| Age | Commit message (Collapse) | Author | Files |
|---|
|
Signing package feeds will default to ascii armored signatures (ASC) the
other option being binary (BIN). This is for both rpm and ipk backends.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Create gpg signed ipk package feeds using the gpg backend if configured
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add support for multiple types of signatures (binary or ascii)
in export_pubkey(). There is no change in behaviour for the function,
the previous implicit default is the new parameter "armor" default.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Starting from v2.1 passing passwords directly to gpg does not work
anymore [1], instead a loopback interface must be used otherwise
gpg >2.1 will error out with:
"gpg: signing failed: Inappropriate ioctl for device"
gpg <2.1 does not work with the new --pinentry-mode arg and gives an
invalid option error, so we detect what is the running version of gpg
and pass it accordingly.
[1] https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Implement ipk signing inside the sign_ipk bbclass using the gpg_sign
module and configure signing similar to how rpm does it. sign_ipk uses
gpg_sign's detach_sign because its functionality is identical to package
feed signing.
IPK signing process is a bit different from rpm:
- Signatures are stored outside ipk files; opkg connects to a feed
server and downloads them to verify a package.
- Signatures are of two types (both supported by opkg): binary or
ascii armoured. By default we sign using ascii armoured.
- Public keys are stored on targets to verify ipks using the
opkg-keyrings recipe.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently the recipe files are hardcoded and if the recipe
change the version, the test will fail.
This will change from using a harcoded file to look for the
file using bitbake-layers. Now, just the recipe name must
be specified.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Currently when using a git version the check for the stamp, using regex,
will fail because of plus sign in the version.
With this change the version is escaped before adding it to the regex.
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Rather than rolling all of an npm module's dependencies into the same
package, split them into one module per package, setting the SUMMARY and
PKGV values from the package.json file for each package. Additionally,
mark each package with the appropriate license using the license
scanning we already do, falling back to the license stated in the
package.json file for the module if unknown. All of this is mostly in
aid of ensuring all modules and their licenses now show up in the
manifests for the image.
Additionally we set the main LICENSE value more concretely once we've
calculated the per-package licenses, since we have more information at
that point.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_shared_workdir is not a proper sstate task, it always reruns if
needed, so special-case it in warnings when checking locked sigs.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
meta/lib/oe/package_manager.py was also updated. This ensures that any
diagnostic messages are ignored from the output of rpmresolve.
The patches have been split into bug fixes (things that belong upstream)
and local changes that are OE specific.
The following patches are obsolete and have been removed:
rpm-remove-sykcparse-decl.patch
fstack-protector-configure-check.patch
rpm-disable-Wno-override-init.patch
rpm-lua-fix-print.patch
rpm-rpmpgp-fix.patch
verify-fix-broken-logic-for-ghost-avoidance-Mark-Hat.patch
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Test that layer git revisions are displayed and
do not fail without git repository.
fix for [YOCTO #8852]
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Prelink contains some hardcoded assumptions about the path layout of
the target system. Unfortunately if the system doesn't match, prelink
doesn't work. This breaks:
a) prelink of those images
b) the unsafe-references-in-binaries QA test (which uses prelink-rtld)
One way to work around this is to construct an ld.so.conf file which
lists the library paths in question. We do this in sanity QA check and
in the rootfs prelink code, being careful not to trample any existing
target ld.so.conf.
There is an additional problem that $LIB references in RPATHs won't be
handled correctly, I've not see any system use these in reality though
so this change at least improves things.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a build-sdk command which is only available within the extensible
SDK that builds a derivative extensible SDK. The idea is recipes in the
workspace become a part of the new SDK - for example, this allows taking
a vendor provided SDK, adding a few libs and then producing a new SDK
with those included.
When normally building the extensible SDK, the workspace is excluded;
here we need to copy into the new SDK (renaming it in the process); the
recipes' task signatures become locked and thus the sources are no
longer needed, so they are removed along with the workspace bbappends
which would interfere with the locked signatures. Additionally we need
to just copy the configuration files (i.e. local.conf and auto.conf)
rather than filtering and appending to them since that work has already
been done when constructing the original SDK. The extra sstate artifacts
from workspace recipes are also determined and copied into the new SDK
in minimal mode (on the assumption that you won't set up a new sstate
mirror).
