| Age | Commit message (Collapse) | Author | Files |
|---|
|
Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.
However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.
A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument
With a recent enough swtpm, one can create a TPM device like this:
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
TPM is listening on TCP port 34613.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET
- runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
--tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
-tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
tpm-tis,tpmdev=tpm0" ...
Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.
swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).
With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If there are many recipes that should be cleaned out from the
sysroots, it can actually take some time. This adds a progress bar to
give a visual clue that the clean up is actually progressing.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If two builds are sharing the same DL_DIR, and the uninative file is local
to a layer. When the first build gets to uninative it creates the link local
to itself, and subsequent users can use the same link. However if that first
build then is deleted from the disk, the symlink is no longer valid (broken).
We need to update the system to detect this case, and use the model
implemented by the bitbke fetch2 code. Look for a broken link, remove it,
then try to create the link and ignore an exception if it already exists
(since we just unlinked any bad one).
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
minicom calls out to lrzsz to peform X/Y/ZMODEM transfers, so add a recommends.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
acinclude.m4 is about to be removed from the lzo recipe which breaks
test_devtool_update_recipe_local_files_2. Create a synthetic recipe in
meta-selftest with some local files and use that instead.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is breaking input in qemu (and maybe more).
This reverts commit 915b99bb8faa29ce3d35c0d6a1e96fa9bcc5c6f1.
[ YOCTO #12403 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We depend on the host GNU patch, but patch < 2.7 can't handle git-style patches.
This results in patches that fail to apply, or worse apply incorrectly.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This code is an error path so nobody noticed that oe.utils.getstatusoutput() is
just a wrapper around subprocess.getstatusoutput() which returns an (int,
string) pair not (string, string).
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If a bug is present or the user has set PATCHTOOL = "git" on a source
tree that isn't git, if we try to perform git operations (such as
committing or changing branches) when extracting source, then we might
in fact be running those operations on the metadata repository if the
build directory is underneath, say, poky or OE-Core, and that could
make a mess. Check if the source tree is a git repository and refuse
to continue if it isn't.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* NATIVE_INSTALL_WORKS hasn't been used in a very long time, so there's no
need to be setting it here.
* RCONFLIGHTS was clearly a typo.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.
Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* files is already included in default FILESPATH
* it cannot inherit allarch as it RDEPENDS on bunch of TUNE_PKGARCH packages
* use the same COMPATIBLE_HOST restrictions as grub has to prevent ERRORs in
bitbake world
ERROR: Nothing RPROVIDES 'grub' (but oe-core/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb RDEPENDS on or otherwise requires it)
grub was skipped: incompatible with host arm-oe-linux-gnueabi (not in COMPATIBLE_HOST)
grub was skipped: incompatible with host arm-oe-linux-gnueabi (not in COMPATIBLE_HOST)
NOTE: Runtime target 'grub' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['grub']
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Minor grammar correction along with making the term 'login banner'
consistent throughout to make searching logs easier.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The current logging always assumes the boot timeout has expired yet
there is a second reason we might have ended up in a position where no
login banner was found, that being a socket disconnect. Add logging
for the disconnect case and make the timeout expiration conditional on
the timeout being exhausted.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When debugging issues when timeouts are involved it is always best to
have wall clock times included. This helps give confidence that the
timeout is in fact run down at the right rate and that no unexpected
events were the true cause of a premature running down of the
timeout. Having these times in old logs also helps when debugging
issues as we have a historic record as to what is a 'typical' time to
complete an action.
In addition to adding the wall clock times the time to 'login' is now
printed making it consistent with the time to 'qemu pid'.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The editenv utility must be available on grub and grub-efi so we
better have it inside the grub2.inc file to avoid the duplication of
metadata.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
To allow scripting and environment changes, the loadenv and test must
be enabled. This adds those to the default set.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
As we will add new values here, it is better to split it in multiple
lines.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This new module allow for easy execution of external scripts or
applications. It runs anything found in /exec.d directory in order and
in case of no scripts to be available, it opens a shell.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Setting IMAGE_FSTYPES_DEBUGFS to the same value as IMAGE_FSTYPES can
lead to creating a large number of DEBUGFS filesystem images, many of
which may not make much sense (or may not even be buildable).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The nm01 testcase runtime depends on a static library, and ltp-staticdev
package is entirely pointless, so remove it and add the static libraries
to ltp main package and skip the "staticdev" checks.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
gperf doesn't use aclocal so don't call aclocal.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Instead, just stop running aclocal.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
The entry point is not guaranteed to exist, so use the
piglit_egl_get_default_display() helper which does the correct thing.
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The '--label' argument should work for '--source rawcopy' as it does for
'--source rootfs', so add a method in RawCopyPlugin to update the label
on the temporary filesystem images.
Signed-off-by: Martin Hundebøll <mnhu@prevas.dk>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1. Fix HOMEPAGE. The old one is obsolete.
