| Age | Commit message (Collapse) | Author | Files |
|---|
|
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Instead of sourcing /etc/profile to get $PATH including /usr/sbin, just assign
to PATH in the ssh invocation.
The remote /etc/profile may not actually be manipulating PATH as we expect, and
there may be other commands which can interfere with the tests (such as resize
emitting a series of control characters on connection).
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Instead of duplicating the same code over and over, split it out to a separate
function.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use bb.utils.edit_metadata() to replace some of the logic in this
function; this avoids us effectively having two implementations of the
same thing. In the process fix the following issues:
* Insert values before any leading comments for the next variable
instead of after them
* Insert overridden variables (e.g. RDEPENDS_${PN}) in the correct place
* Properly handle replacing varflag settings (e.g. SRC_URI[md5sum])
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Ensure that the user specifies just the name portion instead of a file
name with extension. (We can't just look for . since there are recipe
names such as "glib-2.0" that legitimately contain .).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For subcommands that don't actually involve the workspace, don't
auto-create the workspace.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For patches that we have to extract the header information by hand (i.e.
will not apply with "git am"), make the following improvements:
* If we can't extract author/date/subject, then try to do so from the
commit that added the patch in git (assuming the metadata is tracked
by git)
* Take only first Signed-off-by line instead of last
* Accept any case for "Signed-off-by" in case author has typed it by
hand
* Improve conditional - we can skip the other cases if one matches
Implements [YOCTO #7624].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If multiple images are being built simultaneously against the same
sysroot then the call to os.makedirs in Image._write_wic_env can fail
with:
File: '.../meta/lib/oe/image.py', lineno: 341, function: _write_wic_env
0337: """
0338: stdir = self.d.getVar('STAGING_DIR_TARGET', True)
0339: outdir = os.path.join(stdir, 'imgdata')
0340: if not os.path.exists(outdir):
*** 0341: os.makedirs(outdir)
0342: basename = self.d.getVar('IMAGE_BASENAME', True)
0343: with open(os.path.join(outdir, basename) + '.env', 'w') as envf:
0344: for var in self.d.getVar('WICVARS', True).split():
0345: value = self.d.getVar(var, True)
File: '/usr/lib/python2.7/os.py', lineno: 157, function: makedirs
0153: if e.errno != errno.EEXIST:
0154: raise
0155: if tail == curdir: # xxx/newdir/. exists if xxx/newdir exists
0156: return
*** 0157: mkdir(name, mode)
0158:
0159:def removedirs(name):
0160: """removedirs(path)
0161:
Exception: OSError: [Errno 17] File exists: '.../tmp-glibc/sysroots/cheetah/imgdata'
Using bb.utils.mkdirhier() protects against this.
There's also little point in checking to see if the directory already
exists - we might as well just try and create it regardless.
Once the directory has been created, there's no race on the actual file
since the filename contains IMAGE_BASENAME.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
the default
* without this the do_rootfs task doesn't respect OPKGLIBDIR and
info, status are created in different directory than opkg on
target expects
* people who modify OPKGLIBDIR need to make sure that opkg.conf included
in opkg package also sets info_dir and status_file options
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Creating a file for every image containing a few variables isn't
necessary if wic is not being used, so don't write the file if WICVARS
is empty.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Dariusz Pelowski <dariusz.pelowski@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixes [YOCTO #8698] -- https://bugzilla.yoctoproject.org/show_bug.cgi?id=8698
If prior to running the toolchain installation script a toolchain
environment script is sourced then the toolchain installation will
fail. This because the environment is now set for the sourced toolchain
and doesn't suit the installation. In particular PATH points to the
toolchain executables.
The fix makes the script recursively call itself a second time with a
clean environment.
Tested by sourcing a previous successfully installed environment, erasing the
previous installation directory and then reinstalling in the same directory.
Signed-off-by: George Nita <george.nita@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If you put an $ character in the path, SDK installation fails during the
preparation stage, so add this to the disallowed characters.
Fixes [YOCTO #8625].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In the case where many environment-setup-* files exist, the incorrect
filename might be lastly set in env_setup_script, which leads to
incorrect behaviour for the initialization of native_sysroot.
The scenario I had was that our custom meta-toolchain-*.bb, which
inherits populate_sdk, defined another environment-setup-* file to dump
variable information for qt-creator. The file is named like so in order
for the sdk shell script to pick it up and fix the SDK paths in the
file. Since it (coincidentally) alphabetically comes after ...-core2, it
was last set in env_setup_script and the grep OECORE_NATIVE_SYSROOT
would simply be blank. The apparent symptom was "...relocate_sdk.py:
Argument list too long" since the find command would not be searching in
the right path.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Now that qemurunner doesn't need DISPLAY set, let whether DISPLAY is set be up
to the user.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Not everyone wants to run the tests with a qemu that has a graphical output, so
allow display to be None and pass nographic to runqemu in that case.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Now that the SRC_URI is parsed this can be done without false-positives.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
To avoid false positives such as a SRC_URI for http://foo.xz/foo.zip gaining a
dependnecy on xz-native decode the URI so that precise tests can be done.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The idea behind the implementation of Yocto #8138 was that an
additional class can write additional files in the recipe directories,
for example by hooking into the functions of buildhistory.bbclass or
by implementing its own SSTATEPOSTINSTFUNCS function.
