Re: [OE-core][PATCH] kernel: add missing path to search for debug files
ping
On Mon, 2022-01-24 at 08:19 +, Andrej Valek via
lists.openembedded.org wrote:
> Hello Richard,
>
> Fine, that we have it, but are you going to take a look on the patch
> :)
> ?
>
> Regards,
> Andrej
>
> On Fri, 2022-01-21 at 10:18 +0100, Michael Opdenacker wrote:
> >
> > On 1/19/22 5:48 PM, Richard Purdie wrote:
> > > On Wed, 2022-01-19 at 12:57 +0100, Andrej Valek wrote:
> > > > Since explicit debug package creation via
> > > > ${KERNEL_PACKAGE_NAME}-
> > > > dbg has
> > > > been added to kernel, it has to cover all
> > > > PACKAGE_DEBUG_SPLIT_STYLE
> > > > options. For ex. when the variable "debug-file-directory"
> > > > package
> > > > search
> > > > path has to be set explicitly, otherwise it will not find any
> > > > files.
> > > >
> > > > Signed-off-by: Andrej Valek
> > > > ---
> > > > meta/classes/kernel.bbclass | 1 +
> > > > 1 file changed, 1 insertion(+)
> > > >
> > > > diff --git a/meta/classes/kernel.bbclass
> > > > b/meta/classes/kernel.bbclass
> > > > index 473e28be47..9ea201c936 100644
> > > > --- a/meta/classes/kernel.bbclass
> > > > +++ b/meta/classes/kernel.bbclass
> > > > @@ -647,6 +647,7 @@ FILES:${KERNEL_PACKAGE_NAME}-image = ""
> > > > FILES:${KERNEL_PACKAGE_NAME}-dev = "/boot/System.map*
> > > > /boot/Module.symvers* /boot/config* ${KERNEL_SRC_PATH}
> > > > ${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
> > > > FILES:${KERNEL_PACKAGE_NAME}-vmlinux = "/boot/vmlinux-
> > > > ${KERNEL_VERSION_NAME}"
> > > > FILES:${KERNEL_PACKAGE_NAME}-modules = ""
> > > > +FILES:${KERNEL_PACKAGE_NAME}-dbg = "/usr/lib/debug
> > > > /usr/src/debug"
> > > This seems to highlight that we have no tests for
> > > KERNEL_PACKAGE_NAME. At the
> > > very least we need a bugzilla entry for creating some...
> >
> >
> > Done: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14700
> > Cheers
> > Michael
> >
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165534):
https://lists.openembedded.org/g/openembedded-core/message/165534
Mute This Topic: https://lists.openembedded.org/mt/88532225/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] eudev: create static nodes from modules
From: Changqing Li
dev in modules.devname should be populated in /dev on boot.
remove create static mode from udevd will make these devices
cannot be populated. When use sysVinit, devices like /dev/net/tun
will not be created.
more info:
udevd in systemd also remove create static mode in udevd, but using
service kmod-static-nodes.service and
systemd-tmpfiles-setup-dev.service in systemd to create these node, so
systemd works well.
Signed-off-by: Changqing Li
---
...dev-create-static-nodes-from-modules.patch | 115 ++
meta/recipes-core/udev/eudev_3.2.11.bb| 1 +
2 files changed, 116 insertions(+)
create mode 100644
meta/recipes-core/udev/eudev/0001-eudev-create-static-nodes-from-modules.patch
diff --git
a/meta/recipes-core/udev/eudev/0001-eudev-create-static-nodes-from-modules.patch
b/meta/recipes-core/udev/eudev/0001-eudev-create-static-nodes-from-modules.patch
new file mode 100644
index 00..19611f4e89
--- /dev/null
+++
b/meta/recipes-core/udev/eudev/0001-eudev-create-static-nodes-from-modules.patch
@@ -0,0 +1,115 @@
+From 573d6c4106d5b3828da43d2843c1d599ae3cd1cd Mon Sep 17 00:00:00 2001
+From: Changqing Li
+Date: Tue, 10 May 2022 14:04:35 +0800
+Subject: [PATCH] eudev: create static nodes from modules
+
+Revert commit
+https://gitweb.gentoo.org/proj/eudev.git/commit/?id=2b7abd5ec9cc47a8b895df6db77fb1537c6f1a39
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Upstream intentionally remove create static nodes from modules, it is
+expected handled by tmpfiles services, refer [1].
+[1] https://github.com/eudev-project/eudev/issues/229
+
+For yocto, when start with sysVinit, to enable systemd distro feature,
+and install systemd-tmpfiles is not proper, so revert this commit.
+
+Signed-off-by: Li Zhou
+Signed-off-by: Changqing Li
+---
+ src/udev/udevd.c | 71
+ 1 file changed, 71 insertions(+)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index 7ffd174..ff53fe4 100644
+--- a/src/udev/udevd.c
b/src/udev/udevd.c
+@@ -993,6 +993,76 @@ static void handle_signal(struct udev *udev, int signo) {
+ }
+ }
+
++static void static_dev_create_from_modules(struct udev *udev) {
++struct utsname kernel;
++char modules[UTIL_PATH_SIZE];
++char buf[4096];
++FILE *f;
++
++if (uname() < 0) {
++log_error("uname failed: %m");
++return;
++}
++
++strscpyl(modules, sizeof(modules), ROOTPREFIX "/lib/modules/",
kernel.release, "/modules.devname", NULL);
++f = fopen(modules, "re");
++if (f == NULL)
++return;
++
++while (fgets(buf, sizeof(buf), f) != NULL) {
++char *s;
++const char *modname;
++const char *devname;
++const char *devno;
++int maj, min;
++char type;
++mode_t mode;
++char filename[UTIL_PATH_SIZE];
++
++if (buf[0] == '#')
++continue;
++
++modname = buf;
++s = strchr(modname, ' ');
++if (s == NULL)
++continue;
++s[0] = '\0';
++
++devname = [1];
++s = strchr(devname, ' ');
++if (s == NULL)
++continue;
++s[0] = '\0';
++
++devno = [1];
++s = strchr(devno, ' ');
++if (s == NULL)
++s = strchr(devno, '\n');
++if (s != NULL)
++s[0] = '\0';
++if (sscanf(devno, "%c%u:%u", , , ) != 3)
++continue;
++
++mode = 0600;
++if (type == 'c')
++mode |= S_IFCHR;
++else if (type == 'b')
++mode |= S_IFBLK;
++else
++continue;
++
++strscpyl(filename, sizeof(filename), "/dev/", devname, NULL);
++mkdir_parents_label(filename, 0755);
++mac_selinux_create_file_prepare(filename, mode);
++log_debug("mknod '%s' %c%u:%u", filename, type, maj, min);
++if (mknod(filename, mode, makedev(maj, min)) < 0 && errno ==
EEXIST)
++utimensat(AT_FDCWD, filename, NULL, 0);
++mac_selinux_create_file_clear();
++}
++
++fclose(f);
++}
++
+ /*
+ * read the kernel command line, in case we need to get into debug mode
+ * udev.log-priority= syslog priority
+@@ -1199,6 +1269,7 @@ int main(int argc, char *argv[]) {
+ }
+
+ dev_setup(NULL, UID_INVALID, GID_INVALID);
++static_dev_create_from_modules(udev);
+
+ /* before opening new files, make sure std{in,out,err} fds are in a
sane state */
+ if (arg_daemonize) {
+--
Re: [hardknott][oe-core][PATCH 1/1] util-linux: fix two CVEs
On 2022-05-11 18:05, Joe Slater wrote:
Advance to 2.38 to fix CVE-2021-3995 and CVE-2021-3996
by pulling that recipe from master. The first version
on master to fix these was 2.37.4.
Signed-off-by: Joe Slater
---
...d_2.36.2.bb => util-linux-libuuid_2.38.bb} | 2 +-
meta/recipes-core/util-linux/util-linux.inc | 18 ++-
...-tags-add-use-system-commands-option.patch | 35 -
...RA_LTLIBRARIES-instead-of-noinst_LTL.patch | 49 ---
.../util-linux/CVE-2021-37600.patch | 38 -
.../util-linux/avoid_parallel_tests.patch | 27 ++--
.../util-linux/util-linux/ptest.patch | 15 +-
.../util-linux/util-linux/run-ptest | 24 +---
...til-linux_2.36.2.bb => util-linux_2.38.bb} | 130 --
9 files changed, 98 insertions(+), 240 deletions(-)
rename meta/recipes-core/util-linux/{util-linux-libuuid_2.36.2.bb =>
util-linux-libuuid_2.38.bb} (95%)
delete mode 100644
meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
delete mode 100644
meta/recipes-core/util-linux/util-linux/Automake-use-EXTRA_LTLIBRARIES-instead-of-noinst_LTL.patch
delete mode 100644
meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
rename meta/recipes-core/util-linux/{util-linux_2.36.2.bb =>
util-linux_2.38.bb} (77%)
...
Joe,
Hardknott is EOL so we'll do this in WR Linux only.
https://wiki.yoctoproject.org/wiki/Releases
--
# Randy MacLeod
# Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165532):
https://lists.openembedded.org/g/openembedded-core/message/165532
Mute This Topic: https://lists.openembedded.org/mt/91046551/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
Hi, Alex
> > So, I'll send a v3 patch in this way, is it ok?
>
> Yes please.
OK, I'll submit a V3 patch later.
The real problem here is that gnutls upstream didn't consider how fips
> build is supposed to work in cross-compilation, so you should also file a
> ticket
> with them and hopefully discuss how the problem can be properly solved.
