summaryrefslogtreecommitdiffstats
path: root/meta/classes
Commit message (Collapse)AuthorAgeFilesLines
* clang-native: Add class to use clang as native compilerKhem Raj30 hours1-0/+18
| | | | | | | | | | | | | | | | | Some recipes demand full clang/llvm builds e.g. chromium we need to use clang as native toolchain. This class collects all needed bits to enable OE built clang to provide the clang native toolchain Setting TOOLCHAIN_NATIVE = "clang" in recipe will chose clang for native toolchain (From OE-Core rev: 43ba5ed17e069b13cd43c36650524a0113c81955) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* create-spdx-2.2: support to override the version of a package in SPDX 2Hongxu Jia3 days1-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, still use ${PV} as the the version of a package in SPDX 2 $ echo 'INHERIT:remove = "create-spdx"' >> conf/local.conf $ echo 'INHERIT += "create-spdx-2.2"' >> conf/local.conf $ bitbake acl $ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json ... "name": "acl", "summary": "Utilities for managing POSIX Access Control Lists", "supplier": "Organization: OpenEmbedded ()", "versionInfo": "2.3.2" }, ... Support to override it by setting SPDX_PACKAGE_VERSION, such as set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append PR to versionInfo in SBOM 2 $ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf $ bitbake acl $ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json ... "name": "acl", "summary": "Utilities for managing POSIX Access Control Lists", "supplier": "Organization: OpenEmbedded ()", "versionInfo": "2.3.2-r0" }, ... (From OE-Core rev: 0bd069f526ee0d535477b75a4aa825b4cb589423) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildhistory: Drop BUILDHISTORY_RESET due to reliability issuesRichard Purdie10 days1-68/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The implementation of BUILDHISTORY_RESET is problematic, particlarly given that people are trying to create an API with it alongside BUILDHISTORY_PRESERVE which simply doesn't exist and can't work reliably. Worse, the code paths with this bolted on implementation are convoluted and near impossible to follow. BUILDHISTORY_PRESERVE is effectively internal API, used to stop buildhistory removing some files which are needed for data, or are created at different parts of the build. Add a comment to explain what it is doing and why these files are listed. Commit 9f68a45aa238ae5fcdfaca71ba0e7015e9cb720e tried to "fix" preserve support with the reset functionality but it didn't fully work and has just exposed futher issues. There is a further fix however I can brely follow the code and in reviewing it, I've concluded we shouldn't be doing this at all. Due to the way BUILDHISTORY_RESET was implemented, horrible races were introduced making it unclear what happens to the data if builds fail for example, or how sstate interacts with the build since things get reset but stamps do not and tasks may not rerun. It also interacts badly with any additions to the preserve list, due to misunderstandings on what that variable does. Having stared long and hard at the code, and really struggled to understand it, I', of the view that "reset" for CI purposes should be done by the CI itself. The CI can choose to remove some files or all files and decide how to handle failures. It has to handle the buildhistory directory anyway. Therefore drop BUILDHISTORY_RESET support, allowing the "old" codepaths to be dropped. BUILDHISTORY_PRESERVE is better documented to hint that it is internal API and to show what it is really for. If we really do want some functionality list this, it needs to be implemented in a way you can follow the code, and have tests. (From OE-Core rev: 15c5258fd0063ace425b7e904521f1695ffb2a85) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipetool/devtool: calculate source paths relative to UNPACKDIRAlexander Kanavin2025-06-201-2/+2
