| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some recipes demand full clang/llvm builds e.g. chromium we need to use
clang as native toolchain. This class collects all needed bits to enable
OE built clang to provide the clang native toolchain
Setting
TOOLCHAIN_NATIVE = "clang"
in recipe will chose clang for native toolchain
(From OE-Core rev: 43ba5ed17e069b13cd43c36650524a0113c81955)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, still use ${PV} as the the version of a package in SPDX 2
$ echo 'INHERIT:remove = "create-spdx"' >> conf/local.conf
$ echo 'INHERIT += "create-spdx-2.2"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json
...
"name": "acl",
"summary": "Utilities for managing POSIX Access Control Lists",
"supplier": "Organization: OpenEmbedded ()",
"versionInfo": "2.3.2"
},
...
Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to versionInfo in SBOM 2
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json
...
"name": "acl",
"summary": "Utilities for managing POSIX Access Control Lists",
"supplier": "Organization: OpenEmbedded ()",
"versionInfo": "2.3.2-r0"
},
...
(From OE-Core rev: 0bd069f526ee0d535477b75a4aa825b4cb589423)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation of BUILDHISTORY_RESET is problematic, particlarly given that
people are trying to create an API with it alongside BUILDHISTORY_PRESERVE
which simply doesn't exist and can't work reliably. Worse, the code paths with
this bolted on implementation are convoluted and near impossible to follow.
BUILDHISTORY_PRESERVE is effectively internal API, used to stop buildhistory
removing some files which are needed for data, or are created at different
parts of the build. Add a comment to explain what it is doing and why these files
are listed.
Commit 9f68a45aa238ae5fcdfaca71ba0e7015e9cb720e tried to "fix" preserve support
with the reset functionality but it didn't fully work and has just exposed futher
issues. There is a further fix however I can brely follow the code and in reviewing
it, I've concluded we shouldn't be doing this at all.
Due to the way BUILDHISTORY_RESET was implemented, horrible races were introduced
making it unclear what happens to the data if builds fail for example, or how sstate
interacts with the build since things get reset but stamps do not and tasks may not
rerun. It also interacts badly with any additions to the preserve list, due to
misunderstandings on what that variable does.
Having stared long and hard at the code, and really struggled to understand it, I',
of the view that "reset" for CI purposes should be done by the CI itself. The CI can
choose to remove some files or all files and decide how to handle failures. It has
to handle the buildhistory directory anyway.
Therefore drop BUILDHISTORY_RESET support, allowing the "old" codepaths to be dropped.
BUILDHISTORY_PRESERVE is better documented to hint that it is internal API and to
show what it is really for.
If we really do want some functionality list this, it needs to be implemented in a
way you can follow the code, and have tests.
(From OE-Core rev: 15c5258fd0063ace425b7e904521f1695ffb2a85)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that recipes default to S in UNPACKDIR, recipetool and devtool should
do the same.
There was some discussion about changing devtool to simply setting
UNPACKDIR via bbappend to a workspace and running unpack task directly;
currently it has a bunch of convoluted path calculations, substitutions,
moving source trees around and and special casing (devtool-source.bbclass
in particular is an unpleasant hack).
This should definitely be done; but right now we can simply tweak existing
code which at least doesn't make it worse.
(From OE-Core rev: c326ca8aeb2bf0f7719e43921d10efd5dedc7b2a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the
source code files that are used during compilation.
It uses debugsource information generated during do_package.
This enables an external tool to use the SPDX information to disregard
vulnerabilities that are not compiled.
As example, when used with the default config with linux-yocto, the spdx size is
reduced from 156MB to 61MB.
Tested with bitbake world on oe-core.
CC: Quentin Schulz <quentin.schulz@cherry.de>
CC: Joshua Watt <JPEWhacker@gmail.com>
CC: Peter Marko <peter.marko@siemens.com>
(From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As currently written, the PREFERRED_PROVIDER entries don't work with multilib
since they are added after the manipulations by multilib_global at ConfigParsed
time. We therefore need to spell out the configs correctly for multilib.
To avoid variable overwritten warnings from the expansion, we then have to
expand out the nativesdk providers usng class overrides.
(From OE-Core rev: 1f69850b62d1e022055d0f3b93ad270c2980462e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change implements a toolchain selection mechanism. Selection is
made using a set of variables, primarily PREFERRED_TOOLCHAIN_TARGET which
defaults to gcc.