>
> There are two options:
> - do what your patch does and use the needed binary from the host system,
> subject to ./configure flag.
> - build the needed binary twice, first for the host (using BUILD_CC), then
> for the
> cross-target.
Thanks for your comment and I'll submit a question to gnutls upstream.
Best regards
Lei
> -Original Message-
> From: Alexander Kanavin
> Sent: Wednesday, May 11, 2022 7:09 PM
> To: Lei, Maohui
> Cc: OE-core
> Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
>
> On Wed, 11 May 2022 at 10:15, leimao...@fujitsu.com
> wrote:
> > I got it. It seems an unusual method because there is no recipe using this
> > way
> in .
> > In this way, it means that if user want to enable fips, the following
> PACKAGECONFIG should be added in recipe.
> >
> > PACKAGECONFIG:append:class-target = fips
> > PACKAGECONFIG:append:class-nativesdk = fips
> > PACKAGECONFIG:append:class-target = fips-native
>
> Yes, this should be fine. You can add a comment in the recipe explaining how
> to
> do it.
>
> > So, I'll send a v3 patch in this way, is it ok?
>
> Yes please. The real problem here is that gnutls upstream didn't consider how
> fips
> build is supposed to work in cross-compilation, so you should also file a
> ticket
> with them and hopefully discuss how the problem can be properly solved.
>
> There are two options:
> - do what your patch does and use the needed binary from the host system,
> subject to ./configure flag.
> - build the needed binary twice, first for the host (using BUILD_CC), then
> for the
> cross-target.
>
> Alex
>
>
> >
> > > -Original Message-
> > > From: Alexander Kanavin
> > > Sent: Wednesday, May 11, 2022 1:40 PM
> > > To: Lei, Maohui
> > > Cc: OE-core
> > > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
> > >
> > > On Tue, 10 May 2022 at 02:54, leimao...@fujitsu.com
> > >
> > > wrote:
> > > > I'm afraid I'm not quite with you. Searched poky by the following
> > > > command and
> > > there is no example about how to config PACKAGECONFIG[xxx] for
> > > target or native separately.
> > > > The result is all about how to config PACKAGECONFIG for target or
> > > > native.
> > > >
> > > > $ grep -ir PACKAGECONFIG *|grep class-native
> > > > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-nat
> > > > ive ??=
> > > ""
> > > > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = ""
> > > > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native
> > > > ?= "fts4
> > > fts5 rtree dyn_ext"
> > > > ..
> > > >
> > > >
> > > > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips].
> > > > For
> > > example, in libcap_2.64.bb file:
> > > > $ cat meta/recipes-support/libcap/libcap_2.64.bb
> > > > ..
> > > > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES',
> > > > 'seccomp', d)} " //not here ..
> > > > PACKAGECONFIG[fips] = "--enable-fips140-mode
> > > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode"
> //Your
> > > comment means modify here
> > > > ...
> > > >
> > > > Did I misunderstand?
> > >
> > > Sorry, it's always a bit confusing with PACKAGECONFIG, as the
> > > keyword is used for two different purposes.
> > >
> > > What I meant is something like this:
> > >
> > > PACKAGECONFIG ??= "fips"
> > > PACKAGECONFIG:class-native ??= "fips-native"
> > >
> > > Alex
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165531):
https://lists.openembedded.org/g/openembedded-core/message/165531
Mute This Topic: https://lists.openembedded.org/mt/90926966/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[hardknott][oe-core][PATCH 1/1] util-linux: fix two CVEs
Advance to 2.38 to fix CVE-2021-3995 and CVE-2021-3996
by pulling that recipe from master. The first version
on master to fix these was 2.37.4.
Signed-off-by: Joe Slater
---
...d_2.36.2.bb => util-linux-libuuid_2.38.bb} | 2 +-
meta/recipes-core/util-linux/util-linux.inc | 18 ++-
...-tags-add-use-system-commands-option.patch | 35 -
...RA_LTLIBRARIES-instead-of-noinst_LTL.patch | 49 ---
.../util-linux/CVE-2021-37600.patch | 38 -
.../util-linux/avoid_parallel_tests.patch | 27 ++--
.../util-linux/util-linux/ptest.patch | 15 +-
.../util-linux/util-linux/run-ptest | 24 +---
...til-linux_2.36.2.bb => util-linux_2.38.bb} | 130 --
9 files changed, 98 insertions(+), 240 deletions(-)
rename meta/recipes-core/util-linux/{util-linux-libuuid_2.36.2.bb =>
util-linux-libuuid_2.38.bb} (95%)
delete mode 100644
meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
delete mode 100644
meta/recipes-core/util-linux/util-linux/Automake-use-EXTRA_LTLIBRARIES-instead-of-noinst_LTL.patch
delete mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
rename meta/recipes-core/util-linux/{util-linux_2.36.2.bb =>
util-linux_2.38.bb} (77%)
diff --git a/meta/recipes-core/util-linux/util-linux-libuuid_2.36.2.bb
b/meta/recipes-core/util-linux/util-linux-libuuid_2.38.bb
similarity index 95%
rename from meta/recipes-core/util-linux/util-linux-libuuid_2.36.2.bb
rename to meta/recipes-core/util-linux/util-linux-libuuid_2.38.bb
index 9612c491cd..5d759aed94 100644
--- a/meta/recipes-core/util-linux/util-linux-libuuid_2.36.2.bb
+++ b/meta/recipes-core/util-linux/util-linux-libuuid_2.38.bb
@@ -9,7 +9,7 @@ S = "${WORKDIR}/util-linux-${PV}"
EXTRA_OECONF += "--disable-all-programs --enable-libuuid"
LICENSE = "BSD-3-Clause"
-do_install_append() {
+do_install:append() {
rm -rf ${D}${datadir} ${D}${bindir} ${D}${base_bindir} ${D}${sbindir}
${D}${base_sbindir} ${D}${exec_prefix}/sbin
}
diff --git a/meta/recipes-core/util-linux/util-linux.inc
b/meta/recipes-core/util-linux/util-linux.inc
index 00b8777b8b..c9bddfb7a6 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -6,11 +6,11 @@ disk partitioning, kernel message management, filesystem
creation, and system lo
SECTION = "base"
-LICENSE = "GPLv2+ & LGPLv2.1+ & BSD-3-Clause & BSD-4-Clause"
-LICENSE_${PN}-libblkid = "LGPLv2.1+"
-LICENSE_${PN}-libfdisk = "LGPLv2.1+"
-LICENSE_${PN}-libmount = "LGPLv2.1+"
-LICENSE_${PN}-libsmartcols = "LGPLv2.1+"
+LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & BSD-3-Clause & BSD-4-Clause"
+LICENSE:${PN}-libblkid = "LGPL-2.1-or-later"
+LICENSE:${PN}-libfdisk = "LGPL-2.1-or-later"
+LICENSE:${PN}-libmount = "LGPL-2.1-or-later"
+LICENSE:${PN}-libsmartcols = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM =
"file://README.licensing;md5=0fd5c050c6187d2bf0a4492b7f4e33da \
file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
@@ -25,7 +25,7 @@ LIC_FILES_CHKSUM =
"file://README.licensing;md5=0fd5c050c6187d2bf0a4492b7f4e33da
file://libsmartcols/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \
"
-FILESEXTRAPATHS_prepend := "${THISDIR}/util-linux:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/util-linux:"
MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-linux-${PV}.tar.xz
\
file://configure-sbindir.patch \
@@ -35,8 +35,6 @@ SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://run-ptest \
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
- file://Automake-use-EXTRA_LTLIBRARIES-instead-of-noinst_LTL.patch \
- file://CVE-2021-37600.patch \
- file://0001-tabfiles-tags-add-use-system-commands-option.patch \
"
-SRC_URI[sha256sum] =
"f7516ba9d8689343594356f0e5e1a5f0da34adfbc89023437735872bb5024c5f"
+
+SRC_URI[sha256sum] =
"6d111cbe4d55b336db2f1fbeffbc65b89908704c01136371d32aa9bec373eb64"
diff --git
a/meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
b/meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
deleted file mode 100644
index 9f5a3c2d02..00
---
a/meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From be3ecff8b1bc1de4d29ca6381ee9ab42e6c15947 Mon Sep 17 00:00:00 2001
-From: Mingli Yu
-Date: Fri, 12 Nov 2021 15:33:53 +0800
-Subject: [PATCH] tabfiles-tags: add use-system-commands option
-
-Pass --use-system-commands option to make blkid command available
-Fixes:
- # ./ts/libmount/tabfiles-tags
- [snip]
- ./ts/libmount/../../functions.sh: line 652:
/usr/lib64/util-linux/ptest/blkid: No such file or
Re: [OE-core] [PATCH 3/5] poky-meta: add go vendor class for offline builds
On 2022-05-06 02:59, Stefan Herbrechtsmeier wrote:
From: Lukas Funke
Signed-off-by: Lukas Funke
Signed-off-by: Stefan Herbrechtsmeier
---
meta/classes/go-vendor.bbclass | 68 ++
1 file changed, 68 insertions(+)
create mode 100644 meta/classes/go-vendor.bbclass
diff --git a/meta/classes/go-vendor.bbclass b/meta/classes/go-vendor.bbclass
new file mode 100644
index 00..a1a740a1fc
--- /dev/null
+++ b/meta/classes/go-vendor.bbclass
@@ -0,0 +1,68 @@
+# Copyright 2022 (C) Weidmueller GmbH & Co KG
+# Author: Lukas Funke
+#
+# Handle Go vendor support for offline builds
+#
+# When importing Go modules, Go downloads the imported module using
+# a network (proxy) connection ahead of the compile stage. This contradicts
+# the yocto build concept of fetching every source ahead of build-time
+# and supporting offline builds.
