| Age | Commit message (Collapse) | Author | Files |
|---|
|
Make use of lnr/ln -r while creating relative symlinks than guessing the
relalive path.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
/bin, /sbin, /lib are replaced with ${base_bindir}, ${base_sbindir} and
${base_libdir}.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The windres binutils binary which is used for Windows resource files
requires utf-16 and cp1252 encoding support in order to correctly
generate resource files with strings. As such when using uninative to
build mingw resources for a nativesdk target the windres binary is
executed on the native host, thus using the uninative libc and gconv
modules.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For the native tools, a static patch inserted gcc/g++/ld/ar while later
adding BUILD_LDFLAGS and BUILD_CFLAGS with sed. Now it's all done with sed,
which has the advantage that it uses the actual compile variables. However,
in practice those are the same.
More importantly, picking the build tools for the target was
broken. ovmf-native tried to insert TARGET_PREFIX into the tools
definition file, but that variable is empty in a native recipe. As a
result, "gcc" was used instead of "${HOST_PREFIX}gcc", leading to an
undesirable dependency on the host compiler and potentially
(probably?!) causing some of the build issues that were seen for ovmf.
The new approach is to override the tool selection in ovmf-native so
that the HOST_PREFIX env variable is used, which then gets exported
during do_compile for the target.
While at it, Python code that gets appened to do_patch only to call
shell functions gets replaced with the do_patch[postfuncs] mechanism.
Incremental builds now always use the tools definition from the
current ovmf-native; previously, only the initial build copied the
template file.
Probably the entire split into ovmf-native and ovmf could be
removed. This merely hasn't been attempted yet.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Both shadow and util-linux packages provides 'nologin' binary in ${base_sbindir}
and ${sbindir} respectively, this leads to conflict when 'usrmerge' feature is
enabled, where ${sbindir} == ${base_sbindir}. Hance, handle this to alternative
system to resolve the conflict.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
|
|
package.
update-alternative.bbclass might rename the 'reset' binary when LINK_NAME ==
TARGET, This is true (${base_bindir} == ${bindir}) in 'usrmerge' distros.
Hence, suffix with * to properly package the renamed binary.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
|
|
libnss_* files should be part of corresponding sub-packages, the split happens
by do_package_split(). By adding ${libdir}/libnss_* to FILES_${PN}, those files
end up in the systemd package when ${libdir} == ${base_libdir}.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
|
|
Make sure fsck.cramfs is packaged before fsck so the latter
does not steal the fsck.cramfs binary when building with usrmerge.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|
|
If base_bindir=bindir, /usr/sbin/ldconfig gets packaged into glibc-utils instead
of glibc: Switch PACKAGES order to prevent this.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The Eclipse plugin uses cmake from the SDK and currently has issues
because cmake is not installed as a host tool. This patch adds cmake as
a host tool for the sdk/esdk.
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Split long recipe description into multiple lines.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Rich Felker (11):
fix ld-behavior-dependent crash in ppc64 ldso startup
rework ldso handling of global symbol table for consistency
reorder addend handling before symbol lookup in relocation code
emulate lazy relocation as deferrable relocation
fix free of uninitialized buffer pointer on error in regexec
in static dl_iterate_phdr, fix use of possibly-uninitialized aux data
fix possible fd leak, unrestored cancellation state on dns socket fail
fix wide scanf's use of a compound literal past its lifetime
fix one-byte overflow in legacy getpass function
avoid loading of multiple libc versions via explicit pathname
remove unused refcnt field for shared libraries
Szabolcs Nagy (1):
treat STB_WEAK and STB_GNU_UNIQUE like STB_GLOBAL in find_sym
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To fix:
file /usr/share/man/man1/eject.1 conflicts between attempted installs
of util-linux-doc-2.29.1-r0.core2_64 and eject-doc-2.1.5-r1.core2_64
and
file /usr/share/man/man1/logger.1 conflicts between attempted installs
of util-linux-doc-2.29.1-r0.core2_64 and inetutils-doc-1.9.4-r0.core2_64
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
config-dirent-symbols.patch was removed from SRC_URI as "already
applied in upstream" in 983a4986947.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"pod2man" went missing from BA, but it is required.
This patch fixes the Toaster error:
<...>
ERROR: These tools appear to be unavailable in PATH, please install
them in order to proceed:
pod2man
<...>
[YOCTO#11144]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove any symlinks before creating new ones to avoid potential build
errors such as:
FileExistsError: [Errno 17] File exists: '../../usr/src/kernel' -> ... '
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Do not rely on pip3 being installed on the host.
Use pip3-native instead.
[YOCTO#10909]
[YOCTO#11022]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The logic is scattered all over the place, but amounts to
"install, unless the rootfs is read only". Let's express that directly.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
This is causing a problem in multilib where base-files and lib64/32-base-files
clash because they may have different dates. Also, if the package is coming
from sstate it has an incorrect date anyway.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise it will cause conflicts in mutlilib setting, as it
varies from one machine to another.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously the GIO tests would be built or not depending on whether the host had
a dbus-daemon binary available. Fix this by seeding the AC_CHECK_PROGS check
with the right value, and adding a RDEPENDS for dbus-daemon on the target.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
IPv6 routes need the device argument for link-local routes, or they
cannot be used at all. E.g. "gateway fe80::def" seems to be used in
some places, but kernel refuses to insert the route unless device
name is explicitly specified in the route addition.
