| Age | Commit message (Collapse) | Author | Files |
|---|
|
After 02457ef7f600ce954874e2d11e74b1c6daaa3bfc, PSEUDO for
postinst-useradd-* scripts get to use only one PSEUDO_LOCALSTATEDIR
which is set under recipes ${WORKDIR}.
When the those scripts are run in a clean build environment that
is built from the sstate (populate_sysroot_setscene run for
postinst-useradd-* providers), pseudo fails to run because it cannot
access the PSEUDO_LOCALSTATEDIR (recipe ${WORKDIR}s do not exist).
This triggers a sysroot staging error.
Previously, the PSEUDO_LOCALSTATEDIR setting in useradd.bbclass
worked because the RSS sstate/staging logic automagically processed
${STAGING_DIR_TARGET} in postinst-useradd-* scripts to point under
the sysroot being built.
The fix uses the same fixme processing by adding PSEUDO_LOCALSTATEDIR
variable to it. Furthermore, LOGFIFO is added to be able to use
the logging fifo of the recipe that actually runs postinst-useradd-*.
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch is uclibc specific and reference to it was removed from the
systemd recipe in:
http://git.openembedded.org/openembedded-core/commit/?id=653704e9cf325cb494eb23facca19e9f05132ffd
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This patch is clearly uclibc specific and appears to have been
inadvertently left behind during the recent purging of uclibc
specific patches from oe-core:
http://git.openembedded.org/openembedded-core/commit/?id=e01e7c543a559c8926d72159b5cd55db0c661434
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This backport fixes from upcoming 2.9.4 release. Those are:
- Fix: vmalloc wrapper on kernel < 2.6.38
- Fix: vmalloc wrapper on kernel >= 4.12
- Add kmalloc failover to vmalloc
- Fix: mmap: caches aliased on virtual addresses
- Fix: update ext4 instrumentation for kernel 4.13
- Fix: Sleeping function called from invalid context
- Fix: sched for v4.11.5-rt1
- Fix: handle missing ftrace header on v4.12
This fix failures in some BSP layers which are using Linux 4.13
already.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
With RSS we need to ensure that when making a bmap image that the
python3 that we created is found via /usr/bin/env rather than the host
python3. Otherwise we're relying on the build host to have bmaptool
support installed.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When faced with multiple sets of licenses combined with | (OR), it was
possible for oe.license.is_included() to choose a set of licenses with
a blacklisted license and then report failure, even if choosing
another set of licenses would have resulted in a successful
result. This happened when the chosen set still contained more
whitelisted licenses than the other set.
This change makes sure a set with any blacklisted license is always
considered with a lower weight than a set with only whitelisted
licenses.
Example: Faced with the license string "GPL-3.0 & GPL-2.0 & LGPL-2.1 |
Proprietary" and with "GPL-3.0" being blacklisted, the old code would
report a failure since "GPL-3.0 & GPL-2.0 & LGPL-2.1" still contains
more whitelisted licenses than "Proprietary" does.
This change also adds a unit test for oe.license.is_included().
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The RDEPENDs will not be satisfied for certain architectures,
so skip the recipe in those cases.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When building for a target whose architecture matches
the build host's, the second pass through make.bash
to build the shareable runtime would also overwrite
the target's static cgo library with host-compatibile
binaries.
Fix this by running the host-side build once and
target-only passes of make.bash twice, for static
and shareable. This ensures that what gets installed
is target-compatible.
Also fix an issue with x86-64 targets running MUSL by
removing the pre-built (for glibc) objects for the
race detector runtime before building.
[YOCTO #12136]
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove the TUNE_FEATURES references from go_map_arch,
to avoid an unwanted variable dependency. Direct
comparisons of the architecture name are sufficient
for covering what Go currently supports, and using
TUNE_CCARGS_remove adequately handles the conflict
with the cgo-supplied flags for mips.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The following commit:
[
commit 578c8205fd14c48c6d30ef2889d86f1b4aee060a
Author: Mikko Rapeli <mikko.rapeli@bmw.de>
Date: Thu Jun 22 16:23:14 2017 +0300
meta: Fix return value checks from subprocess.call()'s
Python function subprocess.call() returns the return value of the
executed process. If return values are not checked, errors may
go unnoticed and bad things can happen.
Change all callers of subprocess.call() which do not check for
the return value to use subprocess.check_call() which raises
CalledProcessError if the subprocess returns with non-zero value.
https://docs.python.org/2/library/subprocess.html#using-the-subprocess-module
All users of the function were found with:
$ git grep "subprocess\.call" | \
egrep -v 'if.*subprocess\.call|=\
+subprocess\.call|return.*subprocess\.call'
Tested similar patch on top of yocto jethro. Only compile tested
core-image-minimal on poky master branch.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
]
Added return code checking to do_diffconfig. Although the change is
well intentioned, it isn't correct in this instance since 'diff' returns
'1' to indicate that there are differences in the files .. and not as
an error code.
subprocess.check_call() flags this as an error and the routine aborts.
We are already checking the inputs, and in fact already know there's a
diff in the files before we even make the call, so there's no need to
look for an error in this case.