+#
+# To support offline builds, we use Go 'vendoring': module dependencies are
+# downloaded during the fetch-phase and unpacked into the modules 'vendor'
+# folder. Additinally a manifest file is generated for the 'vendor' folder
+#
+
Several instances of trailing whitespace in the file header.
+inherit go-mod
+
+def go_src_uri(repo, path=None, subdir=None, vcs='git', destsuffix_prefix =
'git/src/import/vendor.fetch'):
+module_path = repo if not path else path
+src_uri = "{}://{};name={};destsuffix={}/{}".format(vcs, repo, \
+module_path.replace('/', '.'), \
+destsuffix_prefix, module_path)
+
+src_uri += ";subdir={}".format(subdir) if subdir else ""
+src_uri += ";nobranch=1;protocol=https" if vcs == "git" else ""
+
+return src_uri
+
+def go_generate_vendor_manifest(d):
+
+vendor_dir = os.path.join(os.path.basename(d.getVar('S')),
+'src', d.getVar('GO_IMPORT'), "vendor")
+dst = os.path.join(vendor_dir, "modules.txt")
+
+go_modules = d.getVarFlags("GO_MODULE_PATH")
+with open(dst, "w") as manifest:
+for go_module in go_modules:
+module_path = d.getVarFlag("GO_MODULE_PATH", go_module)
+module_version = d.getVarFlag("GO_MODULE_VERSION", go_module)
+if module_path and module_version:
+manifest.write("# %s %s\n" % (module_path, module_version))
+manifest.write("## explicit\n")
+exclude = set(['vendor'])
+for subdir, dirs, files in os.walk(os.path.join(vendor_dir,
module_path), topdown=True):
+dirs[:] = [d for d in dirs if d not in exclude]
+for file in files:
I am not sure what other folks think but I tend not to like to see
python builtins reused as variable names. Too easy to screw up and
messes with sytax highlighting in editors.
MarkA
+if file.endswith(".go"):
+manifest.write(subdir[len(vendor_dir)+1:] + "\n")
+break
+
+python go_do_unpack:append() {
+src_uri = (d.getVar('SRC_URI') or "").split()
+if len(src_uri) == 0:
+return
+
+try:
+fetcher = bb.fetch2.Fetch(src_uri, d)
+src_folder = os.path.join(os.path.basename(d.getVar('S')),
+'src', d.getVar('GO_IMPORT'))
+vendor_src = os.path.join(src_folder, "vendor")
+vendor_dst = os.path.join(d.getVar('S'), "src", "import",
"vendor.fetch")
+
+os.symlink(os.path.relpath(vendor_dst, src_folder), vendor_src)
+go_generate_vendor_manifest(d)
+
+except bb.fetch2.BBFetchException as e:
+raise bb.build.FuncFailed(e)
+}
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165529):
https://lists.openembedded.org/g/openembedded-core/message/165529
Mute This Topic: https://lists.openembedded.org/mt/90928683/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/5] recipetool: add go recipe generator
On 2022-05-06 03:15, Alexander Kanavin wrote:
This is a lot of code. Can you add some documentation for it, what it
does and how it works? If someone would want to understand it, how
would they go about it?
Alex
On Fri, 6 May 2022 at 09:00, Stefan Herbrechtsmeier
wrote:
From: Lukas Funke
Signed-off-by: Lukas Funke
Signed-off-by: Stefan Herbrechtsmeier
---
scripts/lib/recipetool/create_go.py | 394
1 file changed, 394 insertions(+)
create mode 100644 scripts/lib/recipetool/create_go.py
diff --git a/scripts/lib/recipetool/create_go.py
b/scripts/lib/recipetool/create_go.py
new file mode 100644
index 00..4552e9b470
--- /dev/null
+++ b/scripts/lib/recipetool/create_go.py
@@ -0,0 +1,394 @@
+# Recipe creation tool - go support plugin
+#
+# Copyright (C) 2022 Weidmueller GmbH & Co KG
+# Author: Lukas Funke
+#
+# Copyright (c) 2009 The Go Authors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause AND GPL-2.0-only
+#
+import bb.utils
+from collections import namedtuple
+from enum import Enum
+from html.parser import HTMLParser
+import json
+import logging
+import os
+import re
+import subprocess
+import sys
+import tempfile
+import shutil
+from urllib.error import URLError, HTTPError
+import urllib.parse
+import urllib.request
+
+from recipetool.create import RecipeHandler, handle_license_vars,
ensure_native_cmd
+
+GoImport = namedtuple('GoImport', 'reporoot vcs repourl suffix')
+logger = logging.getLogger('recipetool')
+
+tinfoil = None
+
+re_pseudo_semver =
re.compile(r"v([0-9]+)\.([0-9]+).([0-9]+|\([0-9]+\+1\))-(pre\.[0-9]+\.)?([0-9]+\.)?(?P[0-9]+)-(?P[0-9Aa-zA-Z]+)")
+re_semver =
re.compile(r"^v(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)(?:-(?P(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?P[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$")
+
+def tinfoil_init(instance):
+global tinfoil
+tinfoil = instance
+
+class GoRecipeHandler(RecipeHandler):
+
+def _resolve_repository_static(self, modulepath):
+_rootpath = None
+_vcs = None
+_repourl = None
+_suffix = None
+
+host, _, path = modulepath.partition('/')
+
+class vcs(Enum):
+pathprefix = "pathprefix"
+regexp = "regexp"
+vcs = "vcs"
+repo = "repo"
+check = "check"
+schemelessRepo = "schemelessRepo"
+
+# GitHub
+vcsGitHub = {}
+vcsGitHub[vcs.pathprefix] = "github.com"
+vcsGitHub[vcs.regexp] =
re.compile(r'^(?Pgithub\.com/[A-Za-z0-9_.\-]+/[A-Za-z0-9_.\-]+)(/(?P[A-Za-z0-9_.\-]+))*$')
+vcsGitHub[vcs.vcs] = "git"
+vcsGitHub[vcs.repo] = "https://\g"
+
+# Bitbucket
+vcsBitbucket = {}
+vcsBitbucket[vcs.pathprefix] = "bitbucket.org"
+vcsBitbucket[vcs.regexp] =
re.compile(r'^(?Pbitbucket\.org/(?P[A-Za-z0-9_.\-]+/[A-Za-z0-9_.\-]+))(/(?P[A-Za-z0-9_.\-]+))*$')
+vcsBitbucket[vcs.vcs] = "git"
+vcsBitbucket[vcs.repo] = "https://\g"
+
+# IBM DevOps Services (JazzHub)
+vcsIBMDevOps = {}
+vcsIBMDevOps[vcs.pathprefix] = "hub.jazz.net/git"
+vcsIBMDevOps[vcs.regexp] =
re.compile(r'^(?Phub\.jazz\.net/git/[a-z0-9]+/[A-Za-z0-9_.\-]+)(/(?P[A-Za-z0-9_.\-]+))*$')
+vcsIBMDevOps[vcs.vcs] = "git"
+vcsIBMDevOps[vcs.repo] = "https://\g"
+
+# Git at Apache
+vcsApacheGit = {}
+vcsApacheGit[vcs.pathprefix] = "git.apache.org"
+vcsApacheGit[vcs.regexp] =
re.compile(r'^(?Pgit\.apache\.org/[a-z0-9_.\-]+\.git)(/(?P[A-Za-z0-9_.\-]+))*$')
+vcsApacheGit[vcs.vcs] = "git"
+vcsApacheGit[vcs.repo] = "https://\g"
+
+# Git at OpenStack
+vcsOpenStackGit = {}
+vcsOpenStackGit[vcs.pathprefix] = "git.openstack.org"
+vcsOpenStackGit[vcs.regexp] =
re.compile(r'^(?Pgit\.openstack\.org/[A-Za-z0-9_.\-]+/[A-Za-z0-9_.\-]+)(\.git)?(/(?P[A-Za-z0-9_.\-]+))*$')
+vcsOpenStackGit[vcs.vcs] = "git"
+vcsOpenStackGit[vcs.repo] = "https://\g"
+
+# chiselapp.com for fossil
+vcsChiselapp = {}
+vcsChiselapp[vcs.pathprefix] = "chiselapp.com"
+vcsChiselapp[vcs.regexp] =
re.compile(r'^(?Pchiselapp\.com/user/[A-Za-z0-9]+/repository/[A-Za-z0-9_.\-]+)$')
+vcsChiselapp[vcs.vcs] = "fossil"
+vcsChiselapp[vcs.repo] = "https://\g"
+
+# General syntax for any server.
+# Must be last.
