| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should help to avoid problems that will occur if the modification
time of database file itself is altered e.g. by unassociated
process(es) on the file system which hosts the database file.
Since this change updates the database structure by adding a new table,
bump the 'minor' version number in database file names to enforce full
database fetch. This should also iron out e.g. situation where the
database might have inconspicuously omitted entries due to way in which
the mtime of database file itself was relied upon.
(From OE-Core rev: 740b66cc7a4784b2f85f3a6a7cf8c21b7ba5db77)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since enabling NVD1 as NVD_DB_VERSION nowadays leads to BitBake failure
WARNING: cve-update-db-native-1.0-r0 do_fetch: Failed to fetch CVE data (HTTP Error 403: Forbidden)
WARNING: cve-update-db-native-1.0-r0 do_fetch: Host IPs are 172.65.90.26, 172.65.90.25, 172.65.90.24, 172.65.90.27, 2606:4700:78::90:0:180, 2606:4700:78::90:0:183, 2606:4700:78::90:0:181, 2606:4700:78::90:0:182
WARNING: cve-update-db-native-1.0-r0 do_fetch: CVE database update failed
ERROR: cve-update-db-native-1.0-r0 do_unpack: Error executing a python function in exec_func_python() autogenerated:
Remove the support for obsolete NVD1.
(From OE-Core rev: 9cd19f0dc1629086ab1dd18d969e0b4e9acac3ea)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cross-canadian packages
clang-cross-canadian is just symlinking into nativesdk-clang unlike gcc which
has separate binaries and they have inbuilt dynamic linker specs. To help clang
built cross-canadian binaries add it via cmdline option here, cross-canadian
binaries are only usable on installed SDKs, and these paths get re-written with
correct SDK specific linker during SDK install relocation process.
This helps clang built cross-canadian tools e.g. from binutils-cross-canadian
be relocated correctly on SDK install.
(From OE-Core rev: d259796efd6c405dd47fabccdbce761cb29fc354)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we have changes on SPDX_LICENSES content we ended up building invalid sstate-cache archives.
The default value for the SPDX_LICENSES is the file meta/files/spdx-licenses.json but this file
don't use the bitbake fetcher and because of this their checksum is not validated.
So we need to add this file to the build dependency chain of the SPDX.
For example, currently we have bump from 3.24.0 to 3.27.0 on master-next for the file
meta/files/spdx-licenses.json. Since the file content is not taken into account, we end
up creating invalid sstate-cache artifacts on the autobuilder on master-next builds.
This created sstate-cache artifacts will also be available to master branch users
that are using the upstream sstate-cache mirror.
If someone is using the public mirror but still following the master branch
they will encounter something like the following error which this change aims to resolve.
| ERROR: initramfs-rootfs-image-1.0-r0 do_create_image_sbom_spdx: http://spdxdocs.org/openembedded-alias/by-doc-hash/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc/zlib/UNIHASH/license/3_27_0/Zlib not found in /work/build/tmp/deploy/spdx/3.0.1/armv8a/by-spdxid-hash/57/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc.spdx.json
(From OE-Core rev: 10669f6f615058293671fb16454601580b7b34e9)
Signed-off-by: Jose Quaresma <jose.quaresma@oss.qualcomm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
We can have more files types in the chain of dependencies and not just libs.
(From OE-Core rev: f400ba75f2d7987abb177a43f94874a7fdc1ec0a)
Signed-off-by: Jose Quaresma <jose.quaresma@oss.qualcomm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building an entire multilib image (e.g. lib32-core-image-minimal)
we need to ensure that the unneeded packages in ROOTFS_RO_UNNEEDED get
the multilib prefix applied before they are compared against the list of
installed packages inside Rootfs._uninstall_unneeded() to decide whether
they need to be installed.
Before this change with local.conf containing:
MACHINE = qemuarm64
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7at-neon"
IMAGE_FEATURES = "read-only-rootfs"
running:
bitbake lib32-core-image-minimal
tar tavf tmp/deploy/images/qemuarm64/lib32-core-image-minimal-qemuarm64.rootfs.tar.zst|grep postinst
shows three files:
-rwxr-xr-x 0/0 25 2018-03-09 12:34 ./etc/init.d/run-postinsts
lrwxrwxrwx 0/0 0 2018-03-09 12:34 ./etc/rcS.d/S99run-postinsts -> ../init.d/run-postinsts
-rwxr-xr-x 0/0 2153 2018-03-09 12:34 ./usr/sbin/run-postinsts
whereas with this change there are no matching files.
