Age | Commit message (Collapse) | Author | Files |
|
Add support for multiple types of signatures (binary or ascii)
in export_pubkey(). There is no change in behaviour for the function,
the previous implicit default is the new parameter "armor" default.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Starting from v2.1 passing passwords directly to gpg does not work
anymore [1], instead a loopback interface must be used otherwise
gpg >2.1 will error out with:
"gpg: signing failed: Inappropriate ioctl for device"
gpg <2.1 does not work with the new --pinentry-mode arg and gives an
invalid option error, so we detect what is the running version of gpg
and pass it accordingly.
[1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Implement ipk signing inside the sign_ipk bbclass using the gpg_sign
module and configure signing similar to how rpm does it. sign_ipk uses
gpg_sign's detach_sign because its functionality is identical to package
feed signing.
IPK signing process is a bit different from rpm:
- Signatures are stored outside ipk files; opkg connects to a feed
server and downloads them to verify a package.
- Signatures are of two types (both supported by opkg): binary or
ascii armoured. By default we sign using ascii armoured.
- Public keys are stored on targets to verify ipks using the
opkg-keyrings recipe.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The resolved support requires that gcrypt is enabled. PACKAGECONFIG doesn't
support dependencies, so add a comment.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Currently the recipe files are hardcoded and if the recipe
change the version, the test will fail.
This will change from using a harcoded file to look for the
file using bitbake-layers. Now, just the recipe name must
be specified.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Currently when using a git version the check for the stamp, using regex,
will fail because of plus sign in the version.
With this change the version is escaped before adding it to the regex.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Set UPSTREAM_CHECK_URI to the below listed URL:
http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Provide UPSTREAM_CHECK_URI to perform checkpkg task.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We were previously ignoring pkgs that came in from a setscene like from
an sstate mirror). With this patch we can use pkgs than come from sstate
for image customisation as well.
Also remove unused variable.
[YOCTO #9137]
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Michael Wood <michael.g.wood@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Poky jethro has libgomp ( GNU OpenMP ) license marked as GPL-3.0,
where's in fact the correct is GPL-3.0 with GCC Library Runtime Exception
Signed-off-by: Helio Chissini de Castro <helio.castro@bmw-carit.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Integrating the following patches for improved galileo support:
66009f8977a6 adc1x8s102: support ACPI-based enumeration.
903003b78c13 staging:iio: add support for ADC1x8s102.
cd83f4095b23 spi-pxa2xx: fixed ACPI-based enumeration of SPI devices.
c4efe23b7f93 pca9685: PCA9685 PWM and GPIO multi-function device.
81e166ec0a35 gpio: pca953x: provide GPIO base based on _UID
4086f8c34956 acpi: added a custom DSDT file.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
(From OE-Core master rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67)
minor tweak to get x86_64/ecc-384-modp.asm to apply
(From OE-Core rev: d1903e264ab62d34daeb652c89c6fb67e7c9b42d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a)
hand applied changes for ecc-256.c
(From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
By default qemu builds a complete list of directories within the user
emulation sysroot (-L option). The OE sysroot directory is large and
this is confusing, for example it indexes all pkgdata. In particular this
confuses strace of qemu binaries with tons of irrelevant paths.
This patch stops the code indexing up front and instead only indexes
things if/as/when it needs to. This drastically reduces the files it
reads and reduces memory usage and cleans up strace.
It would also avoid the infinite directory traversal bug in [YOCTO #6996]
although the code could still be vulnerable if it parsed those specific
paths.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Executables built with -fpie have the ELF type DYN rather than EXEC
which makes them difficult to distinguish from shared libraries.
Currently when building the list of executables we omit these binaries
so they might fail to run on the resultant rootfs due to missing
symbols. One of these is systemd which builds -fpie unconditionally, so
mklibs breaks images containing systemd.
Modify the search to catch all executable files that are ELF and have an
interpreter set. Omit libc and libpthread as special cases because they
have an interpreter and are directly executable but treating them as
such is antithetical to the pupose of mklibs.
Signed-off-by: Tyler Hall <tylerwhall@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Based as security reason, the system must limit users to
simultaneous system logins, or a site-defined number.
To avoid overwriting the /etc/security/limits.conf file after
upgrading this rpm package, we will define the file as
CONFFILES of package libpam-runtime.
Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Packages should not depend on themselves, otherwise it could lead to
circular dependencies on the package manager.
I have added a line on the proposed bash script that should add this
check on future versions.
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A previous fix for a python dep issue was not merged to the CVS version.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The libitm is not supported on nios2, so disable it.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@intel.com>
Cc: Thomas Chou <thomas@wytron.com.tw>
Cc: Walter Goossens <waltergoossens@home.nl>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit 8b81bb56c69aabdea984352f8e267a9783c0bdbc was accidentally merged.
The DL_DIR piece was simply incorrect and should be removed.