+vcsGeneralServer = {}
+vcsGeneralServer[vcs.regexp] =
re.compile("(?P(?P([a-z0-9.\-]+\.)+[a-z0-9.\-]+(:[0-9]+)?(/~?[A-Za-z0-9_.\-]+)+?)\.(?Pbzr|fossil|git|hg|svn))(/~?(?P[A-Za-z0-9_.\-]+))*$")
+vcsGeneralServer[vcs.schemelessRepo] = True
+
+vcsPaths = [vcsGitHub, vcsBitbucket, vcsIBMDevOps, vcsApacheGit,
vcsOpenStackGit, vcsChiselapp, vcsGeneralServer]
+
+if modulepath.startswith("example.net") or modulepath == "rsc.io":
+logger.warning("Suspicious module path
Re: [OE-core] [PATCH 2/3] python3-setuptools: upgrade 59.5.0 -> 62.1.0
On Wed, May 11, 2022 at 1:27 PM Alexander Kanavin wrote: > On Fri, 6 May 2022 at 17:03, Alexander Kanavin via > lists.openembedded.org > wrote: > > Tim, can you pick this up and get it to mergeable condition? > I won’t have any time until after the YP Summit. > I have a fix for this queued locally, no need to work on it for now. > > Alex > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165527): https://lists.openembedded.org/g/openembedded-core/message/165527 Mute This Topic: https://lists.openembedded.org/mt/90928568/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/3] python3-setuptools: upgrade 59.5.0 -> 62.1.0
On Fri, 6 May 2022 at 17:03, Alexander Kanavin via lists.openembedded.org wrote: > Tim, can you pick this up and get it to mergeable condition? I have a fix for this queued locally, no need to work on it for now. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165526): https://lists.openembedded.org/g/openembedded-core/message/165526 Mute This Topic: https://lists.openembedded.org/mt/90928568/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 5/5] oe-selftest: add go recipe create selftest
On 2022-05-06 03:16, Alexander Kanavin wrote:
Also here an explanation of what the test does would be useful.
Please keep in mind: writing code is only half the job. You need to
explain it to non-specialists too, we're already struggling with items
which are understood by few people, or in some cases only one person.
Alex
On Fri, 6 May 2022 at 09:00, Stefan Herbrechtsmeier
wrote:
From: Lukas Funke
Signed-off-by: Lukas Funke
Signed-off-by: Stefan Herbrechtsmeier
---
meta/lib/oeqa/selftest/cases/recipetool.py | 88 ++
1 file changed, 88 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py
b/meta/lib/oeqa/selftest/cases/recipetool.py
index 510dae6bad..bb36e7b6d5 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -530,6 +530,94 @@ class RecipetoolTests(RecipetoolBase):
libpath = os.path.join(get_bb_var('COREBASE'), 'scripts', 'lib',
'recipetool')
sys.path.insert(0, libpath)
+def test_recipetool_create_go(self):
+# Basic test to check go recipe generation
+def urifiy(url, version, path = None, subdir = None):
+path = ",path='%s'" % path if path else ''
+subdir = ",subdir='%s'" % subdir if subdir else ''
+return "${@go_src_uri('%s','%s'%s%s)}" % (url, path, subdir)
+
+temprecipe = os.path.join(self.tempdir, 'recipe')
+os.makedirs(temprecipe)
I hate anything that has the potential to generate a python splat
existing. At any rate you have matched what the other tests do so no
change required (maybe the test framework catches splats, I am not
familiar enough with the test framework to know). Typically I would want
to see this call in a try block.
+recipefile = os.path.join(temprecipe, 'edgex-go_git.bb')
+srcuri = 'https://github.com/edgexfoundry/edgex-go.git'
+srcrev = "v2.2.0-dev.54"
+result = runCmd('recipetool create -o %s %s -S %s' % (temprecipe,
srcuri, srcrev))
+self.assertTrue(os.path.isfile(recipefile))
+checkvars = {}
+src_uri = ['git://${GO_IMPORT};nobranch=1;name=${BPN}']
+checkvars['LIC_FILES_CHKSUM'] =
set(['file://src/${GO_IMPORT}/LICENSE;md5=71a6955f3cd81a809549da266346dc59'])
+checkvars['GO_IMPORT'] = "github.com/edgexfoundry/edgex-go"
+inherits = ['go-vendor']
+dependencies = \
+[
+('bitbucket.org/bertimus9/systemstat'),
+
('github.com/edgexfoundry/go-mod-bootstrap','github.com/edgexfoundry/go-mod-bootstrap/v2'),
+
('github.com/edgexfoundry/go-mod-core-contracts''github.com/edgexfoundry/go-mod-core-contracts/v2'),
+
('github.com/edgexfoundry/go-mod-messaging','github.com/edgexfoundry/go-mod-messaging/v2'),
+
('github.com/edgexfoundry/go-mod-registry','github.com/edgexfoundry/go-mod-registry/v2'),
+
('github.com/edgexfoundry/go-mod-secrets','github.com/edgexfoundry/go-mod-secrets/v2'),
+('github.com/fxamacker/cbor','github.com/fxamacker/cbor/v2'),
+('github.com/golang-jwt/jwt','github.com/golang-jwt/jwt/v4'),
+('github.com/gomodule/redigo'),
+('github.com/google/uuid'),
+('github.com/gorilla/mux'),
+('github.com/lib/pq'),
+('github.com/pelletier/go-toml'),
+
('github.com/spiffe/go-spiffe','github.com/spiffe/go-spiffe/v2'),
+('github.com/stretchr/testify'),
+('go.googlesource.com/crypto','golang.org/x/crypto'),
+('gopkg.in/eapache/queue.v1'),
+('gopkg.in/yaml.v3'),
+('github.com/armon/go-metrics'),
+('github.com/cenkalti/backoff'),
+('github.com/davecgh/go-spew'),
+('github.com/eclipse/paho.mqtt.golang'),
+
('github.com/edgexfoundry/go-mod-configuration','github.com/edgexfoundry/go-mod-configuration/v2'),
+('github.com/fatih/color'),
+('github.com/go-kit/log'),
+('github.com/go-logfmt/logfmt'),
+('github.com/go-playground/locales'),
+('github.com/go-playground/universal-translator'),
+
('github.com/go-playground/validator','github.com/go-playground/validator/v10'),
+('github.com/go-redis/redis','github.com/go-redis/redis/v7'),
+('github.com/golang/protobuf'),
+('github.com/gorilla/websocket'),
+('github.com/hashicorp/consul','api'),
+('github.com/hashicorp/errwrap'),
+('github.com/hashicorp/go-cleanhttp'),
+('github.com/hashicorp/go-hclog'),
+('github.com/hashicorp/go-immutable-radix'),
+('github.com/hashicorp/go-multierror'),
+('github.com/hashicorp/go-rootcerts'),
+
Re: [OE-core] [PATCH 1/5] recipetool-create: add ensure_native_cmd function
On 2022-05-11 15:45, Mark Asselstine wrote:
On 2022-05-06 03:09, Alexander Kanavin wrote:
I think the terminology is a bit confused here, instead of 'command'
it should say 'recipe'. Also:
"""Check if the command is available in the recipes""" is not
everything it does, it also builds the recipe.
And please write a commit message that explains what and why.
Additionally, I would squash commits 1/5 and 2/5. Most people, including
myself, will review the commits in order, in doing so commit 1/5 is
reviewed as original work, only to find in 2/5 that it was an existing
function, just made generic. Combining these also makes it easier when
mining history.
I suspect this will need rework as the assumption that a command and
package name are 1:1 might have only been valid with NPM but definitely
won't be the case for many commands.
MarkA
MarkA
Alex
On Fri, 6 May 2022 at 09:00, Stefan Herbrechtsmeier
wrote:
From: Lukas Funke
Signed-off-by: Lukas Funke
Signed-off-by: Stefan Herbrechtsmeier
---
scripts/lib/recipetool/create.py | 23 +++
1 file changed, 23 insertions(+)
diff --git a/scripts/lib/recipetool/create.py
b/scripts/lib/recipetool/create.py
index 824ac6350d..efcb82173e 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -1375,6 +1375,29 @@ def convert_rpm_xml(xmlfile):
values[varname] = child[0].text
return values
+def ensure_native_cmd(tinfoil, cmd):
+ """Check if the command is available in the recipes"""
+ if not tinfoil.recipes_parsed:
+ tinfoil.parse_recipes()
+
+ try:
+ d = tinfoil.parse_recipe("%s-native" % cmd)
+ except bb.providers.NoProvider:
+ bb.error("Nothing provides '%s-native' which is required for
the build" % cmd)
+ bb.note("You will likely need to add a layer that provides
%s" % cmd)
+ sys.exit(14)
+
+ bindir = d.getVar("STAGING_BINDIR_NATIVE")
+ cmdpath = os.path.join(bindir, cmd)
+
+ if not os.path.exists(cmdpath):
+ tinfoil.build_targets("%s-native" % cmd,
"addto_recipe_sysroot")
+
+ if not os.path.exists(cmdpath):
+ bb.error("Failed to add '%s' to sysroot" % cmd)
+ sys.exit(14)
+
+ return bindir
def register_commands(subparsers):
parser_create = subparsers.add_parser('create',
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165524):
https://lists.openembedded.org/g/openembedded-core/message/165524
Mute This Topic: https://lists.openembedded.org/mt/90928682/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/5] recipetool-create: add ensure_native_cmd function
On 2022-05-06 03:09, Alexander Kanavin wrote:
I think the terminology is a bit confused here, instead of 'command'
it should say 'recipe'. Also:
"""Check if the command is available in the recipes""" is not
everything it does, it also builds the recipe.
And please write a commit message that explains what and why.
Additionally, I would squash commits 1/5 and 2/5. Most people, including
myself, will review the commits in order, in doing so commit 1/5 is
reviewed as original work, only to find in 2/5 that it was an existing
function, just made generic. Combining these also makes it easier when
mining history.