(From OE-Core rev: 77c35362fb13c75145f9f999216b3d879ab18b77)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The relevant tools (objdump, strip, etc) are part of llvm-native now,
so trim dependencies and depend on that directly instead of clang-cross.
(From OE-Core rev: 732fb127b59b2d8fd23c2716355ba44f3f5a6a9d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, class extensions are implmented using shadow variables and
access indirection which is horribly ineffient and ugly.
Switch to using the new bitbake filter API, which allows a translation
of the variable before the expanded value is returned. This allows us
to drop the shadow variable accesses. It also avoids the need to iterate
PACKAGES and make many variable changes since a filter against RDEPENDS
applies to RDEPENDS:${PN} and all of it's other overridden values.
Since data expansion happens at access, it also avoids many of the race
conditions this code has tranditionally been plagued with.
(From OE-Core rev: 24a9858a8927e91d499ee342ed93a0dbb44d83bc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some recipes explicitly disable ccache via CCACHE_DISABLE variable since
they are known issues with ccache in those recipes.
This setting should not be ignored also when ccache in in HOSTOOLS.
Rework a hard to read if clause so that it is in format
if (not CCACHE_DISABLE and (cond1 or cond2 or cond2)):
(From OE-Core rev: 2ea0f82e5f9bb21d21503ed06cf74153ae8cbcc7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUILD_LDFLAGS is used by other recipes to emit native LDFLAGS
into their cmake toolchain files especially in QT layers. it
will usually be inherited by recipes wanting clang provide
BUILD_* variables so this is more appropriate than LDFLAGS to
pass these options.
(From OE-Core rev: f258d6e437a68bfd8a46f185cbeb17bfcccf940b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This file can be used for nativesdk builds, which if they are using the
clang toolchain will also need compiler-rt and libcxx.
(From OE-Core rev: 24c32edb1b29a0746bb4470fea11e87b8027d9f9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment we don't allow ccache for native recipes to avoid the
dependency loop of native recipes needing ccache-native which then
depends on itself.
One way to avoid this dependency loop is to just provide a host ccache,
so enable ccache globally if ccache is in HOSTTOOLS. This isn't set
out of the box, but does work.
(From OE-Core rev: cc91a0f6500e88dd96a56307226fcfd16c60c342)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This variable controls how ccache determines if the cache is valid or not
for a given compiler.
By default, ccache looks at the mtime of the compiler binary. This should
be sufficient for our purposes as the mtime is preserved from sstate
and will only be changed on rebuilds if the binary is actually different.
(From OE-Core rev: 27aec0bab6fcb19c5d5be30763f4038a46922e8f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move some environment variables to the configuration file, so there's
less happening in the class.
Max_size was removed so that the per-recipe caches don't grown without
limit. The default cache is 5GB.
(From OE-Core rev: 8c1c38a6b3073d2dd34514f5a90805c12c0f42dd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add clang-cross to sysroot via POPULATESYSROOTDEPS to get llvm tools
e.g. llvm-strip, llvm-nm etc when they are used at default STRIP/NM etc.
(From OE-Core rev: 0d239586ec2f258a42d60f9fb6a058344516218a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
When TC_CXX_RUNTIME is set to be 'llvm' then clang looks for
libcxx to provide C++ runtime and unwinding library
(From OE-Core rev: aba2d949818b032222dbaed98e38cd29e3c992b6)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
externalsrc_configure_prefunc assumed that the .git directory is
${S}/.git. This isn't true for submodules at least.
srctree_hash_files already contained code to ask Git for the correct
path to the .git directory. Let's move that code to a new find_git_dir
function and call it from both places and make the behaviour consistent.
(From OE-Core rev: 47891e200e92ba34a6ff2df2fba1032738f52f98)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some recipes demand full clang/llvm builds e.g. chromium we need to use
clang as native toolchain. This class collects all needed bits to enable
OE built clang to provide the clang native toolchain
Setting
TOOLCHAIN_NATIVE = "clang"
in recipe will chose clang for native toolchain
(From OE-Core rev: 43ba5ed17e069b13cd43c36650524a0113c81955)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, still use ${PV} as the the version of a package in SPDX 2
$ echo 'INHERIT:remove = "create-spdx"' >> conf/local.conf
$ echo 'INHERIT += "create-spdx-2.2"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json
...