It uses the familiar name for toolchain e.g. "gcc" which selects GNU
compiler + binutils as default C/C++ toolchain or "clang" which will
use LLVM/Clang Compiler. Layers an add their own toolchain definitions
too.
There are also PREFERRED_TOOLCHAIN_NATIVE and PREFERRED_TOOLCHAIN_SDK
which will ulitmately allow selection of the toolchain used for the
native/cross and nativesdk/crosssdk compilers. This currently isn't
functional but is essential to the patch to ensure things are set
to the existing gcc support in those cases.
Users would most commonly want to set:
PREFERRED_TOOLCHAIN_TARGET ?= "clang"
in local.conf or other distro specific global configuration metadata.
It is also selectable at recipe scope, since not all packages are
buildable with either clang or gcc, a recipe can explicitly require
a given toolchain using the TOOLCAHIN variable, e.g. glibc can not
be built with clang therefore glibc recipe sets:
TOOLCHAIN = "gcc"
The TOOLCHAIN variable is distinct from the user preference so recipes
with specific requirements can be identified. This also allows different
polcies to be be specified for native/SDK cases in the future.
(From OE-Core rev: 45bdedd213aff8df3214b95ef2a8551c0abd93a0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users may unknowingly put tabs in BBLAYERS instead of spaces, and this is
interpreted as a literal "\t" at the start of the filepath which causes
_get_layer_dict() function to fail at finding the filepath.
Instead of using split(" "), which restricts it to split on just spaces
replace with split() as this handles spaces, tabs and newlines.
Min steps to reproduce:
- Clone the poky repo:
git clone git://git.yoctoproject.org/poky
cd poky
source oe-init-build-env
- Insert tabs in the BBLAYERS variable in bblayers.conf
- Note: tab needs to be in the recipe that is being built for the error to be observed
- Ex: ` /home/<user>/src/poky/meta-skeleton \`
- Start toaster
source toaster start
bitbake hello
Error message:
FileNotFoundError: [Errno 2] No such file or directory: '\t/home/<user>/src/poky/meta-skeleton’
Fix by using split() instead of split(" ").
Suggested-by: Anakin Childerhose <anakin.childerhose@savoirfairelinux.com>
CC: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 5ef1adca618cbf2d3e9ad2e5d504728b91d15e85)
Signed-off-by: Osose Itua <osose.itua@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are reports this class has been broken since mickledore which suggests
there are limited numbers of users. It doesn't have any automated testing
and it would be hard to setup and maintain a testing environment for it. The
original users/manintainers aren't using it now.
For those reasons, drop from OE-Core as we're not in a good position to
maintain it. I'd suggest anyone wanting to use it creates a dedicated layer
with maintainers who are in a position to test/develop it appropriately since
it is standalone code.
(From OE-Core rev: ecf8c386cf83ea235bdc4ee0da6671a395a4c358)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new recipe linux-yocto-fitimage.bb and the new
kernel-fit-image.bbclass are intended to become successors of the
kernel-fitimage.bbclass.
Instead of injecting the FIT image related build steps into the kernel
recipe, the new recipe takes the kernel artifacts from the kernel recipe
and creates the FIT image as an independent task.
This solves some basic problems:
* sstate does not work well when a fitImage contains an initramfs. The
kernel is rebuilt from scratch if the build runs from an empty TMPDIR.
* A fitImage kernel is not available as a package, but all other kernel
image types are.
* The task dependencies in the kernel are very complex and difficult to
debug if something goes wrong. As a separate, downstream recipe, this
is now much easier.
The recipe takes the kernel artifacts from the deploy folder. There was
also a test implementation passing the kernel artifacts via sysroot
directory. This requires changes on the kernel.bbclass to make it
copying the artifacts also to the sysroot directory while the same
artifacts are already in the sstate-cached deploy directory.
The new class kernel-fit-extra-artifacts.bbclass generates and deploys
the kernel binary intended for inclusion in a FIT image.
Note that the kernel used in a FIT image is a stripped (and optionally
compressed) vmlinux ELF binary - not a self-extracting format like
zImage, which is already available in the deploy directory if needed
separately.
The kernel-fit-extra-artifacts.bbclass can be used like this:
KERNEL_CLASSES += "kernel-fit-extra-artifacts"
(if uImage support is not needed, or with :append otherwise)
The long story about this issue is here:
[YOCTO #12912]
(From OE-Core rev: 05d0c7342d7638dbe8a9f2fd3d1c709ee87d6579)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, pseudo tracks all files referenced within its presence unless
they're listed in an exclusion list. The exclusion list has grown to be
fairly unwieldy.