| | | | | | | | | | | | | | | | | | | | Now that recipes default to S in UNPACKDIR, recipetool and devtool should do the same. There was some discussion about changing devtool to simply setting UNPACKDIR via bbappend to a workspace and running unpack task directly; currently it has a bunch of convoluted path calculations, substitutions, moving source trees around and and special casing (devtool-source.bbclass in particular is an unpleasant hack). This should definitely be done; but right now we can simply tweak existing code which at least doesn't make it worse. (From OE-Core rev: c326ca8aeb2bf0f7719e43921d10efd5dedc7b2a) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* spdx: add option to include only compiled sourcesDaniel Turull2025-06-172-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the source code files that are used during compilation. It uses debugsource information generated during do_package. This enables an external tool to use the SPDX information to disregard vulnerabilities that are not compiled. As example, when used with the default config with linux-yocto, the spdx size is reduced from 156MB to 61MB. Tested with bitbake world on oe-core. CC: Quentin Schulz <quentin.schulz@cherry.de> CC: Joshua Watt <JPEWhacker@gmail.com> CC: Peter Marko <peter.marko@siemens.com> (From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* toolchain/gcc/clang: Update PREFERRED_PROVIDER to work with multilibsRichard Purdie2025-06-162-17/+26
| | | | | | | | | | | | | As currently written, the PREFERRED_PROVIDER entries don't work with multilib since they are added after the manipulations by multilib_global at ConfigParsed time. We therefore need to spell out the configs correctly for multilib. To avoid variable overwritten warnings from the expansion, we then have to expand out the nativesdk providers usng class overrides. (From OE-Core rev: 1f69850b62d1e022055d0f3b93ad270c2980462e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* toolchain: Provide abstraction for recipe specific toolchain selectionRichard Purdie2025-06-163-0/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change implements a toolchain selection mechanism. Selection is made using a set of variables, primarily PREFERRED_TOOLCHAIN_TARGET which defaults to gcc. It uses the familiar name for toolchain e.g. "gcc" which selects GNU compiler + binutils as default C/C++ toolchain or "clang" which will use LLVM/Clang Compiler. Layers an add their own toolchain definitions too. There are also PREFERRED_TOOLCHAIN_NATIVE and PREFERRED_TOOLCHAIN_SDK which will ulitmately allow selection of the toolchain used for the native/cross and nativesdk/crosssdk compilers. This currently isn't functional but is essential to the patch to ensure things are set to the existing gcc support in those cases. Users would most commonly want to set: PREFERRED_TOOLCHAIN_TARGET ?= "clang" in local.conf or other distro specific global configuration metadata. It is also selectable at recipe scope, since not all packages are buildable with either clang or gcc, a recipe can explicitly require a given toolchain using the TOOLCAHIN variable, e.g. glibc can not be built with clang therefore glibc recipe sets: TOOLCHAIN = "gcc" The TOOLCHAIN variable is distinct from the user preference so recipes with specific requirements can be identified. This also allows different polcies to be be specified for native/SDK cases in the future. (From OE-Core rev: 45bdedd213aff8df3214b95ef2a8551c0abd93a0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* toaster.bbclass: fix toaster error caused by tabs in BBLAYERSOsose Itua2025-06-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Users may unknowingly put tabs in BBLAYERS instead of spaces, and this is interpreted as a literal "\t" at the start of the filepath which causes _get_layer_dict() function to fail at finding the filepath. Instead of using split(" "), which restricts it to split on just spaces replace with split() as this handles spaces, tabs and newlines. Min steps to reproduce: - Clone the poky repo: git clone git://git.yoctoproject.org/poky cd poky source oe-init-build-env - Insert tabs in the BBLAYERS variable in bblayers.conf - Note: tab needs to be in the recipe that is being built for the error to be observed - Ex: ` /home/<user>/src/poky/meta-skeleton \` - Start toaster source toaster start bitbake hello Error message: FileNotFoundError: [Errno 2] No such file or directory: '\t/home/<user>/src/poky/meta-skeleton’ Fix by using split() instead of split(" "). Suggested-by: Anakin Childerhose <anakin.childerhose@savoirfairelinux.com> CC: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core rev: 5ef1adca618cbf2d3e9ad2e5d504728b91d15e85) Signed-off-by: Osose Itua <osose.itua@savoirfairelinux.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/recipes-devtools: Drop icecc from OE-CoreRichard Purdie2025-06-051-443/+0