This reuses some code from build-image, so that needed to be
generalised to allow that.
Implements [YOCTO #8892].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixing one of the recipes not to contain unsafe references to paths
results in this QA test failing. Improve the test so that we test
the recipe works, then if we intentionally break the recipe, the
issue is detected.
Also split out the binaries test from the scripts test. The binaries
issue may also get 'fixed' in future and need the same fix.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Testing of local sdk updates was commented out.
Local sdk updates are functional now, so the tests should be re-enabled.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The SDKUpdateTest class test devtool sdk-update mechanism inside
eSDK.
The SDKUpdateTest class search for new sdk if not found uses
the main one then it publish the eSDK into known folder
inside work and it starts a web server for serve the eSDK.
Finally it executes sdk-update over http, the local test is
commented due to bug [1].
[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=9043
[YOCTO #9089]
Signed-off-by: Aníbal Limón <limon.anibal@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
tcname is needed for eSDK update testcase will be used for
publish it and then try to update
Signed-off-by: Aníbal Limón <limon.anibal@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The removal of bitbake and scripts PATH is only needed by eSDK tests
so move to eSDK context only.
This also it's a support for eSDK update test because it needs to
execute oe-publish-sdk from scripts.
Signed-off-by: Aníbal Limón <limon.anibal@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Due to the neeed to use in other modules.
Signed-off-by: Aníbal Limón <limon.anibal@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add a test for devtool upgrade with a recipe pointing to a git
repository, since this uses several different code paths.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Use a more real-world test of a recipe pointing to a remote file
* The cleanup tracking / teardown commands need to be added towards the
top, or they won't have the desired effect of cleaning up if the test
fails.
* Check that a versioned subdirectory gets renamed to match the new
version
* Ensure the recipe contents gets changed as we expect it to
* Check that the recipe directory is deleted by devtool reset at the end
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Moved an error to common, and whitelisted the BAR errors
and ati module. Also the uvesafb related errors will be
ignored in LSB images which do not have graphic interface.
Fix for [YOCTO #8387]
Fix for [YOCTO #8590]
Fix for [YOCTO #6820]
Fix for [YOCTO #7897]
Signed-off-by: Lucian Musat <george.l.musat at intel.com>
Signed-off-by: Cristina Agurida <cristina-danielax.agurida@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
correctly on localhost.
This test case validates if prservice start and stop properly the server.
Using bitbake commands also validates the exit status.
[YOCTO #8258]
Signed-off-by: Francisco Pedraza <francisco.j.pedraza.gonzalez@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
A network module was added, and will contain network utility funcions for now.
with get_free_port that returns available network port in the system.
Signed-off-by: Francisco Pedraza <francisco.j.pedraza.gonzalez@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
fix for [YOCTO #8706]
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Previously the keys were put into the os-release package. The package
indexing code was also deploying the keys rather than only using the keys.
This change makes signing-keys.bb the only publisher of the keys and also
uses standard tasks that already have sstate.
Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When checking enabling buildhistory doesn't change anything but rootfs stamps,
just build core-image-minimal instead of -sato to reduce the time this test
takes.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This allows directly giving the passphrase, instead of reading from a
file.
[YOCTO #9006]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refactor the LocalSigner class. Do not store keyid or passphrase file in
the signer object as they are only needed for some of the methods. For
example, the newly added verify() method does not need any key
parameters and export_pubkey only uses keyid.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #9006]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A new method for verifying detached signatures.
[YOCTO #9006]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bitbake option to restore from sstate only within a build
(i.e. execute no real tasks, only setscene)
fix for [YOCTO #8876]
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of raising a generic Exception that can't be handled specifically, raise
a ValueError. Also update the callers so any unexpected exceptions are not
ignored.
Also, rename isBigEngian() to isBigEndian().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When opening an ELF file check that a filename points to a normal file before
attempting to open it, as if the file turns out to be something more exotic like
a FIFO it could hang forever.
(From OE-Core rev: 4b3576bc30d8f8cdcde25189def8b059fc92b27c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
boot time string can change its format of the output of the amount of time
it took to boot. It is required to handle graceful fail of the parsing
errors that it provokes
[YOCTO #8889]
Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With the addition of the task name to recipe output, the sanity tests
need updates where they are looking for specific messages.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Image should be build usual way, i.e. using bitbake <image>.