MarkA
Alex
On Fri, 6 May 2022 at 09:00, Stefan Herbrechtsmeier
wrote:
From: Lukas Funke
Signed-off-by: Lukas Funke
Signed-off-by: Stefan Herbrechtsmeier
---
scripts/lib/recipetool/create.py | 23 +++
1 file changed, 23 insertions(+)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 824ac6350d..efcb82173e 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -1375,6 +1375,29 @@ def convert_rpm_xml(xmlfile):
values[varname] = child[0].text
return values
+def ensure_native_cmd(tinfoil, cmd):
+"""Check if the command is available in the recipes"""
+if not tinfoil.recipes_parsed:
+tinfoil.parse_recipes()
+
+try:
+d = tinfoil.parse_recipe("%s-native" % cmd)
+except bb.providers.NoProvider:
+bb.error("Nothing provides '%s-native' which is required for the
build" % cmd)
+bb.note("You will likely need to add a layer that provides %s" % cmd)
+sys.exit(14)
+
+bindir = d.getVar("STAGING_BINDIR_NATIVE")
+cmdpath = os.path.join(bindir, cmd)
+
+if not os.path.exists(cmdpath):
+tinfoil.build_targets("%s-native" % cmd, "addto_recipe_sysroot")
+
+if not os.path.exists(cmdpath):
+bb.error("Failed to add '%s' to sysroot" % cmd)
+sys.exit(14)
+
+return bindir
def register_commands(subparsers):
parser_create = subparsers.add_parser('create',
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165523):
https://lists.openembedded.org/g/openembedded-core/message/165523
Mute This Topic: https://lists.openembedded.org/mt/90928682/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH 2/2] scripts/autobuilder-worker-prereq-tests: add additional limit testing
Check that open file and user process limits are greater than or equal to what the autobuilder uses. Signed-off-by: Michael Halstead --- scripts/autobuilder-worker-prereq-tests | 15 +++ 1 file changed, 15 insertions(+) diff --git a/scripts/autobuilder-worker-prereq-tests b/scripts/autobuilder-worker-prereq-tests index 3956349b30..572227dccd 100755 --- a/scripts/autobuilder-worker-prereq-tests +++ b/scripts/autobuilder-worker-prereq-tests @@ -51,6 +51,21 @@ if (( $WATCHES < 65000 )); then echo 'Need to increase watches (echo fs.inotify.max_user_watches=65536 | sudo tee -a /etc/sysctl.conf' exit 1 fi +OPEN_FILES=$(ulimit -n) +if (( $OPEN_FILES < 65535 )); then +echo 'Increase maximum open files in /etc/security/limits.conf' +echo '*softnofile 131072' +echo '*hardnofile 131072' +exit 1 +fi +MAX_PROCESSES=$(ulimit -u) +if (( $MAX_PROCESSES < 514542 )); then +echo 'Increase maximum user processes in /etc/security/limits.conf' +echo '*hardnproc 515294' +echo '*softnproc 514543' +exit 1 +fi + mkdir -p tmp/deploy/images/qemux86-64 pushd tmp/deploy/images/qemux86-64 if [ ! -e core-image-minimal-qemux86-64.ext4 ]; then -- 2.36.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165522): https://lists.openembedded.org/g/openembedded-core/message/165522 Mute This Topic: https://lists.openembedded.org/mt/91042761/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH 1/2] scripts/autobuilder-worker-prereq-tests: update to use yocto 4.0
Use files from the current release to avoid the depreciated -show-cursor option. Signed-off-by: Michael Halstead --- scripts/autobuilder-worker-prereq-tests | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/autobuilder-worker-prereq-tests b/scripts/autobuilder-worker-prereq-tests index 82e9a77bd5..3956349b30 100755 --- a/scripts/autobuilder-worker-prereq-tests +++ b/scripts/autobuilder-worker-prereq-tests @@ -54,13 +54,13 @@ fi mkdir -p tmp/deploy/images/qemux86-64 pushd tmp/deploy/images/qemux86-64 if [ ! -e core-image-minimal-qemux86-64.ext4 ]; then -wget http://downloads.yoctoproject.org/releases/yocto/yocto-2.5.1/machines/qemu/qemux86-64/core-image-minimal-qemux86-64.ext4 +wget http://downloads.yoctoproject.org/releases/yocto/yocto-4.0/machines/qemu/qemux86-64/core-image-minimal-qemux86-64.ext4 fi if [ ! -e core-image-minimal-qemux86-64.qemuboot.conf ]; then -wget http://downloads.yoctoproject.org/releases/yocto/yocto-2.5.1/machines/qemu/qemux86-64/core-image-minimal-qemux86-64.qemuboot.conf +wget http://downloads.yoctoproject.org/releases/yocto/yocto-4.0/machines/qemu/qemux86-64/core-image-minimal-qemux86-64.qemuboot.conf fi if [ ! -e bzImage-qemux86-64.bin ]; then -wget http://downloads.yoctoproject.org/releases/yocto/yocto-2.5.1/machines/qemu/qemux86-64/bzImage-qemux86-64.bin +wget http://downloads.yoctoproject.org/releases/yocto/yocto-4.0/machines/qemu/qemux86-64/bzImage-qemux86-64.bin fi popd bitbake qemu-helper-native -- 2.36.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165521): https://lists.openembedded.org/g/openembedded-core/message/165521 Mute This Topic: https://lists.openembedded.org/mt/91042760/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references
From: Richard Purdie
This is horrible but I'm running out of better ideas. We hit circular reference
issues which we were trying to avoid in the core HOSTTOOLS code. When building
the eSDK, there can be two copies of the script.
Therefore assume git will never be in a directory called scripts. This
fixes eSDK build failures.
Signed-off-by: Richard Purdie
(cherry picked from commit 27de610ac30d4c81352efc794df7e9b1060f7a68)
Signed-off-by: Steve Sakoman
---
scripts/git | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/scripts/git b/scripts/git
index 8adf5c9ecb..644055e540 100755
--- a/scripts/git
+++ b/scripts/git
@@ -10,7 +10,14 @@ os.environ['PSEUDO_UNLOAD'] = '1'
# calculate path to the real 'git'
path = os.environ['PATH']
-path = path.replace(os.path.dirname(sys.argv[0]), '')
+# we need to remove our path but also any other copy of this script which
+# may be present, e.g. eSDK.
+replacements = [os.path.dirname(sys.argv[0])]
+for p in path.split(":"):
+if p.endswith("/scripts"):
+replacements.append(p)
+for r in replacements:
+path = path.replace(r, '/ignoreme')
real_git = shutil.which('git', path=path)
if len(sys.argv) == 1:
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165520):
https://lists.openembedded.org/g/openembedded-core/message/165520
Mute This Topic: https://lists.openembedded.org/mt/91042175/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 13/14] scripts: Make git intercept global
From: Richard Purdie
The previous minimially invasive git intercept simply isn't enough. For example,
meson used in the igt-gpu-tools recipe hardcodes the path to git in the
configure
step so at install time, changing PATH has no effect.
There are lots of interesting things we could do to try and avoid problems but
making the git intercept and dropping fakeroot privs for git global is probably
the least worst solution at this point. It will add slight overhead to git calls
but we don't make many so the overall impact is likely minimal.
Signed-off-by: Richard Purdie
(cherry picked from commit af27c81eaf68ee681dcd9456a74cca6a9ab40bf6)
Signed-off-by: Steve Sakoman
---
scripts/{git-intercept => }/git | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename scripts/{git-intercept => }/git (100%)
diff --git a/scripts/git-intercept/git b/scripts/git
similarity index 100%
rename from scripts/git-intercept/git
rename to scripts/git
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165519):
https://lists.openembedded.org/g/openembedded-core/message/165519
Mute This Topic: https://lists.openembedded.org/mt/91042174/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 12/14] base: Avoid circular references to our own scripts
From: Richard Purdie
We'd like to intercept git calls but we don't want circular references
and HOSTTOOLS currently sets them up. Tweak to avoid them.
Signed-off-by: Richard Purdie
(cherry picked from commit 52c37e133fa55846aca2248ffcf3a10648dbb8d7)
Signed-off-by: Steve Sakoman
---
meta/classes/base.bbclass | 4
1 file changed, 4 insertions(+)
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 9ed736b0e1..19604a4646 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -122,6 +122,10 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
tools = d.getVar(toolsvar).split()
origbbenv = d.getVar("BB_ORIGENV", False)
path = origbbenv.getVar("PATH")
+# Need to ignore our own scripts directories to avoid circular links
+for p in path.split(":"):
+if p.endswith("/scripts"):
+path = path.replace(p, "/ignoreme")
bb.utils.mkdirhier(dest)
notfound = []
for tool in tools:
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165518):
https://lists.openembedded.org/g/openembedded-core/message/165518
Mute This Topic: https://lists.openembedded.org/mt/91042173/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal
From: Davide Gardenal
When creating the manifest and the testdata.json links, if the link
name is equal to the output name the link is not created, otherwise
it is. This prevents a link-to-self in the first case.