This patch swaps PSEUDO_IGNORE_PATHS for PSEUDO_INCLUDE_PATHS which in
theory should be easier and more explicit to maintain.
This change does drop many directories from pseudo coverage including
/home and /tmp. There may be adapatations needed for recipes/classes
using pseudo in specific ways.
(From OE-Core rev: 2502da81709f25de499277b28d33c915638c45f6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rootfs VEX file is created by gathering files from CVE_CHECK_DIR
(deploy directory), however recipes generate the files only in
CVE_CHECK_DIR (log directory).
This make the rootfs VEX be always empty without any message.
The code is copied from cve_check class, which writes to both, so let
keep them aligned and make also vex write both files.
Also add a warning for case that a cve file would be still missing.
(From OE-Core rev: ee6541d0940c65685aaafd7d41a59a9406392e7d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Define var-SPDX_PACKAGE_URL to provide software_packageUrl field [1][2]
in SPDX 3.0 SBOM, support to override with package name
SPDX_PACKAGE_URL:<pkgname>
Currently, the format of purl is not defined in Yocto, set empty for now
until we have a comprehensive plan for what Yocto purls look like.
But users could customize their own purl by setting var-SPDX_PACKAGE_URL
[1] https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Properties/packageUrl/
[2] https://spdx.github.io/spdx-spec/v3.0.1/annexes/pkg-url-specification/
(From OE-Core rev: c8e6953a0b6f59ffca994c440069db39e60b12d2)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Debug level was not added as a parameter, causing a warning.
(From OE-Core rev: 40157fcbd9066f261812ba665ec963b2e496aa53)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
WARNING: meta/classes/sign_rpm.bbclass:36 has a lack of whitespace
around the assignment: 'RPM_SIGN_PACKAGES='1''
(From OE-Core rev: d393539e03b60bf299e2d1c8ac781e0c6f7787b1)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If spdx is generated without inheriting cve/vex classes (which is poky
default), only explicitly set CVE_STATUS fields are handled.
Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored.
Fix this by expanding the CVE_STATUS in spdx classes.
(From OE-Core rev: ead9c6a8770463c21210a57cc5320f44f7754dd3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and
CVE_STATUS_GROUPS is used on multiple places.
Create a library funtion to have the code on single place and ready for
reuse by additional classes.
(From OE-Core rev: 45e18f4270d084d81c21b1e5a4a601ce975d8a77)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Setting SPDX_ARCHIVE_SOURCES and SPDX_ARCHIVE_PACKAGED makes no
difference when using the spdx-3.0 class. Move these two in the spdx-2.0
class since they are only used there.
(From OE-Core rev: 8ce06538c9cde0f09909a5a2e61ec10b0d35df49)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, still use ${PV} as the the version of a package in SBOM 3
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2"
},
...
Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to software_packageVersion in SBOM 3
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2-r0"
},
...
(From OE-Core rev: e6ff5f4d870624795bd36572f5c2bfeec90d83ce)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The common SPDX code was changed to return a dataclass for dependency
information instead of a namedtuple, but the SPDX 2.2 was missed to
account for this. Correct the SPDX 2.2 code to correctly handle the new
datatype
(From OE-Core rev: 79a03abd37839973996efc957d44614edcbd6b87)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Bitbake is dropping the need for fetcher name iteration and multiple revisions
per url. Update the code to match (removal of the for loop).
(From OE-Core rev: 571e8c6730eb5b89f732d879487ae578ef04aaee)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Bitbake is dropping the need for fetcher name iteration and multiple revisions
per url. Update the code to match (removal of the for loop).
(From OE-Core rev: 4859cdf97fd9a260036e148e25f0b78eb393df1e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If tag.gpgSign is configured in Git's configuration, then creating the
build-minus-X tags will fail (if Git's core.editor is not configured) or
it will hang (when trying to open the editor). This is beacause
tag.gpgSign causes git tag to create annotated tags. To avoid this,
specify --no-sign as argument to git tag.
(From OE-Core rev: 7595a0a63a933af9dd9d1e458dc34a4ba80d9eae)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If tag.gpgSign is configured in Git's configuration, then creating the
devtool-patched tag will fail (if Git's core.editor is not configured)
or it will hang (when trying to open the editor). This is beacause
tag.gpgSign causes git tag to create annotated tags. To avoid this,
specify --no-sign as argument to git tag.
(From OE-Core rev: 5dba8d0b6c940934375eea9af37e7c4856b51c96)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Move to the FKIE feed by default, as it is showing better stability
than NVD2. Content of the feed should be the same.
