Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=halstead%2Fhashclient 2023-12-13T11:34:27+00:00 2023-12-13T11:34:27+00:00 Ross Burton ross.burton@arm.com 2023-12-11T13:49:46+00:00 urn:sha1:7cf0c30096913f977c1bd0d7e2b167cac6b93aec It's not uncommon for specific third party modules to use "go" as the product[1]. However, the canonical CPE for the official Go language/runtime is always golang:go[2], so use that explicitly. [1] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-49292 [2] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-39320 (From OE-Core rev: fc3e9cce9e1a5aa5dc9a5ad4abdd4eb61f868d37) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-14T17:10:00+00:00 Peter Marko peter.marko@siemens.com 2023-03-12T08:45:43+00:00 urn:sha1:3a861f2204e18ddf4a9a4add06b84f7b6f36f73a All golang vulnerabilities are reported under product 'go'. By default there is no vulnerability reported for images with golang components because none of used golang packages have correct CVE product set: * go-binary-native * go-runtime * go-cross-* (From OE-Core rev: 09f3a27a809bbec9b08c4e4a2b846b68f386c35c) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-01-05T17:18:15+00:00 Alexander Kanavin alex.kanavin@gmail.com 2022-01-01T11:29:56+00:00 urn:sha1:0111724c3405c422730aaf1353269e3665aea6e2 Go has its own system for creating temporary build sub-directories with randomized names, and setting up debug-prefix-map on the fly to prevent those directories leaking into target binaries. OE's own settings were clashing with it, so this change carefully avoids the two stepping on each other. Additionally, the top level build directory cannot be named 'go-something'. (From OE-Core rev: 9985b17a30bb9b9f1bc82a44662687db5cead66e) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-01-05T17:18:15+00:00 Alexander Kanavin alex.kanavin@gmail.com 2022-01-01T11:29:54+00:00 urn:sha1:a44ba6ae65ce2e9096d7374c02dad4c3503c57e9 go writes build-specific ids into binaries it produces and has a custom system for calculating them from file hashes, environment variables and other inputs (not that dissimilar to sstate cache, actually). This can go wrong :) in various ways (for purposes of reproducibility in particular), so this enables useful logs to see what happens and why. (From OE-Core rev: a587be1d18fc55fe57d1aa5aa7c9e26af887109e) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-02T14:44:10+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-07-28T22:28:15+00:00 urn:sha1:bb6ddc3691ab04162ec5fd69a2d5e7876713fd15 This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-05-12T22:06:03+00:00 Alexander Kanavin alex.kanavin@gmail.com 2021-05-10T13:01:03+00:00 urn:sha1:3127ef1b43926ae7276b19c80eca69ebabf883ec This reverts commit 4118415d4bc6243c98a1440195826be7cbad24f1. This was found to be unnecessary, and broke upstream version checks. (From OE-Core rev: cee436d1eb94663f3604c80b6ad87292f6901498) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-04-23T09:12:10+00:00 Khem Raj raj.khem@gmail.com 2021-04-20T18:28:38+00:00 urn:sha1:4118415d4bc6243c98a1440195826be7cbad24f1 golang.org/dl is resolving to this anyway (From OE-Core rev: 8470e38ac1d9f9bb6d8a4ee43724af452d080057) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-04-18T10:37:26+00:00 wangmy wangmy@fujitsu.com 2021-04-15T16:43:30+00:00 urn:sha1:3d389d46d755a8e58b65db50c5429d6d9150be74 (From OE-Core rev: 2a1eb731ed3bcb049192550e362b771c3a9ea6eb) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-12-15T09:10:46+00:00 Khem Raj raj.khem@gmail.com 2019-12-13T21:15:02+00:00 urn:sha1:0b468662b8b67f5ad355a0d9ece422b3d7a7d091 This reverts commit 4825eede606b075d0d529b38d6162999f1dec506. (From OE-Core rev: 18b90967bd367263280ec871be84e67e3eed11fa) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-12-06T14:41:28+00:00 Khem Raj raj.khem@gmail.com 2019-12-04T16:51:25+00:00 urn:sha1:067476fc55a94956db27ec2a8d9bd1fd6ce74280 These variables depend on TUNE_FEATURES variable and that creeps into dependencies for native as well as a result, which means go-native gets recompiled everytime machine/arch is changed. Fixes sstate differences found e.g. basehash changed from 600fb6be571fa4853232a7fed78945ee19b324e54b1b94cff93ef472b6290103 to 994de861190a56064d3e186d9c411152127e230bf2f77b17e59b2c5932a41249 List of dependencies for variable TUNE_FEATURES changed from '{'TUNE_FEATURES_tune-core2-32', 'DEFAULTTUNE'}' to '{'TUNE_FEATURES_tune-armv7vethf-neon', 'DEFAULTTUNE'}' changed items: {'TUNE_FEATURES_tune-core2-32', 'TUNE_FEATURES_tune-armv7vethf-neon'} (From OE-Core rev: 4825eede606b075d0d529b38d6162999f1dec506) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>