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bring the dropbear init script into sync with the systemd service
file (dropbearkey.service supports RSA host keys only) and with
recent versions of openssh which deprecate DSA host keys.
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Licence updated by removing its first line which was containing
copyright notice including year, which could change quite often.
Additional empty line was deleted, too.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The largefile distro feature has been enabled by default in oe-core
for a long time and, more recently, also in poky-tiny. Building
without the largefile distro feature receives little or no testing.
Many packages now enable LFS without exposing a configure option, so
there should be very little expectation that disabling the distro
feature will result in a distro which globally disables LFS.
Respecting the distro feature adds a maintenance over-head and may be
the source of configurations oddities (e.g. dbus-native currently
builds with LFS disabled for no clear reason - fixed by this commit).
Ignore the largefile distro feature more widely, as a first step
towards deprecating and eventually removing it.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bring in some needed chnages for arm
Bobby Bingham (1):
s390x: implement dlsym
Rich Felker (2):
fix build regression in arm atomics asm with new binutils
allow page size to vary on arm
Szabolcs Nagy (1):
fix lsearch and lfind to pass key as first arg to the compar callback
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoid trying to call ldconfig at run-time in distros which don't
provide ldconfig on the target.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
USE_LDCONFIG could previously be set to 0 by distros which do not
require ldconfig or ld.so.conf on the target. Since more and more
recipes may need to respect that option, replace the ad-hoc variable
with a distro feature.
Distros which previously set:
USE_LDCONFIG = "0"
Should now instead use:
DISTRO_FEATURES_BACKFILL_CONSIDERED_append = " ldconfig"
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
do_locked_sigs() uses ${D} to hold a file as input to the sstate staging code.
Generally this isn't a problem as it happens after packaging, but sometimes (if
the recipe is rebuild, perhaps) do_package() will see the file inside ${D} and
fail because there is an uninstalled file.
Solve this by using a directory under ${WORKDIR} so it can't be packaged.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Delete the 'charset.alias' file during the do_install task if it exists.
This file is not shipped in any packages and on the targets that it is
generated (musl and mingw32) it is undesired.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When renaming the 'gio-querymodules' binary to prefix with the current
MLPREFIX, only do this for target packages where the MLPREFIX makes
sense. This skips renaming for nativesdk targets which have MLPREFIX set
to 'nativesdk-'.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Tiny bug fix release.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
configfs is another kernel virtual file system that should be mounted
if configured, so if it's configured into the kernel, mount it. It is
used to configure e.g. USB gadget mode and devicetree overlays.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The VfrCompile tool has a hard-coded maximum length for path names
which turned out to be too small by around 20 characters in the
Yocto autobuilder setup. Increasing the maximum by a factor of 4
is relatively easy and makes the problem less likely.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
This patch was added to meta-luv for kernel testing purposes and
probably is not relevant for OE-core.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
When booting a qemu virtual machine with ovmf.secboot, it comes up
with no keys installed and thus Secure Boot disabled. To lock down
the machine like a typical PC, one has to enroll the same keys
that PC vendors normally install, i.e. the ones from Microsoft.
This can be done manually (see
https://wiki.ubuntu.com/SecurityTeam/SecureBoot and
https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf) or automatically with the EnrollDefaultKeys.efi helper
from the Fedora ovmf rpm.
To use this with qemu:
$ bitbake ovmf-shell-image
...
$ runqemu serial nographic qemux86 ovmf-shell-image wic ovmf.secboot
...
UEFI Interactive Shell v2.1
EDK II
UEFI v2.60 (EDK II, 0x00010000)
Mapping table
FS0: Alias(s):HD2b:;BLK4:
PciRoot(0x0)/Pci(0x5,0x0)/HD(1,GPT,06AEF759-3982-4AF6-B517-70BA6304FC1C,0x800,0x566C)
BLK0: Alias(s):
PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0)
BLK1: Alias(s):
PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1)
BLK2: Alias(s):
PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0)
BLK3: Alias(s):
PciRoot(0x0)/Pci(0x5,0x0)
Press ESC in 1 seconds to skip startup.nsh or any other key to continue.
Shell> fs0:EnrollDefaultKeys.efi
info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
info: success
Shell> reset
Remember that this will modify
deploy/images/qemux86/ovmf.secboot.qcow2, so make a copy and use the
full path of that copy instead of the "ovmf" argument if needed.