(From OE-Core rev: 10580a6d36aa1366732f9c030345bd4590eb9f74)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SPDX library code was being ignored from taskhash calculations due
to accidentally being omitted from BBIMPORTS. This meant that changes in
the code or dependent variables would not cause the task to rebuild
correctly.
In order to add spdx_common, convert the `Dep` object from a named tuple
to a frozen dataclass. These function more or less equivalently, but the
bitbake code parser cannot handle named tuples.
Finally, the vardepsexclude that used to be present on the recipe tasks
needs to be moved to the python code in order for the variables to be
correctly ignored. Several unused exclusions were removed
(From OE-Core rev: eb597bf61cbcb0a4d43149404c93eec0894fb4c7)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to Yocto reference manual, in description of the
IMAGE_LINK_NAME variable, it is said that
It is possible to set this to "" to disable symlink creation,
however, you also need to set :term:`IMAGE_NAME` to still have
a reasonable value e.g.::
IMAGE_LINK_NAME = ""
IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}"
However, when using following additions in local.conf file:
INHERIT += "cve-check"
IMAGE_LINK_NAME = ""
IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}"
the implicit symlink creation in cve_check_write_rootfs_manifest leads
to following build failure
$ bitbake core-image-minimal core-image-base
...
ERROR: core-image-base-1.0-r0 do_image_complete: Recipe core-image-base is trying to install files into a shared area when those files already exist. The files and the manifests listing them are:
/home/poky/build/tmp/deploy/images/qemux86-64/.json
(matched in manifest-qemux86_64-core-image-minimal.image_complete)
Please adjust the recipes so only one recipe provides a given file.
Mitigate the issue by creating the symlink only in case IMAGE_LINK_NAME
has not been set to empty string.
(From OE-Core rev: 64bfec359bd909761ce0a6a716286d938ed162d1)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow choice of one of three feeds and update task dependencies
accordingly. All feeds contain data from NVD and are stored in
different files.
Set the NVD_DB_VERSION variable to choose feed:
NVD2 (default) - the NVD feed with API version 2
NVD1 - the NVD JSON feed (deprecated)
FKIE - the FKIE-CAD feed reconstruction
In case of malformed database feed name, we default to NVD2 and show
an error.
(From OE-Core rev: f265812bfb6797aee10e7be42865736c9ff3478f)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create missing directories required to create the symlink.
Use relative symlinks to stay in the build directory scope (to avoid sstate issue with absolute paths).
(From OE-Core rev: 6c4e3206b6537f714416688cf8c921dd21cdfc20)
Signed-off-by: Alexander Yurkov <alexander.v.yurkov@gmail.com>
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
LIC_FILES_CHKSUM supports begin-/endline for licenses included in
for instance header files. This patch adds support for line numbers
to NO_GENERIC_LICENSE, too.
(From OE-Core rev: 8e7ee19fc9e74cf042880f4bc317782482ba6f66)
Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, providers are set on a global config basis. This change allows
for a select set of providers to be configured using BB_RECIPE_VIRTUAL_PROVIDERS
on a per recipe basis. This would allow for the selection of virtual/cross-cc
as gcc or clang for example.
The PROVIDERS are removed from the recipes so that if a version of the
dependency accidentally slips through, the build will fail and the user
can correct the issue.
(From OE-Core rev: 6eeab1a5d7f23917b94c130e417d59afb757b546)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building with the class, avoid errors like:
"sstate found an absolute path symlink /xxx/vendor pointing at
/xxx/import/vendor. Please replace this with a relative link."
Use relative symlinks instead.
(From OE-Core rev: fc4f589cc7a8e5feba7940ccb244a74bd5f96371)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extracting the PN out of the PF value is not allways trivial.
For example when PE is set the package name will have the PE value
before the '_' that clearly makes the division between name and version.
Other packages include a number in their naming separated by a '-',
for example mozjs-115 and openjdk-17.
(From OE-Core rev: a2d54fa0c5ade523edf6be9105c6e943824988fa)
Signed-off-by: Angelo Ribeiro <ribeiro.angelo224@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The KERNEL_CC variable usage was introduced by commit d2fcaeb153fd
("icecc: Don't generate recipe-sysroot symlinks at recipe-parsing time,
2018-12-20") and is set once a recipe pulls the kernel-arch.bbclass.
There are a few packages, e.g. u-boot, barebox, devicetree, perf which
pull this class and for such packages the get_cross_kernel_cc() return
None because icecc_is_kernel() fail.