2. Remove the setting of CPPFLAGS.
It was used to support out-of-tree build. But the problem has been
fixed upstream since commit 90cc5460aa0e9ca10a0d7c8c44064fd14789f750
(build-sys: add $(top_srcdir) to include search dir).
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It always fail to check the file generated by configure
when running ptest on the target since it's cross-compiling,
so remove the check from the Makefile for ptest.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We add the kernel-build-artifacts to the cleandirs list to ensure
that there are no remaining artificats in the kernel-build-artifacts
directory which is STAGING_KERNEL_BUILDDIR. Without this change
multiple System.map files are visiable in the STAGING_KERNEL_BUILDDIR,
which could cause problems for some tools.
[YOCTO #11880]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Under musl bash uses its own libintl clone but there are some missing
dependencies so it is possible for pathexp.o to be built whilst libintl.h is
being written, leading to compile errors.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
autoreconf finds autoconf/local.m4 on its own, so there's no need to mess around
with a fork of aclocal.m4 as acinclude.m4.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is the cache variable used by AC_FUNC_MMAP, which is possibly one of the
worst autoconf macros to exist.
Apart from being a runtime test which silently claims that mmap() is broken when
cross-compiling, this is basically to verify that mmap() actually works, because
SVR4.0 (released 1988) was broken. Thirty years later, everyone has a working
mmap().
common-glibc already has an assignment, so add a corresponding assignment to
common-musl and remove it from the machine-specific files.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bash hand-maintains their aclocal.m4, so stop autoreconf from invoking aclocal
and overwriting it. This means we can remove the kludge to copy aclocal.m4 to
acinclude.m4.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Changes:
http://www.alsa-project.org/main/index.php/Changes_v1.1.4_v1.1.5
Rebased 0001-alsactl-don-t-let-systemd-unit-restore-the-volume-wh.patch.
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Changes:
http://www.alsa-project.org/main/index.php/Changes_v1.1.4_v1.1.5
Rebased autotools.patch and makefile_no_gtk.patch.
Dropped 0001-as10k1-Make-output_tram_line-static-inline.patch with the
assumption that it's not needed any more. The patch added a "static"
qualifier to a function. According to the commit message, this was done
to improve optimization. Upstream removed the "inline" qualifier from
that same function, because it caused some trouble with clang. My guess
is that the patch author actually ran into the same clang problem as
upstream, but came up with a different fix. It doesn't seem like a
function whose optimization anyone would really be interested in.
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Changes:
http://www.alsa-project.org/main/index.php/Changes_v1.1.4_v1.1.5
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Changes:
http://www.alsa-project.org/main/index.php/Changes_v1.1.4_v1.1.5
Dropped all patches. The poll.h patch is included in the release, and
the wordexp patch is not needed any more, because the wordexp function
is replaced by an internal reimplementation.
It would still be possible to enable the use of wordexp with the
--with-wordexp configure option. The option exists, because the internal
reimplementation covers only part of what wordexp can do, so not using
wordexp can in theory cause regressions. However, it seems that
regressions are quite unlikely in practice. Here's some discussion about
the topic:
http://mailman.alsa-project.org/pipermail/alsa-devel/2017-July/122667.html
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Release notes:
http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/html/history.html?revision=1.154
Dropped patches that are included in the release:
- lame-3.99.5_fix_for_automake-1.12.x.patch
- CVE-2017-13712.patch
The CACHED_CONFIGUREVARS thing to disable SSE code on x86 isn't needed
anymore. The build system now correctly detects when SSE isn't
available.
Note for stable branch maintainers: This release includes several fixes
for bugs that have a CVE number associated with them. The bugs (or at
least most of them) are crashes that seem to be considered "remote DoS"
vulnerabilities, probably because it's easy to imagine lame being used
with untrusted audio files from remote sources. If you want to backport
"all sercurity fixes" to the stable brances, that task seems pretty
difficult. The release notes explicitly mention three CVE numbers, but
there are more: for example, OE had a fix for CVE-2017-13712, which is
not mentioned in the release notes but is fixed in the release. The
commit log doesn't keep any track of CVE numbers either. Maybe it would
be best to just upgrade lame to 3.100 also in the stable branches.
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
11.0 release notes:
https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/11.0/
Additional changes in 11.1:
* Fix a crash in filter modules related to flat volumes and volume
sharing
* Fix a crash when the bluetooth adapter reports weird MTU size
* Disable bluetooth MTU autodetection by default
* Add mixer handling back for hardware that doesn't have any alsa-lib
configuration
* Prioritize USB devices over built-in sound cards (11.0 was supposed
to have this feature, but the implementation turned out to be
incomplete)
Dropped backported patch:
pulseaudio-discuss-iochannel-don-t-use-variable-length-array-in-union.patch
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When read-only-rootfs is active, we need to ensure that the rootfs
does not get mounted read/write by the kernel or initramfs. Adding
"ro" to the boot parameters achieves that.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