| | | | | | | | | | | | | | | | There are reports this class has been broken since mickledore which suggests there are limited numbers of users. It doesn't have any automated testing and it would be hard to setup and maintain a testing environment for it. The original users/manintainers aren't using it now. For those reasons, drop from OE-Core as we're not in a good position to maintain it. I'd suggest anyone wanting to use it creates a dedicated layer with maintainers who are in a position to test/develop it appropriately since it is standalone code. (From OE-Core rev: ecf8c386cf83ea235bdc4ee0da6671a395a4c358) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-fit-image.bbclass: add a new FIT image implementationAdrian Freihofer2025-06-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new recipe linux-yocto-fitimage.bb and the new kernel-fit-image.bbclass are intended to become successors of the kernel-fitimage.bbclass. Instead of injecting the FIT image related build steps into the kernel recipe, the new recipe takes the kernel artifacts from the kernel recipe and creates the FIT image as an independent task. This solves some basic problems: * sstate does not work well when a fitImage contains an initramfs. The kernel is rebuilt from scratch if the build runs from an empty TMPDIR. * A fitImage kernel is not available as a package, but all other kernel image types are. * The task dependencies in the kernel are very complex and difficult to debug if something goes wrong. As a separate, downstream recipe, this is now much easier. The recipe takes the kernel artifacts from the deploy folder. There was also a test implementation passing the kernel artifacts via sysroot directory. This requires changes on the kernel.bbclass to make it copying the artifacts also to the sysroot directory while the same artifacts are already in the sstate-cached deploy directory. The new class kernel-fit-extra-artifacts.bbclass generates and deploys the kernel binary intended for inclusion in a FIT image. Note that the kernel used in a FIT image is a stripped (and optionally compressed) vmlinux ELF binary - not a self-extracting format like zImage, which is already available in the deploy directory if needed separately. The kernel-fit-extra-artifacts.bbclass can be used like this: KERNEL_CLASSES += "kernel-fit-extra-artifacts" (if uImage support is not needed, or with :append otherwise) The long story about this issue is here: [YOCTO #12912] (From OE-Core rev: 05d0c7342d7638dbe8a9f2fd3d1c709ee87d6579) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf/pseudo: Switch from exclusion list to inclusion listRichard Purdie2025-05-121-0/+1
| | | | | | | | | | | | | | | | | Currently, pseudo tracks all files referenced within its presence unless they're listed in an exclusion list. The exclusion list has grown to be fairly unwieldy. This patch swaps PSEUDO_IGNORE_PATHS for PSEUDO_INCLUDE_PATHS which in theory should be easier and more explicit to maintain. This change does drop many directories from pseudo coverage including /home and /tmp. There may be adapatations needed for recipes/classes using pseudo in specific ways. (From OE-Core rev: 2502da81709f25de499277b28d33c915638c45f6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vex: fix rootfs manifestPeter Marko2025-05-081-0/+5
| | | | | | | | | | | | | | | | | | Rootfs VEX file is created by gathering files from CVE_CHECK_DIR (deploy directory), however recipes generate the files only in CVE_CHECK_DIR (log directory). This make the rootfs VEX be always empty without any message. The code is copied from cve_check class, which writes to both, so let keep them aligned and make also vex write both files. Also add a warning for case that a cve file would be still missing. (From OE-Core rev: ee6541d0940c65685aaafd7d41a59a9406392e7d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* spdx30: Provide software_packageUrl field in SPDX 3.0 SBOMHongxu Jia2025-05-081-0/+5
| | | | | | | | | | | | | | | | | | | Define var-SPDX_PACKAGE_URL to provide software_packageUrl field [1][2] in SPDX 3.0 SBOM, support to override with package name SPDX_PACKAGE_URL:<pkgname> Currently, the format of purl is not defined in Yocto, set empty for now until we have a comprehensive plan for what Yocto purls look like. But users could customize their own purl by setting var-SPDX_PACKAGE_URL [1] https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Properties/packageUrl/ [2] https://spdx.github.io/spdx-spec/v3.0.1/annexes/pkg-url-specification/ (From OE-Core rev: c8e6953a0b6f59ffca994c440069db39e60b12d2) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: fix debug messageDaniel Turull2025-05-011-4/+4