Fix this for now by replacing the KERNEL_CC check with the
icecc_is_kernel() helper, which is also used by the
get_cross_kernel_cc().
That said it's still not very robust to determine a compiler based on
a variable or inherited class but at least it fixes the issue for now.
(From OE-Core rev: 5e3c6a6384fcdc4a2269172012caae14e5f327ca)
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since bitbake commit f24bbaaddb36 ("data: Add support for new
BB_HASH_CODEPARSER_VALS for cache optimisation") the icecc fails with [1]:
ERROR: /Yocto/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb: no-pn NULL prefix
WARNING: /Yocto/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb: Exception during build_dependencies for set_icecc_env
The reason for this is the bb.fatal() within the icecc_version().
icecc_version() is called during the "${@}" python variable expansion
while bitbake is running the build_dependencies() for the
set_icecc_env() function.
To avoid this behaviour set_icecc_env() should be converted into a
python function which gets called during task[prefuncs] [2], which is
done by this commit.
[1] https://lists.yoctoproject.org/g/yocto/topic/icecc_support_broken/103429714
[2] https://lists.openembedded.org/g/openembedded-core/topic/110009272
(From OE-Core rev: 444445c5793aaf831ff0293b62a000f8ab7d40bb)
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few variable dependencies were incorrect from the SPDX tasks, which
prevented rebuilds from occurring, or caused them to occur when they
should not.
(From OE-Core rev: 38a5dd136b3a3713e63d23598011efe1c4b0f459)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
insane.bbclass now defines CHECKLAYER_REQUIRED_TESTS list with required
QA checks that are becoming mandatory for Yocto Project Compatible layers.
Update yocto-check-layer.bbclass in order to catch when packages from such
layers try to skip any of the required QA checks.
(From OE-Core rev: 9c3ba88628853b20fb4c98c99cf3fe8349024016)
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
buildhistory used to result in many individual objects in the repo which
could affect performance. This gc call was added over a decade ago to avoid
those performance issues. Modern git calls git-gc when needed and this kind
of workaround should no longer be needed.
There is a small chance this is contributing to problems with the autobuilder
buildhistory repositories, so simplifying the code may help that too.
(From OE-Core rev: 0a88f9109f7670a6b188463a19392d445af6ff40)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently flag cvesInRecord is set to false if all CVEs are ignored or
patched. This is inconsistent as it shows false if a CVE was fixed via
patch and true if this CVE was fixed by upgrade. In both cases the CVE
is valid and was fixed.
As I understand this flag, it should say if any CVE exists for
particular component's product (regardless of how this CVE is handled)
and can be used to validate if a product is correctly set.
Note that skipping ignored CVEs may make sense in some cases, as ignored
may mean that NVD DB is wrong, but in many cases it is ignored for other
reasons. Further patch can be done to evaluate ignore subtype but that
would be against my understanding of this flag as described above.
(From OE-Core rev: c5d499693672ec9619392011b765941cf94aa319)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 05ef4f2a7b225c8d230eaca8d333ffb921729d79 removed this
functionality by accident. It was implemented in text exporter, while it
should have been a global feature independent on exporter type to avoid
such accidental deletion.
(From OE-Core rev: 2996b11596afca288a6b7f409a5287063d331f3b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Cc: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
modules.txt is provided using file:// in SRC_URI, therefore it will be
found in UNPACKDIR instead of WORKDIR
(From OE-Core rev: 114fe16f96280f40a9cea20b02b2743be42645dd)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SPDX code makes heavy use of python classes. While this works very
well, the bitbake dependency parser is unable to understand how to deal
with them, and thus changes to the class code do not cause rebuilds to
occur. To correct this, add the library files that include SPDX code as
file checksums for the SPDX tasks. If this method works well for SPDX,
we will look at implementing something similar in the bitbake dependency
parser that should allow correct checksums without having to explicitly
add them to each class.
(From OE-Core rev: 6ac3033b77a0d1f7ab15801c5c65931adede3923)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source while SPDX_INCLUDE_SOURCES = "1"
While two projects share one sstate cache, the 1st project builds kernel-devsrc without
setting SPDX_INCLUDE_SOURCES, and 2nd project build kernel-devsrc with setting
SPDX_INCLUDE_SOURCES = "1". Then the 2nd build failed with kernel-source not found
1. In 1st build
$ cd path-to-first-build
$ bitbake kernel-devsrc
2. In 2nd build, share sstate cache of 1st build and SPDX_INCLUDE_SOURCES = "1"
$ cd path-to-second-build
$ echo 'SSTATE_DIR = "path-to-first-build/sstate-cache"' >> conf/local.conf
$ echo 'SPDX_INCLUDE_SOURCES = "1"' >> conf/local.conf
$ bitbake kernel-devsrc
...