The patch commit message should have mentioned that the changes were
to update populate_sdk_ext after the changes to uninative now the
download is placed into a specific directory in DL_DIR. We also
need to specify the uninative tarball checksum.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"npm shrinkwrap" creates a file that ensures that the exact same
versions get fetched the next time the recipe is built. lockdown is
similar but also includes sha1sums of the modules thus validating they
haven't changed between builds. These ensure that the build is
reproducible.
Fixes [YOCTO #9225].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Allow plugins to create additional files to go alongside the recipe. The
plugins don't know what the output filename is going to be, so they need
to put the files in a temporary location and add them to an "extrafiles"
dict within extravalues where the destination filename is the key and
the temporary path is the value.
devtool add was also extended to ensure these files get moved in and
preserved upon reset if they've been edited by the user.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the user specifies an npm:// URL then the fetcher needs npm to be
available to run, so check if it's available early rather than failing
later.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rather than rolling all of an npm module's dependencies into the same
package, split them into one module per package, setting the SUMMARY and
PKGV values from the package.json file for each package. Additionally,
mark each package with the appropriate license using the license
scanning we already do, falling back to the license stated in the
package.json file for the module if unknown. All of this is mostly in
aid of ensuring all modules and their licenses now show up in the
manifests for the image.
Additionally we set the main LICENSE value more concretely once we've
calculated the per-package licenses, since we have more information at
that point.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Matching license texts directly to md5sums only goes so far. Some
licenses make the copyright statement an intrinsic part of the license
statement (e.g. MIT) which of course varies between projects. Also,
people often seem to take standard license texts such as GPLv2 and
reformat them cosmetically - re-wrapping lines at a different width or
changing quoting styles are seemingly popular examples. In order to
match license files to their actual licenses more effectively, "crunch"
out these elements before comparing to an md5sum. (The existing plain
md5sum matching has been left in since it's a shortcut, and our list of
crunched md5sums isn't a complete replacement for it.)
As always, this code isn't providing any guarantees (legal or otherwise)
that it will always get the license correct - as indicated by the
accompanying comments the LICENSE values it writes out to the recipe are
indicative and you should verify them yourself by looking at the
documentation supplied from upstream for the software being built if you
have any concerns.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For example, this picks up a file named MIT-LICENSE.txt.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the following improvements to mapping items specified in
AC_CHECK_PROG, AC_PATH_PROG and AX_WITH_PROG to recipes/classes:
* Produce a map of native recipe -> binary for all binaries currently in
STAGING_BINDIR_NATIVE and use this when mapping items
* Add some more entries to the class map
* Ignore autotools binaries since they are covered by the inherit of
autotools
* Ignore coreutils-native since that would almost always be a bogus
dependency
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Allow for whitespace in appropriate places, and ensure we match all
whitespace chars not just the space character.
(This fixes extracting dependencies from tmux's configure.ac, for
example.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_shared_workdir is not a proper sstate task, it always reruns if
needed, so special-case it in warnings when checking locked sigs.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previous, two things were wrong:
1) lib_basename was set from STAGING_LIBDIR only if prefix parameter was empty or missing
2) if prefix was not empty, lib_basename reverted to sys.lib, even if STAGING_LIBDIR
should've overriden it
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In python 3.4 python-config was rewritten in shell, ironically
to support cross-compilation:
https://bugs.python.org/issue16235
This new shell version is broken in several ways, and doesn't
have our oe-specific tweaks. Let's revert to the old script,
which is still provided.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The class had qemu_run_binary() which was not suitable for gobject-introspection,
as it required the name of the binary to run.
qemu_wrapper_cmdline() returns just the command line string needed to run
binaries, and does not require the binary name.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Popt may be internal or external to rpm. Either way the rpm libraries
will link properly with or without -lpopt.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Note the upstream submission in the patches.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Allow the user to set the specific digest and non-repudiable signature
algorithms. This should be done on a distribution wide basis.
See recipe for exact instructions, but values are now set using:
RPM_FILE_DIGEST_ALGO (default 1 - md5)
RPM_SELF_SIGN_ALGO (default DSA)
Also, change the PACKAGECONFIG to define the default crypto engine for
RPM5. Not just the available crypto engines. If a crypto engine is not
selected, the system will default to the internal beecrypt version.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
RPM interally has support to build and work with the stack protector.
This is disabled by default in the RPM package, and the proper settings
should be specified in the security_flags. Using the default setting of
stack-protector-strong causes linking problems due to issues with libtool
selecting the wrong GCC objections to link against.
Falling back to the RPM values of stack-protector will permit linking to
work properly, and some level of protection.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
meta/lib/oe/package_manager.py was also updated. This ensures that any
diagnostic messages are ignored from the output of rpmresolve.
The patches have been split into bug fixes (things that belong upstream)
and local changes that are OE specific.