| | | | | | | | | Debug level was not added as a parameter, causing a warning. (From OE-Core rev: 40157fcbd9066f261812ba665ec963b2e496aa53) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sign_rpm.bbclass: fix variable assignment whitespaceYi Zhao2025-04-241-1/+1
| | | | | | | | | | | | Fixes: WARNING: meta/classes/sign_rpm.bbclass:36 has a lack of whitespace around the assignment: 'RPM_SIGN_PACKAGES='1'' (From OE-Core rev: d393539e03b60bf299e2d1c8ac781e0c6f7787b1) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* spdx: extend CVE_STATUS variablesPeter Marko2025-04-241-0/+5
| | | | | | | | | | | | | If spdx is generated without inheriting cve/vex classes (which is poky default), only explicitly set CVE_STATUS fields are handled. Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored. Fix this by expanding the CVE_STATUS in spdx classes. (From OE-Core rev: ead9c6a8770463c21210a57cc5320f44f7754dd3) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: extract extending CVE_STATUS to library functionPeter Marko2025-04-242-30/+4
| | | | | | | | | | | | The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and CVE_STATUS_GROUPS is used on multiple places. Create a library funtion to have the code on single place and ready for reuse by additional classes. (From OE-Core rev: 45e18f4270d084d81c21b1e5a4a601ce975d8a77) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/spdx-*.bbclass: move spdx2 specific variables out of spdx-common classAntonin Godard2025-03-282-2/+2
| | | | | | | | | | | Setting SPDX_ARCHIVE_SOURCES and SPDX_ARCHIVE_PACKAGED makes no difference when using the spdx-3.0 class. Move these two in the spdx-2.0 class since they are only used there. (From OE-Core rev: 8ce06538c9cde0f09909a5a2e61ec10b0d35df49) Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* spdx3: support to override the version of a package in SBOM 3Hongxu Jia2025-03-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, still use ${PV} as the the version of a package in SBOM 3 $ bitbake acl $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json ... { "type": "software_Package", ... "name": "acl", "software_packageVersion": "2.3.2" }, ... Support to override it by setting SPDX_PACKAGE_VERSION, such as set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append PR to software_packageVersion in SBOM 3 $ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf $ bitbake acl $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json ... { "type": "software_Package", ... "name": "acl", "software_packageVersion": "2.3.2-r0" }, ... (From OE-Core rev: e6ff5f4d870624795bd36572f5c2bfeec90d83ce) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes: create-spdx-2.2: Fix dependency handlingJoshua Watt2025-03-241-5/+5
| | | | | | | | | | | | The common SPDX code was changed to return a dataclass for dependency information instead of a namedtuple, but the SPDX 2.2 was missed to account for this. Correct the SPDX 2.2 code to correctly handle the new datatype (From OE-Core rev: 79a03abd37839973996efc957d44614edcbd6b87) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildhistory: Update for bitbake changesRichard Purdie2025-03-201-7/+6
| | | | | | | | | Bitbake is dropping the need for fetcher name iteration and multiple revisions per url. Update the code to match (removal of the for loop). (From OE-Core rev: 571e8c6730eb5b89f732d879487ae578ef04aaee) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* spdx: Update for bitbake changesRichard Purdie2025-03-201-26/+25
| | | | | | | | | Bitbake is dropping the need for fetcher name iteration and multiple revisions per url. Update the code to match (removal of the for loop). (From OE-Core rev: 4859cdf97fd9a260036e148e25f0b78eb393df1e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildhistory.bbclass: Do not create annotated tags if tag.gpgSign is setPeter Kjellerstedt2025-03-191-3/+3
| | | | | | | | | | | | | If tag.gpgSign is configured in Git's configuration, then creating the build-minus-X tags will fail (if Git's core.editor is not configured) or it will hang (when trying to open the editor). This is beacause tag.gpgSign causes git tag to create annotated tags. To avoid this, specify --no-sign as argument to git tag. (From OE-Core rev: 7595a0a63a933af9dd9d1e458dc34a4ba80d9eae) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* devtool-source.bbclass: Do not create annotated tags if tag.gpgSign is setPeter Kjellerstedt2025-03-191-2/+2