Putting back subprocess.call() restores the routine to working order.
[YOCTO #12132]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Generating the host keys atomically prevents power interruptions during the
first boot from leaving the key files incomplete, which often prevents users
from being able to ssh into the device.
[YOCTO #11671]
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
read_header in archive_read_support_format_rar.c suffers from an
off-by-one error for UTF-16 names in RAR archives, leading to an
out-of-bounds read in archive_read_format_rar_read_header.
Backport the patch from
https://github.com/libarchive/libarchive/commit
commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6
CVE: CVE-2017-14502
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andy Kling <andreas.kling@peiker-cee.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
To be able to better debug remove() behaviour, add more logging
to rpm calls via bb.note(). The change also makes remove() logging
more consistent with other package managers' remove() (e.g., opkg).
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
With "read-only-rootfs" in IMAGE_FEATURES, packages in ROOTFS_RO_UNNEEDED
are removed when building the rootfs. The list of packages to remove is
passed to the package manager and the list is sorted so that
update-alternatives provider is the last entry. This is with the
assumption that the last entry on the list/command line is removed last.
However, it turns out rpm does not care about "last on the command
line" and update-alternatives provider is removed before other the
packages get to run their %preun scripts for update-alternatives.
This leaves broken alternative symlinks in rootfs.
The fix is to first remove all but update-alternatives provider and
after that update-alternatives provider in its own remove() call.
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Tomas Novotny <tomas@novotny.cz>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patches to fix the following CVEs.
CVE-2017-14054
CVE-2017-14055
CVE-2017-14056
CVE-2017-14057
CVE-2017-14058
CVE-2017-14059
CVE-2017-14169
CVE-2017-14170
CVE-2017-14171
CVE-2017-14222
CVE-2017-14223
CVE-2017-14225
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Commit glib-2.0: recommend shared-mime-info
(51e4f9ca5368af5cefa26f4ca50b282e858982f8) broke compilation when cross
compiling for Windows. This patch removes the recommendation for
shared-mime-info when using MinGW cross compile.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Cc: Ross Burton <ross.burton@intel.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When a device is opened for RW closing it can trigger other actions,
like udev scanning it for partition changes. Use read only for the
init_* methods and RW for actual changes to the device.
This adds _device_open which takes mode flags as an argument and turns
linux_open into a wrapper for it with RW_MODE.
_device_open_ro is added to open the device with RD_MODE and increment
the open_counter. This is used in the init_* functions.
_device_close is a wrapper around linux_close that decrements the
open_counter and is used in the init_* functions.
All of these changes are self-contained with no external API changes.
The only visible change in behavior is that when a new PedDevice is
created the device is opened in RO_MODE instead of RW_MODE.
Resolves: rhbz#1245144
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=1283112
Upstream patch:
http://git.savannah.gnu.org/cgit/parted.git/commit/?id=44d5ae0115c4ecfe3158748309e9912c5aede92d
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If SERIAL_CONSOLES is set to empty for some reason, we would have rootfs
failure like below.
- nothing provides systemd-serialgetty needed by systemd-1:234-r0.core2_64
This is because systemd-serialgetty package is not generated when
SERIAL_CONSOLES is empty.
Set ALLOW_EMPTY to "1" for this recipe to allow for generation of empty
systemd-serialgetty package to avoid the above error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since systemd-boot is a bootloader, it needs to be built for
the native IA instruction set size and x32 is not valid.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently systemd-boot actually incorporates libgcc, since the
systemd-boot needs to be built with 64bit instructions it can not
use the x32 based libgcc.
Use the new override to ensure it gets overriden, linux-gnux32 could
not be used because x86-64 has higher priority.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is needed as an x32 more generic x32 override later in the
OVERRIDES, currently linux-gnux32 is the first override, but we
need a stronger (later in the list) x32 override to deal with some
needed x32 dependency overrides.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With default --without-nghttp2 flag set there was no way to get
http2 protocol support using nghttp2 library. Instead moved it to
PACKAGECONFIG options
Signed-off-by: baali <shantanu@senic.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gpg directory
The high-level method tempfile.TemporaryDirectory give us no way to ignore erros on
removal thus use tempfile.mkdtemp instead. Ignoring possible issues on removal
is neccesary because it contains gpg sockets that are automatically removed by
the system once the process terminates, otherwise the following log is observed:
File "/usr/lib/python3.5/shutil.py", line 436, in _rmtree_safe_fd
os.unlink(name, dir_fd=topfd)
FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.browser'
This is the same fix as 7e3a7cd2426feac757def81850dc44156cd0f33e, but this applies
to runtime (instead of signing).
[YOCTO #11821]
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel
so (unfortunately) the signing must be done serially. Once the upstream problem is fixed,
this patch must be reverted, otherwise we loose all the intrinsic parallelism from
bitbake.
[YOCTO #12022]
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This image is very large and is skirting the maximum size of hddimg images (4GB,
as they're embedded inside FAT partitions). Making the image 10MB bigger can be
enough to cause the build to fail. This image is also used by QA so currently
we need to keep it working.