Signed-off-by: Davide Gardenal
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit bed63756c56f296ff3d5a7eef66e978bd19f1008)
Signed-off-by: Steve Sakoman
---
meta/classes/rootfs-postcommands.bbclass | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/meta/classes/rootfs-postcommands.bbclass
b/meta/classes/rootfs-postcommands.bbclass
index c43b9a9823..0fef52af40 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -267,9 +267,10 @@ python write_image_manifest () {
if os.path.exists(manifest_name) and link_name:
manifest_link = deploy_dir + "/" + link_name + ".manifest"
-if os.path.lexists(manifest_link):
-os.remove(manifest_link)
-os.symlink(os.path.basename(manifest_name), manifest_link)
+if manifest_link != manifest_name:
+if os.path.lexists(manifest_link):
+os.remove(manifest_link)
+os.symlink(os.path.basename(manifest_name), manifest_link)
}
# Can be used to create /etc/timestamp during image construction to give a
reasonably
@@ -339,9 +340,10 @@ python write_image_test_data() {
if os.path.exists(testdata_name) and link_name:
testdata_link = os.path.join(deploy_dir, "%s.testdata.json" %
link_name)
-if os.path.lexists(testdata_link):
-os.remove(testdata_link)
-os.symlink(os.path.basename(testdata_name), testdata_link)
+if testdata_link != testdata_name:
+if os.path.lexists(testdata_link):
+os.remove(testdata_link)
+os.symlink(os.path.basename(testdata_name), testdata_link)
}
write_image_test_data[vardepsexclude] += "TOPDIR"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165517):
https://lists.openembedded.org/g/openembedded-core/message/165517
Mute This Topic: https://lists.openembedded.org/mt/91042172/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no
From: Portia The systemd-unit parameter DefaultDependencies changed from true/false to yes/no. This changed in systemd in v242. Signed-off-by: Portia Stephens Signed-off-by: Richard Purdie (cherry picked from commit add4dcb03dc7b034253db05f0023cb97cab8b26d) Signed-off-by: Steve Sakoman (cherry picked from commit 9da23a2b912edd043037a8e2e1047f7f3ba6886a) Signed-off-by: Steve Sakoman --- .../recipes-core/volatile-binds/files/volatile-binds.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in index b23355a714..4b34ebd12d 100644 --- a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in +++ b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in @@ -1,6 +1,6 @@ [Unit] Description=Bind mount volatile @where@ -DefaultDependencies=false +DefaultDependencies=no Before=local-fs.target RequiresMountsFor=@whatparent@ @whereparent@ ConditionPathIsReadWrite=@whatparent@ -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165516): https://lists.openembedded.org/g/openembedded-core/message/165516 Mute This Topic: https://lists.openembedded.org/mt/91042171/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal
From: Davide Gardenal
An if statement now checks if the link and output path are
the same, if they are then the link is not created,
otherwise it is.
Signed-off-by: Davide Gardenal
Signed-off-by: Luca Ceresoli
(cherry picked from commit 2f024c0236c4806f0e59e4ce51a42f6b80fdf1b3)
Signed-off-by: Steve Sakoman
---
meta/classes/cve-check.bbclass | 19 +++
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 350ed8ec39..ac9f0fb22c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -117,10 +117,11 @@ python cve_save_summary_handler () {
if cve_summary_file and os.path.exists(cve_summary_file):
cvefile_link = os.path.join(cvelogpath, cve_summary_name)
-
-if os.path.exists(os.path.realpath(cvefile_link)):
-os.remove(cvefile_link)
-os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+# if the paths are the same don't create the link
+if cvefile_link != cve_summary_file:
+if os.path.exists(os.path.realpath(cvefile_link)):
+os.remove(cvefile_link)
+os.symlink(os.path.basename(cve_summary_file), cvefile_link)
json_summary_link_name = os.path.join(cvelogpath,
d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
json_summary_name = os.path.join(cvelogpath, "%s-%s.json" %
(cve_summary_name, timestamp))
@@ -193,10 +194,12 @@ python cve_check_write_rootfs_manifest () {
if manifest_name and os.path.exists(manifest_name):
manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name)
-# If we already have another manifest, update symlinks
-if os.path.exists(os.path.realpath(manifest_link)):
-os.remove(manifest_link)
-os.symlink(os.path.basename(manifest_name), manifest_link)
+# if they are the same don't create the link
+if manifest_link != manifest_name:
+# If we already have another manifest, update symlinks
+if os.path.exists(os.path.realpath(manifest_link)):
+os.remove(manifest_link)
+os.symlink(os.path.basename(manifest_name), manifest_link)
bb.plain("Image CVE report stored in: %s" % manifest_name)
link_path = os.path.join(deploy_dir, "%s.json" % link_name)
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165515):
https://lists.openembedded.org/g/openembedded-core/message/165515
Mute This Topic: https://lists.openembedded.org/mt/91042170/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 08/14] cve-check: add JSON format to summary output
From: Davide Gardenal
Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON
format.
Signed-off-by: Davide Gardenal
Signed-off-by: Luca Ceresoli
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman
---
meta/classes/cve-check.bbclass | 51 ++
1 file changed, 33 insertions(+), 18 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 41b4eb2dbf..350ed8ec39 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -75,6 +75,30 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
# set to "alphabetical" for version using single alphabetical character as
increment release
CVE_VERSION_SUFFIX ??= ""
+def generate_json_report(out_path, link_path):
+if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
+import json
+from oe.cve_check import cve_check_merge_jsons
+
+bb.note("Generating JSON CVE summary")
+index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
+summary = {"version":"1", "package": []}
+with open(index_file) as f:
+filename = f.readline()
+while filename:
+with open(filename.rstrip()) as j:
+data = json.load(j)
+cve_check_merge_jsons(summary, data)
+filename = f.readline()
+
+with open(out_path, "w") as f:
+json.dump(summary, f, indent=2)
+
+if link_path != out_path:
+if os.path.exists(os.path.realpath(link_path)):
+os.remove(link_path)
+os.symlink(os.path.basename(out_path), link_path)
+
python cve_save_summary_handler () {
import shutil
import datetime
@@ -97,6 +121,11 @@ python cve_save_summary_handler () {
if os.path.exists(os.path.realpath(cvefile_link)):
os.remove(cvefile_link)
os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+
+json_summary_link_name = os.path.join(cvelogpath,
d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
+json_summary_name = os.path.join(cvelogpath, "%s-%s.json" %
(cve_summary_name, timestamp))
+generate_json_report(json_summary_name, json_summary_link_name)
+bb.plain("CVE report summary created at: %s" % json_summary_link_name)
}
addhandler cve_save_summary_handler
@@ -170,25 +199,11 @@ python cve_check_write_rootfs_manifest () {
os.symlink(os.path.basename(manifest_name), manifest_link)
bb.plain("Image CVE report stored in: %s" % manifest_name)
-if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
-import json
+link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
bb.note("Generating JSON CVE manifest")
-deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
-link_name = d.getVar("IMAGE_LINK_NAME")
-manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
-index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
-manifest = {"version":"1", "package": []}
-with open(index_file) as f:
-filename = f.readline()
-while filename:
-with open(filename.rstrip()) as j:
-data = json.load(j)
-cve_check_merge_jsons(manifest, data)
-filename = f.readline()
-
-with open(manifest_name, "w") as f:
-json.dump(manifest, f, indent=2)
-bb.plain("Image CVE report stored in: %s" % manifest_name)
+generate_json_report(json_summary_name, json_summary_link_name)
+bb.plain("Image CVE JSON report stored in: %s" % link_path)
}
ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; '
if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165514):
https://lists.openembedded.org/g/openembedded-core/message/165514
Mute This Topic: https://lists.openembedded.org/mt/91042168/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval
From: Marta Rybczynska
Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
- a positive value sets an interval (in seconds)
- a zero ("0") forces the database update
Signed-off-by: Marta Rybczynska
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/meta/cve-update-db-native.bb | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb
b/meta/recipes-core/meta/cve-update-db-native.bb
index a6144979f0..594bf947c8 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -12,6 +12,10 @@ deltask do_compile
deltask do_install
deltask do_populate_sysroot
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"
+
python () {
if not bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not
loaded.")
@@ -43,10 +47,15 @@ python do_fetch() {
os.remove(db_file)
# The NVD database changes once a day, so no need to update more frequently
+# Allow the user to force-update
try:
import time
-if time.time() - os.path.getmtime(db_file) < (24*60*60):
+update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+if (update_interval < 0):
+update_interval = 0
+if time.time() - os.path.getmtime(db_file) < update_interval:
return
+
except OSError:
pass
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165513):
https://lists.openembedded.org/g/openembedded-core/message/165513
Mute This Topic: https://lists.openembedded.org/mt/91042160/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only
From: Marta Rybczynska
The update of the NVD database was expected to happen once per hour.
However, the database file date changes only if the content was actually
updated. In practice, the check worked for the first hour after the
new download.
As the NVD database changes usually only once a day, we can just
update it less frequently.
Signed-off-by: Marta Rybczynska
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3)
Signed-off-by: Steve Sakoman
(cherry picked from commit 88f2fb1581a17b2cf59a694ca9afb89e38ed40b5)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/meta/cve-update-db-native.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb
b/meta/recipes-core/meta/cve-update-db-native.bb
index 50052f8532..a6144979f0 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -42,10 +42,10 @@ python do_fetch() {
if os.path.exists(db_file):
os.remove(db_file)
-# Don't refresh the database more than once an hour
+# The NVD database changes once a day, so no need to update more frequently
try:
import time
-if time.time() - os.path.getmtime(db_file) < (60*60):
+if time.time() - os.path.getmtime(db_file) < (24*60*60):
return
except OSError:
pass
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165512):
https://lists.openembedded.org/g/openembedded-core/message/165512
Mute This Topic: https://lists.openembedded.org/mt/91042158/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task
From: Ross Burton
The only part of the cve-check task which needs files is the patch
examination, and typically these patches are local so fetch isn't needed.
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54)
Signed-off-by: Steve Sakoman
(cherry picked from commit 3dc8edd6611e7ad4abcece44ca4701eda7aeff94)
Signed-off-by: Steve Sakoman
---
meta/classes/cve-check.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index a7156cbdfb..41b4eb2dbf 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -121,7 +121,7 @@ python do_cve_check () {
}
-addtask cve_check before do_build after do_fetch
+addtask cve_check before do_build
do_cve_check[depends] = "cve-update-db-native:do_fetch"
do_cve_check[nostamp] = "1"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165511):
https://lists.openembedded.org/g/openembedded-core/message/165511
Mute This Topic: https://lists.openembedded.org/mt/91042155/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 03/14] busybox: fix CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's
colors.