"name": "acl",
"summary": "Utilities for managing POSIX Access Control Lists",
"supplier": "Organization: OpenEmbedded ()",
"versionInfo": "2.3.2"
},
...
Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to versionInfo in SBOM 2
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json
...
"name": "acl",
"summary": "Utilities for managing POSIX Access Control Lists",
"supplier": "Organization: OpenEmbedded ()",
"versionInfo": "2.3.2-r0"
},
...
(From OE-Core rev: 0bd069f526ee0d535477b75a4aa825b4cb589423)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation of BUILDHISTORY_RESET is problematic, particlarly given that
people are trying to create an API with it alongside BUILDHISTORY_PRESERVE
which simply doesn't exist and can't work reliably. Worse, the code paths with
this bolted on implementation are convoluted and near impossible to follow.
BUILDHISTORY_PRESERVE is effectively internal API, used to stop buildhistory
removing some files which are needed for data, or are created at different
parts of the build. Add a comment to explain what it is doing and why these files
are listed.
Commit 9f68a45aa238ae5fcdfaca71ba0e7015e9cb720e tried to "fix" preserve support
with the reset functionality but it didn't fully work and has just exposed futher
issues. There is a further fix however I can brely follow the code and in reviewing
it, I've concluded we shouldn't be doing this at all.
Due to the way BUILDHISTORY_RESET was implemented, horrible races were introduced
making it unclear what happens to the data if builds fail for example, or how sstate
interacts with the build since things get reset but stamps do not and tasks may not
rerun. It also interacts badly with any additions to the preserve list, due to
misunderstandings on what that variable does.
Having stared long and hard at the code, and really struggled to understand it, I',
of the view that "reset" for CI purposes should be done by the CI itself. The CI can
choose to remove some files or all files and decide how to handle failures. It has
to handle the buildhistory directory anyway.
Therefore drop BUILDHISTORY_RESET support, allowing the "old" codepaths to be dropped.
BUILDHISTORY_PRESERVE is better documented to hint that it is internal API and to
show what it is really for.
If we really do want some functionality list this, it needs to be implemented in a
way you can follow the code, and have tests.
(From OE-Core rev: 15c5258fd0063ace425b7e904521f1695ffb2a85)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that recipes default to S in UNPACKDIR, recipetool and devtool should
do the same.
There was some discussion about changing devtool to simply setting
UNPACKDIR via bbappend to a workspace and running unpack task directly;
currently it has a bunch of convoluted path calculations, substitutions,
moving source trees around and and special casing (devtool-source.bbclass
in particular is an unpleasant hack).
This should definitely be done; but right now we can simply tweak existing
code which at least doesn't make it worse.
(From OE-Core rev: c326ca8aeb2bf0f7719e43921d10efd5dedc7b2a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the
source code files that are used during compilation.
It uses debugsource information generated during do_package.
This enables an external tool to use the SPDX information to disregard
vulnerabilities that are not compiled.
As example, when used with the default config with linux-yocto, the spdx size is
reduced from 156MB to 61MB.
Tested with bitbake world on oe-core.
CC: Quentin Schulz <quentin.schulz@cherry.de>
CC: Joshua Watt <JPEWhacker@gmail.com>
CC: Peter Marko <peter.marko@siemens.com>
(From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As currently written, the PREFERRED_PROVIDER entries don't work with multilib
since they are added after the manipulations by multilib_global at ConfigParsed
time. We therefore need to spell out the configs correctly for multilib.
To avoid variable overwritten warnings from the expansion, we then have to
expand out the nativesdk providers usng class overrides.
(From OE-Core rev: 1f69850b62d1e022055d0f3b93ad270c2980462e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change implements a toolchain selection mechanism. Selection is
made using a set of variables, primarily PREFERRED_TOOLCHAIN_TARGET which
defaults to gcc.
It uses the familiar name for toolchain e.g. "gcc" which selects GNU
compiler + binutils as default C/C++ toolchain or "clang" which will
use LLVM/Clang Compiler. Layers an add their own toolchain definitions
too.