The default values for expanding an image to give it usable space are quite
generous, (3GB rootfs * 1.3 gives 1GB of empty space), so change the overhead
multiplier to 1.0x and explicitly request just 0.5GB of empty space in the
images.
This should give us a bit more breathing room until we can either remove hddimg
from the default build, or make this image dramatically smaller.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport the fix from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;
a=commit;h=bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Search made with the following regex: getVar ?\((.*), True\).
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The file belongs to systemd-container package , not to systemd package.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Now that mips and security flags fixes are in place
in the bbclasses, remove the local settings in this
recipe.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the security_flags.inc file is included, gcc
will do PIE builds by default. These flags need
to be disabled for go packages that use cgo.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Fix the regular expression in the mips test
* Flag as incompatible any mips32 tunes for n32 ABI
or soft-float, as go does not support them.
* Replace mips32r2 tune with mips32r1. Go only supports
mips32r1, which is a strict subset of r2. Adjusting
this tune is not ideal, but is hopefully a temporary
measure until more complete mips32 ISA coverage
arrives upstream.
[YOCTO #12108]
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This requires MD5 sum updates for
- LICENSE.QualcommAtheros_ath10k: year change
- WHENCE: various version updates and addition of new firmwares
The new firmware for Qualcom Venus causes a QA error:
QA Issue: linux-firmware: Recipe inherits the allarch class, but has packaged architecture-specific binaries
Since firmware typically do not run on the CPU, the architecture of
the firmware file is independent from the CPU architecture the image
will be running on. Disable the QA check for the linux-firmware
package by default.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There are cases where the 'while loop' waiting for login prompt fails
and the bootlog variable does not get populated, thus use the the new
qemurunner member (self.msg) which stores all output coming from the qemu
process.
[YOCTO #12113]
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't need a dependency on this variable changing, and having one
causes locked signature warnings during eSDK installation if you have
INITRAMFS_IMAGE_* set (since TOPDIR will always be different between
the eSDK and the environment in which it was built).
Relates to [YOCTO #12102].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adding distcc to an image, and having staticids enabled,
doesn't work as it causes a a superfluous 'distcc' group
being added using a conflicting GID, thus failing the
build:
| ERROR: distcc-3.2-r0 do_prepare_recipe_sysroot: distcc: groupadd command did not succeed.
Compared to other recipes, the distcc recipe only
specifies --gid for the primary group, and doesn't specify
--no-user-group, but when --gid is given, it doesn't make
sense to create a matching username-group in addition,
even if --no-user-group was not specified, and 'useradd'
actually complains if --gid and --user-group are given
both.
If only --gid is given, the current code in here
effectively behaves as if --user-group was specified,
taking the group-id of the username-group from the
--gid parameter. This causes the error above, as we try
to add a new group (distcc) with an existing group-id
(nogroup).
This is contrary to the comment in this file just above,
contrary to what useradd can do, contrary to behaviour
without the useradd-staticids bbclass, and non-intuitive.
Change the code such that a username-group is only created
- if a primary group using --gid was not specified, or
- if --no-user-group was not specified
To be in line with useradd, if gid is not given, and
--no-user-group is given, we add the user to the group
'users', which mimics useradd's behaviour.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2017-13712 for lame.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The staging changes were very verbose in their logging and whilst this is useful
when staging issues occur, those thankfully seem rare now and we can tune down
the logging to a sane level. This improves the readability of error messages from
functions that fail.
The code is still verbose when its replacing things in the sysroot.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This changes the pseudo FASTOP functionality so that a reply to the
operation is required. This means we then cannot lose data if a connection
is closed. This in turn stops corruption if we run out of file handles
and have to close connections.
This tweaks the connection closure patch to update the comment there which
is now outdated.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The idea came up here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=11309
and here:
http://lists.openembedded.org/pipermail/openembedded-core/2017-August/141491.html
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Alternative solution to original commit
60c90398580998b2379bb438f0f75b29285135a5 ("u-boot: fix extlinux
creation race")
(Untested)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This reverts commit 60c90398580998b2379bb438f0f75b29285135a5.
This causes circular dependencies when UBOOT_SIGN_ENABLE is active.
These are usually caused by circular dependencies and any circular dependency chains found will be printed below. Increase the debug level to see a list of unbuildable tasks.
Identifying dependency loops (this may take a short while)...
ERROR:
Dependency loop #1 found:
Task u-boot.bb:do_concat_dtb (dependent Tasks ['kernel.bb:do_assemble_fitimage'])
Task u-boot.bb:do_install (dependent Tasks ['u-boot.bb:do_concat_dtb', 'pseudo_1.8.2.bb:do_populate_sysroot', 'u-boot.bb:do_compile'])
Task u-boot.bb:do_deploy (dependent Tasks ['u-boot.bb:do_deploy_dtb', 'u-boot.bb:do_install'])
Task .../recipes-kernel/linux/kernel.bb:do_assemble_fitimage (dependent Tasks ['kernel.bb:do_compile', 'u-boot.bb:do_deploy'])
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