Specifying do_mage_complete and do_rootfs_wicenv tasks should not
be needed anymore as those tasks should be run by bitbake for
every image.
Removed specifying do_mage_complete and do_rootfs_wicenv tasks
from bitbake calls.
(From OE-Core rev: d8d7bd1b41eb846f18378a2581ff172cb2cc52b8)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed the following pylint warnings:
C: 45, 0: Line too long (91/80) (line-too-long)
C:105, 0: Wrong continued indentation.
ignore_status=True).status)
^ | (bad-continuation)
W: 83, 8: Redefining built-in 'vars' (redefined-builtin)
W:175, 8: Redefining built-in 'vars' (redefined-builtin)
W: 27, 0: Unused import sys (unused-import)
(From OE-Core rev: ecb5320e766d0fa031c269d6d9b2a24c81c7aa7e)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added test_qemu testcase to boot wic-image-minimal and test
that 2 partitions mentioned in .wks are mounted.
[YOCTO #8499]
(From OE-Core rev: 6fb015d0847fe7d259d654d4a99bf4c328f810ab)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Replaced wic.bz2 -> wic in the recipe.
Replaced wic.bz2 -> wic in oe-selftest test case.
wic-image-minimal is going to be booted in qemu and tested.
As runqemu doesn't support compressed images this recipe needs
to produce raw wic image.
(From OE-Core rev: 3ce91db94f4b921566dce0dc6f91a422009be06b)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added 'wic' to the list image types supported by targetcontrol.
This is a preparation for booting and testing wic images
with oe-selftest.
[YOCTO #8498]
(From OE-Core rev: 7dda053fbd1ea1354b7720cfa691470ba88ef5b9)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added new parameter 'ssh' to targetcontrol 'start' method
to be able to test images without running ssh server.
[YOCTO #8498]
(From OE-Core rev: 1c3c66aadd43092bc19242b0651ee810cc31fe7c)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
QemuRunner requires pair of ip addresses provided through kernel
commandline for method 'start' to work. These ip addresses are
used to connect to the image using ssh and run tests there.
However, this functionality should not be mandatory as testing
doesn't always require ssh connection. Some tests can be run using
serial console.
Added new parameter 'get_ip' to QemuRunner.start to make it possible
to skip getting pair of ip addresses from kernel command line. This
should allow oe-selftest to test images without modifying kernel
command line.
[YOCTO #8498]
(From OE-Core rev: 3f8b734ebb81d035849288091bb0b97b9c4fba34)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed unused parameter 'test' from runqemu function.
(From OE-Core rev: c688b3bcbb57099fa72a9728bc708b109802f7fc)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It seems that if the --workdir option is not set konsole does open in the users
home directory. By setting --workdir . konsole opens in the recipes work
directory. This is the same behavior as observed for other consoles.
(Tested with Konsole 2.14.2 on Debian Jessie).
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a test so we validate the following recently implemented/fixed
aspects of "devtool add":
* Adding from a local directory with no name specified
* Auto-detecting the name and version from autoconf files
* Setting SRC_URI and S from the local git repo
* Showing the recipe file path in "devtool status" if it has been
created within the workspace
Incidentally also tests:
* LICENSE and LIC_FILES_CHKSUM detection (though just for this piece of
software)
* Extracting a dependency from autoconf (though just for this narrow
case since there's only one)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It's going to be more common for users not to have the prepared source
tree for a recipe already, so the default behaviour ought to be to
extract it for them from the recipe. Change the default to extract
(effectively making the -x option a no-op) and add a --no-extract/-n
option to disable it. Later we can look at trying to be smart and
reusing an existing source tree instead of erroring out if it exists;
for now this is just the default reversal.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When extracting source for a recipe, if there are additional custom
tasks run that make changes to the source, create a commit in the
generated git branch so they are contained. This is particularly
useful for tasks that come before do_patch since otherwise the changes
might get incorporated in the first applied patch, but otherwise it
helps avoid the tree being dirty at any point.
Fixes [YOCTO #7626].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