There are also PREFERRED_TOOLCHAIN_NATIVE and PREFERRED_TOOLCHAIN_SDK
which will ulitmately allow selection of the toolchain used for the
native/cross and nativesdk/crosssdk compilers. This currently isn't
functional but is essential to the patch to ensure things are set
to the existing gcc support in those cases.
Users would most commonly want to set:
PREFERRED_TOOLCHAIN_TARGET ?= "clang"
in local.conf or other distro specific global configuration metadata.
It is also selectable at recipe scope, since not all packages are
buildable with either clang or gcc, a recipe can explicitly require
a given toolchain using the TOOLCAHIN variable, e.g. glibc can not
be built with clang therefore glibc recipe sets:
TOOLCHAIN = "gcc"
The TOOLCHAIN variable is distinct from the user preference so recipes
with specific requirements can be identified. This also allows different
polcies to be be specified for native/SDK cases in the future.
(From OE-Core rev: 45bdedd213aff8df3214b95ef2a8551c0abd93a0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users may unknowingly put tabs in BBLAYERS instead of spaces, and this is
interpreted as a literal "\t" at the start of the filepath which causes
_get_layer_dict() function to fail at finding the filepath.
Instead of using split(" "), which restricts it to split on just spaces
replace with split() as this handles spaces, tabs and newlines.
Min steps to reproduce:
- Clone the poky repo:
git clone git://git.yoctoproject.org/poky
cd poky
source oe-init-build-env
- Insert tabs in the BBLAYERS variable in bblayers.conf
- Note: tab needs to be in the recipe that is being built for the error to be observed
- Ex: ` /home/<user>/src/poky/meta-skeleton \`
- Start toaster
source toaster start
bitbake hello
Error message:
FileNotFoundError: [Errno 2] No such file or directory: '\t/home/<user>/src/poky/meta-skeleton’
Fix by using split() instead of split(" ").
Suggested-by: Anakin Childerhose <anakin.childerhose@savoirfairelinux.com>
CC: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 5ef1adca618cbf2d3e9ad2e5d504728b91d15e85)
Signed-off-by: Osose Itua <osose.itua@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are reports this class has been broken since mickledore which suggests
there are limited numbers of users. It doesn't have any automated testing
and it would be hard to setup and maintain a testing environment for it. The
original users/manintainers aren't using it now.
For those reasons, drop from OE-Core as we're not in a good position to
maintain it. I'd suggest anyone wanting to use it creates a dedicated layer
with maintainers who are in a position to test/develop it appropriately since
it is standalone code.
(From OE-Core rev: ecf8c386cf83ea235bdc4ee0da6671a395a4c358)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new recipe linux-yocto-fitimage.bb and the new
kernel-fit-image.bbclass are intended to become successors of the
kernel-fitimage.bbclass.
Instead of injecting the FIT image related build steps into the kernel
recipe, the new recipe takes the kernel artifacts from the kernel recipe
and creates the FIT image as an independent task.
This solves some basic problems:
* sstate does not work well when a fitImage contains an initramfs. The
kernel is rebuilt from scratch if the build runs from an empty TMPDIR.
* A fitImage kernel is not available as a package, but all other kernel
image types are.
* The task dependencies in the kernel are very complex and difficult to
debug if something goes wrong. As a separate, downstream recipe, this
is now much easier.
The recipe takes the kernel artifacts from the deploy folder. There was
also a test implementation passing the kernel artifacts via sysroot
directory. This requires changes on the kernel.bbclass to make it
copying the artifacts also to the sysroot directory while the same
artifacts are already in the sstate-cached deploy directory.
The new class kernel-fit-extra-artifacts.bbclass generates and deploys
the kernel binary intended for inclusion in a FIT image.
Note that the kernel used in a FIT image is a stripped (and optionally
compressed) vmlinux ELF binary - not a self-extracting format like
zImage, which is already available in the deploy directory if needed
separately.
The kernel-fit-extra-artifacts.bbclass can be used like this:
KERNEL_CLASSES += "kernel-fit-extra-artifacts"
(if uImage support is not needed, or with :append otherwise)
The long story about this issue is here:
[YOCTO #12912]
(From OE-Core rev: 05d0c7342d7638dbe8a9f2fd3d1c709ee87d6579)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, pseudo tracks all files referenced within its presence unless
they're listed in an exclusion list. The exclusion list has grown to be
fairly unwieldy.