| | | | | | | | | | | | | If tag.gpgSign is configured in Git's configuration, then creating the devtool-patched tag will fail (if Git's core.editor is not configured) or it will hang (when trying to open the editor). This is beacause tag.gpgSign causes git tag to create annotated tags. To avoid this, specify --no-sign as argument to git tag. (From OE-Core rev: 5dba8d0b6c940934375eea9af37e7c4856b51c96) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: change the default feedMarta Rybczynska2025-03-191-1/+1
| | | | | | | | | | | Move to the FKIE feed by default, as it is showing better stability than NVD2. Content of the feed should be the same. (From OE-Core rev: 10580a6d36aa1366732f9c030345bd4590eb9f74) Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lib: Fix dependencies on SPDX codeJoshua Watt2025-03-111-2/+1
| | | | | | | | | | | | | | | | | | | | The SPDX library code was being ignored from taskhash calculations due to accidentally being omitted from BBIMPORTS. This meant that changes in the code or dependent variables would not cause the task to rebuild correctly. In order to add spdx_common, convert the `Dep` object from a named tuple to a frozen dataclass. These function more or less equivalently, but the bitbake code parser cannot handle named tuples. Finally, the vardepsexclude that used to be present on the recipe tasks needs to be moved to the python code in order for the variables to be correctly ignored. Several unused exclusions were removed (From OE-Core rev: eb597bf61cbcb0a4d43149404c93eec0894fb4c7) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: Mitigate symlink related errorNiko Mauno2025-02-181-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to Yocto reference manual, in description of the IMAGE_LINK_NAME variable, it is said that It is possible to set this to "" to disable symlink creation, however, you also need to set :term:`IMAGE_NAME` to still have a reasonable value e.g.:: IMAGE_LINK_NAME = "" IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}" However, when using following additions in local.conf file: INHERIT += "cve-check" IMAGE_LINK_NAME = "" IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}" the implicit symlink creation in cve_check_write_rootfs_manifest leads to following build failure $ bitbake core-image-minimal core-image-base ... ERROR: core-image-base-1.0-r0 do_image_complete: Recipe core-image-base is trying to install files into a shared area when those files already exist. The files and the manifests listing them are: /home/poky/build/tmp/deploy/images/qemux86-64/.json (matched in manifest-qemux86_64-core-image-minimal.image_complete) Please adjust the recipes so only one recipe provides a given file. Mitigate the issue by creating the symlink only in case IMAGE_LINK_NAME has not been set to empty string. (From OE-Core rev: 64bfec359bd909761ce0a6a716286d938ed162d1) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: allow feed choiceMarta Rybczynska2025-02-181-2/+12
| | | | | | | | | | | | | | | | | | | Allow choice of one of three feeds and update task dependencies accordingly. All feeds contain data from NVD and are stored in different files. Set the NVD_DB_VERSION variable to choose feed: NVD2 (default) - the NVD feed with API version 2 NVD1 - the NVD JSON feed (deprecated) FKIE - the FKIE-CAD feed reconstruction In case of malformed database feed name, we default to NVD2 and show an error. (From OE-Core rev: f265812bfb6797aee10e7be42865736c9ff3478f) Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes: go-vendor: Change symlink creation.Alexander Yurkov2025-01-271-2/+6
| | | | | | | | | | | | Create missing directories required to create the symlink. Use relative symlinks to stay in the build directory scope (to avoid sstate issue with absolute paths). (From OE-Core rev: 6c4e3206b6537f714416688cf8c921dd21cdfc20) Signed-off-by: Alexander Yurkov <alexander.v.yurkov@gmail.com> Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* create-spdx: support line numbersDenis OSTERLAND-HEIM2025-01-231-2/+8
| | | | | | | | | | | | LIC_FILES_CHKSUM supports begin-/endline for licenses included in for instance header files. This patch adds support for line numbers to NO_GENERIC_LICENSE, too. (From OE-Core rev: 8e7ee19fc9e74cf042880f4bc317782482ba6f66) Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com>
* base: Switch virtual/cross-XXX to be under recipe specific providersRichard Purdie2025-01-211-0/+6