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
Backported from kirkstone 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4.
2nd patch adjusted to apply on 1.31.1.
Signed-off-by: Steve Sakoman
Signed-off-by: Richard Purdie
Signed-off-by: Martin Jansa
Signed-off-by: Steve Sakoman
---
...tr-ensure-only-printable-characters-.patch | 38 +++
...e-all-printed-strings-with-printable.patch | 64 +++
meta/recipes-core/busybox/busybox_1.31.1.bb | 2 +
3 files changed, 104 insertions(+)
create mode 100644
meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
create mode 100644
meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
diff --git
a/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
b/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
new file mode 100644
index 00..18bf5f19e4
--- /dev/null
+++
b/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
@@ -0,0 +1,38 @@
+From c7e181fdf58c392e06ab805e2c044c3e57d5445a Mon Sep 17 00:00:00 2001
+From: Ariadne Conill
+Date: Sun, 3 Apr 2022 12:14:33 +
+Subject: [PATCH] libbb: sockaddr2str: ensure only printable characters are
+ returned for the hostname part
+
+CVE: CVE-2022-28391
+Upstream-Status: Pending
+Signed-off-by: Ariadne Conill
+Signed-off-by: Steve Sakoman
+---
+ libbb/xconnect.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libbb/xconnect.c b/libbb/xconnect.c
+index eb2871cb1..b5520bb21 100644
+--- a/libbb/xconnect.c
b/libbb/xconnect.c
+@@ -501,8 +501,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr
*sa, int flags)
+ );
+ if (rc)
+ return NULL;
++ /* ensure host contains only printable characters */
+ if (flags & IGNORE_PORT)
+- return xstrdup(host);
++ return xstrdup(printable_string(host));
+ #if ENABLE_FEATURE_IPV6
+ if (sa->sa_family == AF_INET6) {
+ if (strchr(host, ':')) /* heh, it's not a resolved hostname */
+@@ -513,7 +514,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr
*sa, int flags)
+ #endif
+ /* For now we don't support anything else, so it has to be INET */
+ /*if (sa->sa_family == AF_INET)*/
+- return xasprintf("%s:%s", host, serv);
++ return xasprintf("%s:%s", printable_string(host), serv);
+ /*return xstrdup(host);*/
+ }
+
diff --git
a/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
b/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
new file mode 100644
index 00..2c9da33a51
--- /dev/null
+++
b/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
@@ -0,0 +1,64 @@
+From f8ad7c331b25ba90fd296b37c443b4114cb196e2 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill
+Date: Sun, 3 Apr 2022 12:16:45 +
+Subject: [PATCH] nslookup: sanitize all printed strings with printable_string
+
+Otherwise, terminal sequences can be injected, which enables various terminal
injection
+attacks from DNS results.
+
+MJ: One chunk wasn't applicable on 1.31.1 version, because parsing of
+SRV records was added only in newer 1.32.0 with:
+ commit 6b4960155e94076bf25518e4e268a7a5f849308e
+ Author: Jo-Philipp Wich
+ Date: Thu Jun 27 17:27:29 2019 +0200
+
+nslookup: implement support for SRV records
+
+CVE: CVE-2022-28391
+Upstream-Status: Pending
+Signed-off-by: Ariadne Conill
+Signed-off-by: Steve Sakoman
+---
+ networking/nslookup.c | 8
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/networking/nslookup.c b/networking/nslookup.c
+index 24e09d4f0..89b9c8a13 100644
+--- a/networking/nslookup.c
b/networking/nslookup.c
+@@ -404,7 +404,7 @@ static int parse_reply(const unsigned char *msg, size_t
len)
+ //printf("Unable to uncompress domain: %s\n",
strerror(errno));
+ return -1;
+ }
+- printf(format, ns_rr_name(rr), dname);
++ printf(format, ns_rr_name(rr), printable_string(dname));
+ break;
+
+ case ns_t_mx:
+@@ -419,7 +419,7 @@ static int parse_reply(const unsigned char *msg, size_t
len)
+ //printf("Cannot uncompress MX domain: %s\n",
strerror(errno));
+ return -1;
+ }
+- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr),
[OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 1d72b776f6dc Linux 5.4.192 aa2a047b5842 mm, hugetlb: allow for "high" userspace addresses 6a79b2433eb1 hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs b69e60f6fc00 tty: n_gsm: fix incorrect UA handling 0f4be29febdc tty: n_gsm: fix wrong command frame length field encoding 21cc640385b4 tty: n_gsm: fix wrong command retry handling 49c40febd45c tty: n_gsm: fix missing explicit ldisc flush 85522dcf0053 tty: n_gsm: fix insufficient txframe size 563bb0f794ca netfilter: nft_socket: only do sk lookups when indev is available fae209521000 tty: n_gsm: fix malformed counter for out of frame data cec2d0782a7b tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 a6d9847a4f82 x86/cpu: Load microcode during restore_processor_state() 9e9d12b81df6 net: ethernet: stmmac: fix write to sgmii_adapter_base 10ba1ac9a22a drivers: net: hippi: Fix deadlock in rr_close() a8275219759e cifs: destage any unwritten data to the server before calling copychunk_write 5335370366a3 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 0ecc5304e80a ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() 781571034993 ASoC: wm8731: Disable the regulator when probing fails a71df406a6a5 tcp: fix F-RTO may not work correctly when receiving DSACK a4ed61e30e32 ixgbe: ensure IPsec VF<->PF compatibility 406aaef0feae bnx2x: fix napi API usage sequence c3e7ea58608a tls: Skip tls_append_frag on zero copy size cd5cec3a0c8f drm/amd/display: Fix memory leak in dcn21_clock_source_create ffce11a39102 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK 3a179538bfd7 net: bcmgenet: hide status block before TX timestamping 8ef6d60aa2f1 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() 194f474ad9b4 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() e80054ea0cde tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT 685ff7d24487 ip_gre: Make o_seqno start from 0 in native mode 69555bb27b2e net/smc: sync err code when tcp connection was refused daca23846eb3 net: hns3: add validity check for message data length 7763a7956632 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe f5bb5940d754 pinctrl: pistachio: fix use of irq_of_parse_and_map() d22fc603694b arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock 68f5200a1f60 ARM: dts: imx6ull-colibri: fix vqmmc regulator c45180375afd sctp: check asoc strreset_chunk in sctp_generate_reconf_event 2cba635570d8 tcp: ensure to use the most recently sent skb when filling the rate sample 3ea6190be92f tcp: md5: incorrect tcp_header_len for incoming connections 2b9a13d98dfc bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook 2e7f70d324ef mtd: rawnand: Fix return value check of wait_for_completion_timeout 2a36ba067b36 ipvs: correctly print the memory size of ip_vs_conn_tab abe86a10dc5c ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 54212850e38f ARM: dts: am3517-evm: Fix misc pinmuxing bba67fe6b022 ARM: dts: Fix mmc order for omap3-gta04 416e0f890732 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe 6ff7c1b827c8 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe 59bdaed5dd73 ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek dbce8fc16a08 phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks b7fc45354be6 ARM: OMAP2+: Fix refcount leak in omap_gic_of_init dd99939b70c4 phy: samsung: exynos5250-sata: fix missing device put in probe error paths 6331b77fdc17 phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe fccbc3168e5e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue b8f0c19d4864 USB: Fix xhci event ring dequeue pointer ERDP update issue 1f47c2625773 mtd: rawnand: fix ecc parameters for mt7622 0405bd7f1888 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards 5f80b5c5f406 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards f6db63819db6 video: fbdev: udlfb: properly check endpoint type c00f3892f4f0 hex2bin: fix access beyond string end 15b78a8e38e8 hex2bin: make the function hex_to_bin constant-time 73f4668ee875 arch_topology: Do not set llc_sibling if llc_id is invalid a3cdd33ca163 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device 89a5728b053c serial: 8250: Also set sticky MCR bits in console restoration 42f749f2232a serial: imx: fix overrun interrupts in DMA mode d29c197df7fa usb: dwc3: gadget: Return proper request status 0f3d081315c5 usb: dwc3: core: Fix tx/rx threshold settings e2ec7b1f6a06 usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() debb276670b0 usb: gadget: uvc: Fix crash
[OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215
From: Pawan Badganchi
Add below patch to fix CVE-2022-1215
CVE-2022-1215.patch
Link:
https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28
Signed-off-by: Pawan Badganchi
Signed-off-by: Steve Sakoman
---
.../wayland/libinput/CVE-2022-1215.patch | 360 ++
.../wayland/libinput_1.15.2.bb| 1 +
2 files changed, 361 insertions(+)
create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
diff --git a/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
b/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
new file mode 100644
index 00..313c0c5eb2
--- /dev/null
+++ b/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
@@ -0,0 +1,360 @@
+From 2a8b8fde90d63d48ce09ddae44142674bbca1c28 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer
+Date: Wed, 30 Mar 2022 09:25:22 +1000
+Subject: [PATCH] evdev: strip the device name of format directives
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes a format string vulnerabilty.
+
+evdev_log_message() composes a format string consisting of a fixed
+prefix (including the rendered device name) and the passed-in format
+buffer. This format string is then passed with the arguments to the
+actual log handler, which usually and eventually ends up being printf.