This patch swaps PSEUDO_IGNORE_PATHS for PSEUDO_INCLUDE_PATHS which in
theory should be easier and more explicit to maintain.
This change does drop many directories from pseudo coverage including
/home and /tmp. There may be adapatations needed for recipes/classes
using pseudo in specific ways.
(From OE-Core rev: 2502da81709f25de499277b28d33c915638c45f6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rootfs VEX file is created by gathering files from CVE_CHECK_DIR
(deploy directory), however recipes generate the files only in
CVE_CHECK_DIR (log directory).
This make the rootfs VEX be always empty without any message.
The code is copied from cve_check class, which writes to both, so let
keep them aligned and make also vex write both files.
Also add a warning for case that a cve file would be still missing.
(From OE-Core rev: ee6541d0940c65685aaafd7d41a59a9406392e7d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Define var-SPDX_PACKAGE_URL to provide software_packageUrl field [1][2]
in SPDX 3.0 SBOM, support to override with package name
SPDX_PACKAGE_URL:<pkgname>
Currently, the format of purl is not defined in Yocto, set empty for now
until we have a comprehensive plan for what Yocto purls look like.
But users could customize their own purl by setting var-SPDX_PACKAGE_URL
[1] https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Properties/packageUrl/
[2] https://spdx.github.io/spdx-spec/v3.0.1/annexes/pkg-url-specification/
(From OE-Core rev: c8e6953a0b6f59ffca994c440069db39e60b12d2)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Debug level was not added as a parameter, causing a warning.
(From OE-Core rev: 40157fcbd9066f261812ba665ec963b2e496aa53)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
WARNING: meta/classes/sign_rpm.bbclass:36 has a lack of whitespace
around the assignment: 'RPM_SIGN_PACKAGES='1''
(From OE-Core rev: d393539e03b60bf299e2d1c8ac781e0c6f7787b1)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If spdx is generated without inheriting cve/vex classes (which is poky
default), only explicitly set CVE_STATUS fields are handled.
Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored.
Fix this by expanding the CVE_STATUS in spdx classes.
(From OE-Core rev: ead9c6a8770463c21210a57cc5320f44f7754dd3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and
CVE_STATUS_GROUPS is used on multiple places.
Create a library funtion to have the code on single place and ready for
reuse by additional classes.
(From OE-Core rev: 45e18f4270d084d81c21b1e5a4a601ce975d8a77)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Setting SPDX_ARCHIVE_SOURCES and SPDX_ARCHIVE_PACKAGED makes no
difference when using the spdx-3.0 class. Move these two in the spdx-2.0
class since they are only used there.
(From OE-Core rev: 8ce06538c9cde0f09909a5a2e61ec10b0d35df49)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, still use ${PV} as the the version of a package in SBOM 3
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2"
},
...
Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to software_packageVersion in SBOM 3
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2-r0"
},
...
(From OE-Core rev: e6ff5f4d870624795bd36572f5c2bfeec90d83ce)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The common SPDX code was changed to return a dataclass for dependency
information instead of a namedtuple, but the SPDX 2.2 was missed to
account for this. Correct the SPDX 2.2 code to correctly handle the new
datatype
(From OE-Core rev: 79a03abd37839973996efc957d44614edcbd6b87)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Bitbake is dropping the need for fetcher name iteration and multiple revisions
per url. Update the code to match (removal of the for loop).
(From OE-Core rev: 571e8c6730eb5b89f732d879487ae578ef04aaee)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Bitbake is dropping the need for fetcher name iteration and multiple revisions
per url. Update the code to match (removal of the for loop).
(From OE-Core rev: 4859cdf97fd9a260036e148e25f0b78eb393df1e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If tag.gpgSign is configured in Git's configuration, then creating the
build-minus-X tags will fail (if Git's core.editor is not configured) or
it will hang (when trying to open the editor). This is beacause
tag.gpgSign causes git tag to create annotated tags. To avoid this,
specify --no-sign as argument to git tag.
(From OE-Core rev: 7595a0a63a933af9dd9d1e458dc34a4ba80d9eae)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If tag.gpgSign is configured in Git's configuration, then creating the
devtool-patched tag will fail (if Git's core.editor is not configured)
or it will hang (when trying to open the editor). This is beacause
tag.gpgSign causes git tag to create annotated tags. To avoid this,
specify --no-sign as argument to git tag.