| | | | | | | | | | | | | | | Currently, providers are set on a global config basis. This change allows for a select set of providers to be configured using BB_RECIPE_VIRTUAL_PROVIDERS on a per recipe basis. This would allow for the selection of virtual/cross-cc as gcc or clang for example. The PROVIDERS are removed from the recipes so that if a version of the dependency accidentally slips through, the build will fail and the user can correct the issue. (From OE-Core rev: 6eeab1a5d7f23917b94c130e417d59afb757b546) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go-vendor: Fix absolute paths issueRichard Purdie2025-01-081-3/+3
| | | | | | | | | | | | | When building with the class, avoid errors like: "sstate found an absolute path symlink /xxx/vendor pointing at /xxx/import/vendor. Please replace this with a relative link." Use relative symlinks instead. (From OE-Core rev: fc4f589cc7a8e5feba7940ccb244a74bd5f96371) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* report-error: Add PN to error report fileAngelo.Ribeiro2024-12-281-0/+1
| | | | | | | | | | | | | | Extracting the PN out of the PF value is not allways trivial. For example when PE is set the package name will have the PE value before the '_' that clearly makes the division between name and version. Other packages include a number in their naming separated by a '-', for example mozjs-115 and openjdk-17. (From OE-Core rev: a2d54fa0c5ade523edf6be9105c6e943824988fa) Signed-off-by: Angelo Ribeiro <ribeiro.angelo224@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* icecc: don't use KERNEL_CC during set_icecc_envMarco Felsch2024-12-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | The KERNEL_CC variable usage was introduced by commit d2fcaeb153fd ("icecc: Don't generate recipe-sysroot symlinks at recipe-parsing time, 2018-12-20") and is set once a recipe pulls the kernel-arch.bbclass. There are a few packages, e.g. u-boot, barebox, devicetree, perf which pull this class and for such packages the get_cross_kernel_cc() return None because icecc_is_kernel() fail. Fix this for now by replacing the KERNEL_CC check with the icecc_is_kernel() helper, which is also used by the get_cross_kernel_cc(). That said it's still not very robust to determine a compiler based on a variable or inherited class but at least it fixes the issue for now. (From OE-Core rev: 5e3c6a6384fcdc4a2269172012caae14e5f327ca) Signed-off-by: Marco Felsch <m.felsch@pengutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* icecc: convert set_icecc_env to python prefuncsMarco Felsch2024-12-131-109/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | Since bitbake commit f24bbaaddb36 ("data: Add support for new BB_HASH_CODEPARSER_VALS for cache optimisation") the icecc fails with [1]: ERROR: /Yocto/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb: no-pn NULL prefix WARNING: /Yocto/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb: Exception during build_dependencies for set_icecc_env The reason for this is the bb.fatal() within the icecc_version(). icecc_version() is called during the "${@}" python variable expansion while bitbake is running the build_dependencies() for the set_icecc_env() function. To avoid this behaviour set_icecc_env() should be converted into a python function which gets called during task[prefuncs] [2], which is done by this commit. [1] https://lists.yoctoproject.org/g/yocto/topic/icecc_support_broken/103429714 [2] https://lists.openembedded.org/g/openembedded-core/topic/110009272 (From OE-Core rev: 444445c5793aaf831ff0293b62a000f8ab7d40bb) Signed-off-by: Marco Felsch <m.felsch@pengutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes: create-spdx: Fix variable dependenciesJoshua Watt2024-12-051-1/+9
| | | | | | | | | | | | A few variable dependencies were incorrect from the SPDX tasks, which prevented rebuilds from occurring, or caused them to occur when they should not. (From OE-Core rev: 38a5dd136b3a3713e63d23598011efe1c4b0f459) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-check-layer: expand to cover all required QA checksDenys Dmytriyenko2024-12-031-22/+0
| | | | | | | | | | | | | | insane.bbclass now defines CHECKLAYER_REQUIRED_TESTS list with required QA checks that are becoming mandatory for Yocto Project Compatible layers. Update yocto-check-layer.bbclass in order to catch when packages from such layers try to skip any of the required QA checks. (From OE-Core rev: 9c3ba88628853b20fb4c98c99cf3fe8349024016) Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildhistory: Drop git-gc call as obsoleteRichard Purdie2024-12-031-1/+0