However, when these additional files get created before
buildhistory_emit_pkghistory(), they get removed again by that
function because it contains code which removes everything it does
not know about. The reason for that is that these unknown items
are probably obsolete.
This logic is the reason why the additional "kconfig" file from
buildhistory-extra.bbclass never showed up in the final build history.
To fix this, the hard-coded list of known files in
buildhistory_emit_pkghistory() must be turned into a variable which
derived classes can extend.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This change adds the license_deployed_manifest function
that will create the manifest for the packages deployed
next to the image but not installed in rootfs. Some
examples of these recipes would be the bootloaders, or
the kernel.
This new function was added to ROOTFS_POSTPROCESS_COMMAND
so it will run after every rootfs task.
This change also modify the write_license_files because
the image manifest is different from the root manifest.
[YOCTO #6772]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This function will get the files that were deployed using
the sstate-control manifest file. This will give a better
view of what was deployed next to the image.
[YOCTO #6772]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
|
|
This change introduce a new function to get the dependencies
that were deployed. It uses BB_TASKDEPDATAto get all the
dependencies of the current task, so it is possible to get
different packages depending at what point this function is
called.
[YOCTO #6772]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
|
|
This function gets the dependencies from the classes that
create a boot image, this is required because sometimes
the bootloader dependecy is in these classes. The current
classes covered are bootimg and bootdirectdisk because
these are the only clases that add dependencies.
[YOCTO #6772]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
|
|
This changes moves the writing of the licenses to a
separated function that could be called for other packages.
With these change it will be easier to reuse the writing of
the license for the packages deployed but not installed in
the rootfs.
[YOCTO #6772]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
|
|
Currently there is no way to get the recipe version when
creating the rootfs. It is needed because the manifest
file for the image has to contain this important piece
of information.
This change writes a new file in the license folder for
every recipe. This file is called "recipeinfo" and have
the information used to write the manifest file for the
recipes deployed next to the image.
[YOCTO #6772]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
|
|
We want to support different names for the buildtools tarball. The
name may not always be of the default oe-core format.
For instance, at Wind River we define the built-tools name to be:
${SDK_ARCH}-buildtools-nativesdk-standalone-${DISTRO_VERSION}
because thes standard SDK_NAME has additional information that is not
relevant to the builtools tarball.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add optional check to do_populate_sdk() that verifies SDK sysroots don't
contain dangling or escaping symlinks before attempting to tar an archive.
Such links may fail a `tar -h` operation (-h => follow symlinks) or
archive the build system's files.
Set CHECK_SDK_SYSROOTS = "1" to enable this check.
Use case: The -h option may be set via SDKTAROPTS in some configurations
to create symlink-less SDK archives for Windows file systems.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The extensible SDK relies upon uninative, and with the way that
uninative works, the build system architecture must be the same as the
SDK architecture or the extensible SDK won't be usable. At some point in
future hopefully we can remove this limitation, but until then it's
disingenuous to allow this to build, so add a check to ensure
SDK_ARCH == BUILD_ARCH and fail if it isn't.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If you have a local workspace layer enabled when building the
extensible SDK, we explicitly exclude that from the SDK (mostly because
the SDK has its own for the user to use). Adjust the message we print
notifying the user of this so it's clear that we're excluding it from
the SDK, and scale it back from a warning to a note printed with
bb.plain().
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When SDK preparation fails:
* Insert an ERROR: in front of the error message
* Add an error message to the environment setup script
Hopefully this should make it more obvious when this happens.
Fixes [YOCTO #8658].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use a variable for the log file which includes the full path; this is
not only neater but avoids us writing the first part (the output of
oe-init-build-env) to a file in another directory since we are
changing directory as part of this subshell.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed when rebuild:
mkdosfs: file /path/to/hdd.image already exists
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Maintaining an sstate mirror is complicated at the moment as only the main
sstate tgz files have their timestamp updated when they're used.
This causes problems as the siginfo files can be removed from the server
due to inactivity but the sstate fetch code tries to fetch them leading
to confusing warnings and reduced debug capability.
This change ensures we touch any sig/siginfo files present and should
help ageing of the objects on sstate mirrors. It doesn't handle the intermediate
task siginfo files but those are never fetched by the current sstate code
so are an order of magnitude less problematic.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Statically link local libs to avoid gold link issue. This is clearly
a workaround, but does get us past the failures with systems using gold by
default until we find a better solution.
[YOCTO #2972]
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This recipe doesn't inherit systemd, so we need to take care of it ourselves.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When the client is enabled, which we do by default, readline is required.
Currently it gets pulled in by other dependencies of connman, indirectly,
but we should be explicit rather than relying on this.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Patch update courtesy Abdur Rehman <abdur_rehman@mentor.com>.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This silences a GNU_HASH warning when using external toolchains. The patch is
courtesy Abdur Rehman <abdur_rehman@mentor.com>.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This quiets a GNU_HASH warning.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is from Shrikant Bobade <Shrikant_Bobade@mentor.com>.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This makes the gtk dependencies optional.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
4.8.14 -> 4.8.15
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Recent pango upgrade means there is no pango-modules.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