The ovmf-shell-image contains an EFI shell, which is what got started
here directly. After enrolling the keys, Secure Boot is active and the
same image cannot be booted anymore, so the BIOS goes through the
normal boot targets (including network boot, which can take a while to
time out), and ends up in the internal EFI shell. Trying to invoke
bootia32.efi (the shell from the image) or EnrollDefaultKeys.efi then
fails:
Shell> bootia32.efi
Command Error Status: Security Violation
The main purpose at the moment is to test that Secure Boot enforcement
really works. If we had a way to sign generated images, that part could
also be tested by booting in a locked down qemu instance.
0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch is
from
https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch?id=b1781931894bf2057464e634beed68b1e3218c9e
with one line changed to fix
https://bugzilla.redhat.com/show_bug.cgi?id=132502:
"EFI_STATUS Status = EFI_SUCCESS;" in EnrollListOfX509Certs() lacked
the initializer.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
When enabled via PACCKAGECONFIG = "secureboot" (off by default because
of the extra work and license change), the recipe compiles OVMF twice,
once without Secure Boot, once with. This is the same approach as in
https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec
The results are "ovmf.qcow2" and "ovmf.secboot.qcow2" in the
image deploy directory, so
runqemu <machine> <image> ovmf.secboot
will boot with Secure Boot enabled.
ovmf.secboot.code.qcow2 is provided for those who want separate code
and variable flash drives. The normal ovmf.vars.qcow2 can be used with
it.
In contrast to Fedora, no attempt is made to strip potentially patent
encumbered algorithms out of the OpenSSL archive. OVMF does not use
the ones considered problematic for Fedora, so this shouldn't be a
problem.
Fixes: luv-yocto/#38
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
The Fedora srpm [1] seems to have no problems with parallel
compilation, so let's also use that for the target. The native
tools however indeed have dependency problems:
| test_Ecc_CParser (CheckPythonSyntax.Tests) ... gcc -o ../bin/EfiRom -L/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -L/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-rpath-link,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath-link,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-rpath,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-O1 EfiRom.o -L../libs -lCommon
| /usr/bin/ld: cannot find -lCommon
| collect2: error: ld returned 1 exit status
ERROR: Task (virtual:native:.../meta/recipes-core/ovmf/ovmf_git.bb:do_compile) failed with exit code '1'
[1] https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
When used with '-drive if=pflash', qemu will store UEFI variables
inside the firmware image file. That is unexpected for a file located in
the sysroot, which should be read-only, while it is normal for image
files in the deploy/images directory. Therefore that directory is a
better place for use with runqemu.
The name was chose so that "runqemu ovmf" can be used as shorthand for
"runqemu <full path>/ovmf.qcow2" by treating "ovmf" as the base name
of the firmware file. "ovmf.secboot.qcow2" is meant to be used for the
Secure Boot enabled firmware.
qcow2 is used because it is needed for "savevm" snapshots of a virtual
machine.
With code and variables stored in the same ovmf.qcow2 it is not
possible to update the firmware code without also overwriting the
variables. For users who care about persistent variables, the code and
variables are also provided as separate files, in ovmf.code.qcow2 and
ovmf.vars.qcow2.
The traditional usage of OVMF via the qemu bios parameter ("biosdir"
and/or "biosfilename" in runqemu) is no longer recommended, and
therefore this recipe no longer provides the bios.bin file. Instead,
OVMF is meant to be used as flash drive in qemu. See the "runqemu:
support UEFI with OVMF firmware" patch for details on how to use OVMF
that way.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Fixes a build issue when nasm was not build already because of
something else.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
This is an unmodified copy of
github.com/01org/luv-yocto/meta-luv/recipes-core/ovmf revision
4be4329.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Add a patch to fix the CC/CFLAGS mangling that broke builds. [RB]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
configure.ac from dbus uses $PATH to get the location of systemctl.
If it is not found /usr/bin/systemctl is used. It is possible to
override the location by passing SYSTEMCTL=[value] to configure.
The value is used to replace @SYSTEMCTL@ in systemd-user/dbus.socket.in.
dbus.socket sets the environment variable DBUS_SESSION_BUS_ADDRESS
using systemctl.
dbus does not depend on systemd-systemctl-native, so location from
host installation or the default value gets used. Adding
systemd-systemctl to the build would give path from sysroot.
Forcing SYSTEMCTL=${base_bindir}/systemctl for target gives the
correct path there and the environment variable is set after a user
session was opened.
[YOCTO #11002]
Signed-off-by: Andy Kling <andreas.kling@peiker-cee.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed when compile with "-Wformat -Wformat-security -Werror=format-security":
| gettext-tools/gnulib-lib/libcroco/cr-statement.c: In function 'cr_statement_dump_charset':
| gettext-tools/gnulib-lib/libcroco/cr-statement.c:2661:17: error: format not a string literal and no format arguments [-Werror=format-security]
| fprintf (a_fp, str) ;
And:
gettext-tools/gnulib-lib/libxml/timsort.h:326:80: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'unsigned int' [-Wformat=]
fprintf(stderr, "Error allocating temporary storage for tim sort: need %lu bytes", sizeof(SORT_TYPE) * new_size);
[YOCTO #9544]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