| | | | | | | | | | | | | | buildhistory used to result in many individual objects in the repo which could affect performance. This gc call was added over a decade ago to avoid those performance issues. Modern git calls git-gc when needed and this kind of workaround should no longer be needed. There is a small chance this is contributing to problems with the autobuilder buildhistory repositories, so simplifying the code may help that too. (From OE-Core rev: 0a88f9109f7670a6b188463a19392d445af6ff40) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: fix cvesInRecordPeter Marko2024-11-281-5/+6
| | | | | | | | | | | | | | | | | | | | | | Currently flag cvesInRecord is set to false if all CVEs are ignored or patched. This is inconsistent as it shows false if a CVE was fixed via patch and true if this CVE was fixed by upgrade. In both cases the CVE is valid and was fixed. As I understand this flag, it should say if any CVE exists for particular component's product (regardless of how this CVE is handled) and can be used to validate if a product is correctly set. Note that skipping ignored CVEs may make sense in some cases, as ignored may mean that NVD DB is wrong, but in many cases it is ignored for other reasons. Further patch can be done to evaluate ignore subtype but that would be against my understanding of this flag as described above. (From OE-Core rev: c5d499693672ec9619392011b765941cf94aa319) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: restore CVE_CHECK_SHOW_WARNINGS functionalityPeter Marko2024-11-281-0/+5
| | | | | | | | | | | | | | Commit 05ef4f2a7b225c8d230eaca8d333ffb921729d79 removed this functionality by accident. It was implemented in text exporter, while it should have been a global feature independent on exporter type to avoid such accidental deletion. (From OE-Core rev: 2996b11596afca288a6b7f409a5287063d331f3b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Cc: Marta Rybczynska <marta.rybczynska@ygreky.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/go-vendor: Use UNPACKDIR instead of WORKDIRJoshua Watt2024-11-281-1/+1
| | | | | | | | | | modules.txt is provided using file:// in SRC_URI, therefore it will be found in UNPACKDIR instead of WORKDIR (From OE-Core rev: 114fe16f96280f40a9cea20b02b2743be42645dd) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* spdx: Fix SPDX tasks not running when code changesJoshua Watt2024-11-231-0/+9
| | | | | | | | | | | | | | | | The SPDX code makes heavy use of python classes. While this works very well, the bitbake dependency parser is unable to understand how to deal with them, and thus changes to the class code do not cause rebuilds to occur. To correct this, add the library files that include SPDX code as file checksums for the SPDX tasks. If this method works well for SPDX, we will look at implementing something similar in the bitbake dependency parser that should allow correct checksums without having to explicitly add them to each class. (From OE-Core rev: 6ac3033b77a0d1f7ab15801c5c65931adede3923) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/classes/spdx-common.bbclass: fix sstate cache racing issue on kernel ↵Hongxu Jia2024-11-221-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | source while SPDX_INCLUDE_SOURCES = "1" While two projects share one sstate cache, the 1st project builds kernel-devsrc without setting SPDX_INCLUDE_SOURCES, and 2nd project build kernel-devsrc with setting SPDX_INCLUDE_SOURCES = "1". Then the 2nd build failed with kernel-source not found 1. In 1st build $ cd path-to-first-build $ bitbake kernel-devsrc 2. In 2nd build, share sstate cache of 1st build and SPDX_INCLUDE_SOURCES = "1" $ cd path-to-second-build $ echo 'SSTATE_DIR = "path-to-first-build/sstate-cache"' >> conf/local.conf $ echo 'SPDX_INCLUDE_SOURCES = "1"' >> conf/local.conf $ bitbake kernel-devsrc ... NOTE: copyhardlinktree path-to-second-build/tmp-glibc/work-shared/axxiaarm64/kernel-source to path-to-second-build/tmp-glibc/work/axxiaarm64-wrs-linux/kernel-devsrc/1.0/spdx/3.0.1/work/kernel-source ERROR: Error executing a python function in exec_func_python() autogenerated: ... 0208: bb.note(f"copyhardlinktree {share_src} to {src_dir}") *** 0209: oe.path.copyhardlinktree(share_src, src_dir) ... tar: path-to-second-build/tmp-glibc/work-shared/axxiaarm64/kernel-source: Cannot open: No such file or directory ... The recipe kernel-devsrc or the recipe to inherit kernelsrc.bbclass, they do not have task do_shared_workdir but depends on virtual/kernel:do_shared_workdir. In this situation(the ${S} == ${STAGING_KERNEL_DIR}), explicitly make do_create_spdx depends on virtual/kernel:do_shared_workdir could fix the racing issue (From OE-Core rev: b05ff49de1e58f5696e8ee28fceaf9319be70e1f) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* multilib_global.bbclass: Avoid expanding native recipes in NON_MULTILIB_RECIPESRobert Yang2024-11-121-0/+3