The following patches are obsolete and have been removed:
rpm-remove-sykcparse-decl.patch
fstack-protector-configure-check.patch
rpm-disable-Wno-override-init.patch
rpm-lua-fix-print.patch
rpm-rpmpgp-fix.patch
verify-fix-broken-logic-for-ghost-avoidance-Mark-Hat.patch
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
The recent split/factoring between production and development
kernel configurations, EXPERT, EMBEDDED and DEBUG_KERNEL are no longer
selected for all kernel types. This means that ftrace is no longer
selected by default in in standard BSPs, causing breakage in things
that relied on it.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
started
Integrating the following commit for improved iwlwifi support:
iwlwifi: mvm: don't allow sched scans without matches to be started
commit 5e56276e7555b34550d51459a801ff75eca8b907 upstream.
The firmware can perform a scheduled scan with not matchsets passed,
but it can't send notification that results were found. Since the
userspace then cannot know when we got new results and the firmware
wouldn't trigger a wake in case we are sleeping, it's better not to
allow scans without matchsets.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=110831
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wu Zheng <wu.zheng@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
EMBEDDED
Integrating the folliwing patch series from Cal:
This patch series refactors the ktypes so that base and standard ktypes
do not enable EMBEDDED, EXPERT, or DEBUG_KERNEL. The reason this
decision was made is because production platforms likely do not want
DEBUG_KERNEL enabled, and EMBEDDED selects EXPERT which selects
DEBUG_KERNEL.
A new ktype called "developer" was also created. This ktype
enables the options now missing from standard and base, making it easy
to maintain the functionality of a BSP through simply swapping the ktype
from standard to developer. The preempt-rt ktype is now based off of
developer in order to maintain its functionality.
The new standard ktype does not include EMBEDDED, EXPERT, or
DEBUG_KERNEL. Without DEBUG_KERNEL it loses a number of debug features
that are selected by default. Without EXPERT it gains RFKILL_INPUT and
DEBUG_MEMORY_INIT, while losing VMSPLIT_3G. These are only available to
configure with CONFIG_EXPERT=y and default to EXPERT or !EXPERT. Not
selecting EMBEDDED has no apparent impacts.
Some coordination is required for this change, as existing BSPs WILL be
affected, and will either need to accept the changes in the standard
ktype or move to the developer ktype.
California Sullivan (12):
features/debug: add debug-kernel feature
ktypes: add developer ktype
ktypes/base: Disable EMBEDDED and DEBUG_KERNEL
CONFIG_PROCESSOR_SELECT: do not enable
intel-common-drivers.scc: move profiling and latencytop to a new file
romley.scc remove profiling and latencytop features
bsp/intel-common: add intel-core* developer BSPs
preempt-rt.scc: include developer ktype instead of standard
intel-common: add intel-developer-drivers.scc to preempt-rt BSPs
CONFIG_I2C_I801: set option to yes in intel-core* BSPs
bsp: add developer common-pc BSPs
bsp: remove profiling and latencytop from non-developer common-pc BSPs
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
xmlto looks for a cp binary, and on e.g. Fedora 23 will find it at /usr/bin/cp
but most other distros have it at /bin/cp. This causing problems with sharing
sstate between distributions, but as /bin is a symlink on F23 we can safely
force the path to /bin/cp.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Clean up the code which gathers buildstats for Toaster,
and modify the field names so that the correct parts of the
buildstats files are used to derive the CPU usage values.
Also derive elapsed time for the build here, rather than in
Toaster, as we have ready access to the data in the correct
format.
[YOCTO #8842]
Signed-off-by: Elliot Smith <elliot.smith@intel.com>
Signed-off-by: Michael Wood <michael.g.wood@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport fixes needed to avoid use of VLAs which is not available
on clang/llvm
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Backport patches to fix build failure caused by
'--without-jbig2dec' and '--without-jbig2dec'.
...
|make[1]: *** No rule to make target `obj/sjbig2_.dev',
needed by `obj/sjbig2.dev'. Stop.
...
http://bugs.ghostscript.com/show_bug.cgi?id=696497
- Previously, it did not build the whole local libpng
source in ghostscript, only picked up specific files
and compile them. But on ghostscript 9.18, when the
arm's FPU has been set to NEON (-mfpu=neon * with GCC),
the selected file "libpng/pngrutil.c" needs to link
'png_init_filter_functions_neon' which should be
compiled by a non-selected file "libpng/arm/arm_init.c".
...
|./obj/pngrutil.o: In function `png_init_filter_functions':
|armv7a-neon-poky-linux-gnueabi/ghostscript/9.18-r0/build/../
ghostscript-9.18/libpng/pngrutil.c:3921: undefined reference to
`png_init_filter_functions_neon'
...
So do not compile local libpng source in ghostscript,
use shared libpng to instead.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|