(From OE-Core rev: 5dba8d0b6c940934375eea9af37e7c4856b51c96)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move to the FKIE feed by default, as it is showing better stability
than NVD2. Content of the feed should be the same.
(From OE-Core rev: 10580a6d36aa1366732f9c030345bd4590eb9f74)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SPDX library code was being ignored from taskhash calculations due
to accidentally being omitted from BBIMPORTS. This meant that changes in
the code or dependent variables would not cause the task to rebuild
correctly.
In order to add spdx_common, convert the `Dep` object from a named tuple
to a frozen dataclass. These function more or less equivalently, but the
bitbake code parser cannot handle named tuples.
Finally, the vardepsexclude that used to be present on the recipe tasks
needs to be moved to the python code in order for the variables to be
correctly ignored. Several unused exclusions were removed
(From OE-Core rev: eb597bf61cbcb0a4d43149404c93eec0894fb4c7)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to Yocto reference manual, in description of the
IMAGE_LINK_NAME variable, it is said that
It is possible to set this to "" to disable symlink creation,
however, you also need to set :term:`IMAGE_NAME` to still have
a reasonable value e.g.::
IMAGE_LINK_NAME = ""
IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}"
However, when using following additions in local.conf file:
INHERIT += "cve-check"
IMAGE_LINK_NAME = ""
IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}"
the implicit symlink creation in cve_check_write_rootfs_manifest leads
to following build failure
$ bitbake core-image-minimal core-image-base
...
ERROR: core-image-base-1.0-r0 do_image_complete: Recipe core-image-base is trying to install files into a shared area when those files already exist. The files and the manifests listing them are:
/home/poky/build/tmp/deploy/images/qemux86-64/.json
(matched in manifest-qemux86_64-core-image-minimal.image_complete)
Please adjust the recipes so only one recipe provides a given file.
Mitigate the issue by creating the symlink only in case IMAGE_LINK_NAME
has not been set to empty string.
(From OE-Core rev: 64bfec359bd909761ce0a6a716286d938ed162d1)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow choice of one of three feeds and update task dependencies
accordingly. All feeds contain data from NVD and are stored in
different files.
Set the NVD_DB_VERSION variable to choose feed:
NVD2 (default) - the NVD feed with API version 2
NVD1 - the NVD JSON feed (deprecated)
FKIE - the FKIE-CAD feed reconstruction
In case of malformed database feed name, we default to NVD2 and show
an error.
(From OE-Core rev: f265812bfb6797aee10e7be42865736c9ff3478f)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Create missing directories required to create the symlink.
Use relative symlinks to stay in the build directory scope (to avoid sstate issue with absolute paths).
(From OE-Core rev: 6c4e3206b6537f714416688cf8c921dd21cdfc20)
Signed-off-by: Alexander Yurkov <alexander.v.yurkov@gmail.com>
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
LIC_FILES_CHKSUM supports begin-/endline for licenses included in
for instance header files. This patch adds support for line numbers
to NO_GENERIC_LICENSE, too.
(From OE-Core rev: 8e7ee19fc9e74cf042880f4bc317782482ba6f66)
Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, providers are set on a global config basis. This change allows
for a select set of providers to be configured using BB_RECIPE_VIRTUAL_PROVIDERS
on a per recipe basis. This would allow for the selection of virtual/cross-cc
as gcc or clang for example.
The PROVIDERS are removed from the recipes so that if a version of the
dependency accidentally slips through, the build will fail and the user
can correct the issue.
(From OE-Core rev: 6eeab1a5d7f23917b94c130e417d59afb757b546)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When building with the class, avoid errors like:
"sstate found an absolute path symlink /xxx/vendor pointing at
/xxx/import/vendor. Please replace this with a relative link."
Use relative symlinks instead.
(From OE-Core rev: fc4f589cc7a8e5feba7940ccb244a74bd5f96371)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extracting the PN out of the PF value is not allways trivial.
For example when PE is set the package name will have the PE value
before the '_' that clearly makes the division between name and version.
Other packages include a number in their naming separated by a '-',
for example mozjs-115 and openjdk-17.
(From OE-Core rev: a2d54fa0c5ade523edf6be9105c6e943824988fa)
Signed-off-by: Angelo Ribeiro <ribeiro.angelo224@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