| | | | | | | | | | | | | | | | | | | | | Fixed: require conf/multilib.conf MULTILIBS = "multilib:lib32" DEFAULTTUNE:virtclass-multilib-lib32 = "x86" MACHINE = "qemux86-64" $ bitbake lib32-grub-native The build would go on before the patch which was incorrect. Now: ERROR: Nothing PROVIDES 'lib32-grub-native'. Close matches: [snip] The nativesdk doesn't have such an issue, so only skip native. (From OE-Core rev: 73bea15bb5d0f70b587d2ad1007cc0282652eed7) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* create-spdx-{2.2,3.0}: support SPDX include source for work-share directoryHongxu Jia2024-11-011-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Originally, while SPDX_INCLUDE_SOURCES = "1" [1], there is bug in scan for gcc, libgcc in which the sources locates in work-share directory. Copy source from ${WORKDIR} to ${SPDXWORK} did not satisfy the situation while ${S} was not included in ${WORKDIR} This commit aim to support SPDX include source for work-share directory 1. If is_work_shared_spdx, Copy source from ${S} to ${SPDXWORK}, normally the dest dir in ${SPDXWORK} has the same basename dir of ${S}; but for kernel source, rename basename dir 'kernel-source' to ${BP} (${BPN}-${PV}) 2. For SPDX source copy, do hard link copy to save copy time 3. Move do_patch to no work shared situation along with do_unpack 4. Tweak task do_create_spdx dependencies to assure the patched source in work share is ready for SPDX source copy 5. Remove bb.data.inherits_class('kernel', d) from is_work_shared_spdx, the kernel source locates in 'work-shared', test kernel.bbclass is not necessary [1] https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SPDX_INCLUDE_SOURCES (From OE-Core rev: 64454b1956a9b50d6c89a3f3d7c594c1272cb289) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Reviewed-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* create-spdx-{2.2,3.0}: fix do_create_spdx dependency while spdx include sourcesHongxu Jia2024-11-013-16/+29
| | | | | | | | | | | | | | | | Call function ${@create_spdx_source_deps(d)} or ${create_spdx_source_deps(d)} along with addtask not working, use task do_create_spdx flag 'depends' to instead Move function create_spdx_source_deps to spdx-common.bbclass for both of create-spdx-2.2.bbclass and create-spdx-3.0.bbclass (From OE-Core rev: dda4b7ccd416ef370634babd150e944f2aa9116e) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Reviewed-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: add support for cvss v4.0Peter Marko2024-10-252-4/+7
| | | | | | | | | | | | | | | | | | | | | https://nvd.nist.gov/general/news/cvss-v4-0-official-support CVSS v4.0 was released in November 2023 NVD announced support for it in June 2024 Current stats are: * cvss v4 provided, but also v3, so cve-check showed a value sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0; 2069 * only cvss v4 provided, so cve-check did not show any sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0; 260 (From OE-Core rev: 358dbfcd80ae1fa414d294c865dd293670c287f0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: add field "modified" to JSON reportKatawann2024-10-181-0/+1
| | | | | | | | | | | | | Added the "modified" field to the JSON export in the cve-check.class. This field captures the last modification date of each CVE, providing more detailed information on changes and updates within the exported data. (From OE-Core rev: 740b8a0b23c4021d07c3714420e3ea8b46e61454) Signed-off-by: Katawann <quent_55@hotmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* migrate_localcount: Drop long obsolete codeRichard Purdie2024-10-081-52/+0
| | | | | | | | | | | | If BB_URI_LOCALCOUNT isn't set, the code does nothing. That code was removed in 2012: https://git.yoctoproject.org/poky/commit/?id=d0f35207f9e19b440393a79ebf621649c495738d Therefore drop the rest of it! (From OE-Core rev: fca25fc4d7721f85f64c942307ebe7ba9f2fad3e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* create-spdx-3.0: Upgrade to SPDX 3.0.1Joshua Watt2024-09-301-1/+1
| | | | | | | | | | | Upgrades the SPDX 3.0 implementation from 3.0.0 -> 3.0.1. This version introduced some breaking changes. Effectively, 3.0.0 was a pre-release version that we do not need to support any longer. (From OE-Core rev: 7e6509a19f6146f0dad0be7037ff4b3268d0128c) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>