28T10:23:49+00:00 urn:sha1:81740facf458a5a3326c0cfca20ebf75d8fe91d0 NVD DB store version and update in the same value, separated by '_'. The proposed patch check if the version from NVD DB contains a "_", ie 9.2.0_p1 is convert to 9.2.0p1 before version comparison. [YOCTO #14127] Reviewed-by: Yoann CONGAL <yoann.congal@smile.fr> (From OE-Core rev: 7d00f6ec578084a0a0e5caf36241d53036d996c4) Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-09T21:06:37+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2023-03-08T10:12:45+00:00 urn:sha1:a5352932d927a164b460a2e117bfb1bd9aeb345a The previous fix wasn't enough to address all the possible ways the manifests might be ordered. Rework the previous fix so it is tied to the multilib cross-canadian code which is causing the problem. RECIPE_SYSROOT_MANIFEST_SUBDIR is not documented as I'd hope nobody ever needs to use this outside the core multilib code. (From OE-Core rev: beab42e00713880cd95a04729c892f8662fbcbed) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-06T09:52:16+00:00 Maanya Goenka maanyagoenka@linux.microsoft.com 2023-03-03T00:35:43+00:00 urn:sha1:094984833ac27c632701f763c5ee447564d63f62 The issue encountered is about local stos builds failing (when these builds are preceded by a local SoC OS or MOS build). Essentially, the failure is seen when building two different configs with shared state, one where gcc-cross-<arch> has a dependency and one where it doesn't (specifically, one where the abicheck class in meta-binaryaudit is inherited and one where it isn't). Hence, the task signatures change but a rerun of those said tasks does not occur. The result is that when the config with the dependency is built and then the one without is built, due to incorrect dependencies, the SPDX manifest creation stage errors out. create-spdx relies on BB_TASKDEPDATA to get dependencies and then adds that variable to vardepsexclude. A change in dependencies therefore, does not result in a re-execution of the tasks. This commit adds an explicit dependency on DEPENDS which influences BB_TASKDEPDATA and triggers reruns for new config builds having different dependencies. (From OE-Core rev: 1a0dac4f45c489d107d9627d3c3ab7ccf1c60920) Signed-off-by: Maanya Goenka <maanyagoenka@microsoft.com> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-02-24T17:05:24+00:00 Jose Quaresma quaresma.jose@gmail.com 2023-02-17T09:58:55+00:00 urn:sha1:cfe5e501998d93bed3e4d89c76732558b89e1acb Enabling the network uncondictional is not need for some use cases. Such use case is usefull to reuse the sstate-cache of the build and it requires the icecc inherit in all of the builds. The real control control of the icecc is in the variable ICECC_DISABLED so this patch change the logic to enable the network when the icecc is in use. (From OE-Core rev: 0fd3a9c13a30a67ccef6619627efd9613755a0c3) Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-02-19T07:47:53+00:00 Joshua Watt JPEWhacker@gmail.com 2023-02-15T21:13:46+00:00 urn:sha1:ceb95cf9c2c6948645bf798e4e9554d955a8c8fb Moves the downloaded items from SRC_URI into separate packages in the recipe document. This is much better than the previous implementation because: 1) It can report multiple download locations in SRC_URI, instead of just the first one reported. 2) It prevents the assumption that the source files listed in the recipe are the exact file from the source URL; in particular, files that come from file:// SRC_URI entries, and source files that have been patched were problematic, since these aren't from the upstream source. 3) It allows the checksums to be specified (From OE-Core rev: 1dd4369b3638637a2cbba2a3c37c6b6f4df335cd) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-02-15T10:21:35+00:00 Saul Wold Saul.Wold@windriver.com 2023-02-13T19:54:13+00:00 urn:sha1:4f1a0855afbfc886dc59cfaa79a11d0fed8eaa3e This change adds a new variable to track which recipe variables are added as SPDX Annotations. Usage: add SPDX_CUSTOM_ANNOTATION_VARS = <some recipe variable> The recipe spdx json will contain an annotation stanza that looks something like this: "annotations": [ { "annotationDate": "2023-02-13T19:44:20Z", "annotationType": "OTHER", "annotator": "Tool: oe-spdx-creator - 1.0", "comment": "CUSTOM_VARIABLE=some value or string" }, (From OE-Core rev: 33ced8338f0facb412b5f24cf9df4a84226a2a94) Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-02-15T10:21:34+00:00 Joshua Watt JPEWhacker@gmail.com 2023-02-09T15:06:39+00:00 urn:sha1:8b39d1a7cbf9a201bac23fae4201b6a41317f188 Per feedback from users, remove the top level image SPDX file and the JSON index file from DEPLOYDIR. Having these files here is confusing to end users because these files are not very useful by themselves, and having them in DEPLOYDIR makes it unclear which they should be using. (From OE-Core rev: 4e081802ecb352e0a300a98c924354f8393e4163) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>