NOTE: copyhardlinktree path-to-second-build/tmp-glibc/work-shared/axxiaarm64/kernel-source to path-to-second-build/tmp-glibc/work/axxiaarm64-wrs-linux/kernel-devsrc/1.0/spdx/3.0.1/work/kernel-source
ERROR: Error executing a python function in exec_func_python() autogenerated:
...
0208: bb.note(f"copyhardlinktree {share_src} to {src_dir}")
*** 0209: oe.path.copyhardlinktree(share_src, src_dir)
...
tar: path-to-second-build/tmp-glibc/work-shared/axxiaarm64/kernel-source: Cannot open: No such file or directory
...
The recipe kernel-devsrc or the recipe to inherit kernelsrc.bbclass, they do not
have task do_shared_workdir but depends on virtual/kernel:do_shared_workdir.
In this situation(the ${S} == ${STAGING_KERNEL_DIR}), explicitly make do_create_spdx
depends on virtual/kernel:do_shared_workdir could fix the racing issue
(From OE-Core rev: b05ff49de1e58f5696e8ee28fceaf9319be70e1f)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "x86"
MACHINE = "qemux86-64"
$ bitbake lib32-grub-native
The build would go on before the patch which was incorrect. Now:
ERROR: Nothing PROVIDES 'lib32-grub-native'. Close matches:
[snip]
The nativesdk doesn't have such an issue, so only skip native.
(From OE-Core rev: 73bea15bb5d0f70b587d2ad1007cc0282652eed7)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, while SPDX_INCLUDE_SOURCES = "1" [1], there is bug in scan
for gcc, libgcc in which the sources locates in work-share directory.
Copy source from ${WORKDIR} to ${SPDXWORK} did not satisfy the situation
while ${S} was not included in ${WORKDIR}
This commit aim to support SPDX include source for work-share directory
1. If is_work_shared_spdx, Copy source from ${S} to ${SPDXWORK},
normally the dest dir in ${SPDXWORK} has the same basename dir of ${S};
but for kernel source, rename basename dir 'kernel-source' to ${BP} (${BPN}-${PV})
2. For SPDX source copy, do hard link copy to save copy time
3. Move do_patch to no work shared situation along with do_unpack
4. Tweak task do_create_spdx dependencies to assure the patched source
in work share is ready for SPDX source copy
5. Remove bb.data.inherits_class('kernel', d) from is_work_shared_spdx,
the kernel source locates in 'work-shared', test kernel.bbclass is not
necessary
[1] https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SPDX_INCLUDE_SOURCES
(From OE-Core rev: 64454b1956a9b50d6c89a3f3d7c594c1272cb289)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Call function ${@create_spdx_source_deps(d)} or ${create_spdx_source_deps(d)}
along with addtask not working, use task do_create_spdx flag 'depends'
to instead
Move function create_spdx_source_deps to spdx-common.bbclass for both of
create-spdx-2.2.bbclass and create-spdx-3.0.bbclass
(From OE-Core rev: dda4b7ccd416ef370634babd150e944f2aa9116e)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://nvd.nist.gov/general/news/cvss-v4-0-official-support
CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024
Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260
(From OE-Core rev: 358dbfcd80ae1fa414d294c865dd293670c287f0)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added the "modified" field to the JSON export in the
cve-check.class. This field captures the last modification date of each
CVE, providing more detailed information on changes and updates within
the exported data.
(From OE-Core rev: 740b8a0b23c4021d07c3714420e3ea8b46e61454)
Signed-off-by: Katawann <quent_55@hotmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If BB_URI_LOCALCOUNT isn't set, the code does nothing. That code was removed in 2012:
https://git.yoctoproject.org/poky/commit/?id=d0f35207f9e19b440393a79ebf621649c495738d
Therefore drop the rest of it!
(From OE-Core rev: fca25fc4d7721f85f64c942307ebe7ba9f2fad3e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrades the SPDX 3.0 implementation from 3.0.0 -> 3.0.1. This version
introduced some breaking changes. Effectively, 3.0.0 was a pre-release
version that we do not need to support any longer.
(From OE-Core rev: 7e6509a19f6146f0dad0be7037ff4b3268d0128c)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|