+
+If the device name contains a printf-style format directive, these ended
+up in the format string and thus get interpreted correctly, e.g. for a
+device "Foo%sBar" the log message vs printf invocation ends up being:
+ evdev_log_message(device, "some message %s", "some argument");
+ printf("event9 - Foo%sBar: some message %s", "some argument");
+
+This can enable an attacker to execute malicious code with the
+privileges of the process using libinput.
+
+To exploit this, an attacker needs to be able to create a kernel device
+with a malicious name, e.g. through /dev/uinput or a Bluetooth device.
+
+To fix this, convert any potential format directives in the device name
+by duplicating percentages.
+
+Pre-rendering the device to avoid the issue altogether would be nicer
+but the current log level hooks do not easily allow for this. The device
+name is the only user-controlled part of the format string.
+
+A second potential issue is the sysname of the device which is also
+sanitized.
+
+This issue was found by Albin Eldstål-Ahrens and Benjamin Svensson from
+Assured AB, and independently by Lukas Lamster.
+
+Fixes #752
+
+Signed-off-by: Peter Hutterer
+(cherry picked from commit a423d7d3269dc32a87384f79e29bb5ac021c83d1)
+
+CVE: CVE-2022-1215
+Upstream Status: Backport
[https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28]
+Signed-off-by: Pawan Badganchi
+
+---
+ meson.build| 1 +
+ src/evdev.c| 31 +++--
+ src/evdev.h| 6 ++--
+ src/util-strings.h | 30
+ test/litest-device-format-string.c | 56 ++
+ test/litest.h | 1 +
+ test/test-utils.c | 26 ++
+ 7 files changed, 139 insertions(+), 12 deletions(-)
+ create mode 100644 test/litest-device-format-string.c
+
+diff --git a/meson.build b/meson.build
+index 90f528e6..1f6159e7 100644
+--- a/meson.build
b/meson.build
+@@ -787,6 +787,7 @@
+ 'test/litest-device-dell-canvas-totem-touch.c',
+ 'test/litest-device-elantech-touchpad.c',
+ 'test/litest-device-elan-tablet.c',
++ 'test/litest-device-format-string.c',
+ 'test/litest-device-generic-singletouch.c',
+ 'test/litest-device-gpio-keys.c',
+ 'test/litest-device-huion-pentablet.c',
+diff --git a/src/evdev.c b/src/evdev.c
+index 6d81f58f..d1c35c07 100644
+--- a/src/evdev.c
b/src/evdev.c
+@@ -2356,19 +2356,19 @@ evdev_device_create(struct libinput_seat *seat,
+ struct libinput *libinput = seat->libinput;
+ struct evdev_device *device = NULL;
+ int rc;
+- int fd;
++ int fd = -1;
+ int unhandled_device = 0;
+ const char *devnode = udev_device_get_devnode(udev_device);
+- const char *sysname = udev_device_get_sysname(udev_device);
++ char *sysname = str_sanitize(udev_device_get_sysname(udev_device));
+
+ if (!devnode) {
+ log_info(libinput, "%s: no device node associated\n", sysname);
+- return NULL;
++ goto err;
+ }
+
+ if (udev_device_should_be_ignored(udev_device)) {
+ log_debug(libinput, "%s: device is ignored\n", sysname);
+- return NULL;
++ goto err;
+ }
+
+ /* Use non-blocking mode so that we can loop on read on
+@@ -2382,13 +2382,15 @@ evdev_device_create(struct libinput_seat *seat,
+sysname,
+
[OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
From: Pawan Badganchi
Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
CVE-2022-25308.patch
Link:
https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1
CVE-2022-25309.patch
Link:
https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
CVE-2022-25310.patch
Link:https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f
Signed-off-by: Pawan Badganchi
Signed-off-by: Steve Sakoman
---
.../fribidi/fribidi/CVE-2022-25308.patch | 50 +++
.../fribidi/fribidi/CVE-2022-25309.patch | 31
.../fribidi/fribidi/CVE-2022-25310.patch | 30 +++
meta/recipes-support/fribidi/fribidi_1.0.9.bb | 3 ++
4 files changed, 114 insertions(+)
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
new file mode 100644
index 00..8f2c2ade0e
--- /dev/null
+++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
@@ -0,0 +1,50 @@
+From ad3a19e6372b1e667128ed1ea2f49919884587e1 Mon Sep 17 00:00:00 2001
+From: Akira TAGOH
+Date: Thu, 17 Feb 2022 17:30:12 +0900
+Subject: [PATCH] Fix the stack buffer overflow issue
+
+strlen() could returns 0. Without a conditional check for len,
+accessing S_ pointer with len - 1 may causes a stack buffer overflow.
+
+AddressSanitizer reports this like:
+==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffdce043c1f at pc 0x00403547 bp 0x7ffdce0
+43b30 sp 0x7ffdce043b28
+READ of size 1 at 0x7ffdce043c1f thread T0
+#0 0x403546 in main ../bin/fribidi-main.c:393
+#1 0x7f226804e58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f)
+#2 0x7f226804e648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648)
+#3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4)
+
+Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in frame
+#0 0x4022bf in main ../bin/fribidi-main.c:193
+
+ This frame has 5 object(s):
+[32, 36) 'option_index' (line 233)
+[48, 52) 'base' (line 386)
+[64, 65064) 'S_' (line 375) <== Memory access at offset 63 underflows this
variable
+[65328, 130328) 'outstring' (line 385)
+[130592, 390592) 'logical' (line 384)
+
+This fixes https://github.com/fribidi/fribidi/issues/181
+
+CVE: CVE-2022-25308
+Upstream-Status: Backport
[https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1]
+Signed-off-by: Pawan Badganchi
+
+---
+ bin/fribidi-main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c
+index 3cf9fe1..3ae4fb6 100644
+--- a/bin/fribidi-main.c
b/bin/fribidi-main.c
+@@ -390,7 +390,7 @@ FRIBIDI_END_IGNORE_DEPRECATIONS
+ S_[sizeof (S_) - 1] = 0;
+ len = strlen (S_);
+ /* chop */
+- if (S_[len - 1] == '\n')
++ if (len > 0 && S_[len - 1] == '\n')
+ {
+ len--;
+ S_[len] = '\0';
diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
new file mode 100644
index 00..0efba3d05c
--- /dev/null
+++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
@@ -0,0 +1,31 @@
+From f22593b82b5d1668d1997dbccd10a9c31ffea3b3 Mon Sep 17 00:00:00 2001
+From: Dov Grobgeld
+Date: Fri, 25 Mar 2022 09:09:49 +0300
+Subject: [PATCH] Protected against garbage in the CapRTL encoder
+
+CVE: CVE-2022-25309
+Upstream-Status: Backport
[https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3]
+Signed-off-by: Pawan Badganchi
+
+---
+ lib/fribidi-char-sets-cap-rtl.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fribidi-char-sets-cap-rtl.c b/lib/fribidi-char-sets-cap-rtl.c
+index b0c0e4a..f74e010 100644
+--- a/lib/fribidi-char-sets-cap-rtl.c
b/lib/fribidi-char-sets-cap-rtl.c
+@@ -232,7 +232,12 @@ fribidi_cap_rtl_to_unicode (
+ }
+ }
+ else
+- us[j++] = caprtl_to_unicode[(int) s[i]];
++ {
++if ((int)s[i] < 0)
++ us[j++] = '?';
++else
++ us[j++] = caprtl_to_unicode[(int) s[i]];
++ }
+ }
+
+ return j;
diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
new file mode 100644
index 00..d79a82d648
--- /dev/null
+++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
@@ -0,0 +1,30 @@
+From 175850b03e1af251d705c1d04b2b9b3c1c06e48f Mon Sep 17 00:00:00 2001
+From: Akira TAGOH
+Date: Thu, 17 Feb 2022 19:06:10 +0900
+Subject: [PATCH] Fix SEGV issue in
[OE-core][dunfell 00/14] Patch review
Please review this set of patches for dunfell and have comments back by end
of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3648
with the exception of the newly added meta-virt test (which has never
worked with dunfell)
The following changes since commit 7c0345ab1058a7e29d37f110923ecd368e102ed7:
uninative: Upgrade to 3.6 with gcc 12 support (2022-05-09 11:51:55 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (1):
linux-yocto/5.4: update to v5.4.192
Davide Gardenal (3):
cve-check: add JSON format to summary output
cve-check: fix symlinks where link and output path are equal
rootfs-postcommands: fix symlinks where link and output path are equal
Marta Rybczynska (2):
cve-update-db-native: update the CVE database once a day only
cve-update-db-native: let the user to drive the update interval
Pawan Badganchi (2):
fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
libinput: Add fix for CVE-2022-1215
Portia (1):
volatile-binds: Change DefaultDependencies from false to no
Richard Purdie (3):
base: Avoid circular references to our own scripts
scripts: Make git intercept global
scripts/git: Ensure we don't have circular references
Ross Burton (1):
cve-check: no need to depend on the fetch task
Steve Sakoman (1):
busybox: fix CVE-2022-28391
meta/classes/base.bbclass | 4 +
meta/classes/cve-check.bbclass| 72 ++--
meta/classes/rootfs-postcommands.bbclass | 14 +-
...tr-ensure-only-printable-characters-.patch | 38 ++
...e-all-printed-strings-with-printable.patch | 64
meta/recipes-core/busybox/busybox_1.31.1.bb | 2 +
.../recipes-core/meta/cve-update-db-native.bb | 13 +-
.../files/volatile-binds.service.in | 2 +-
.../wayland/libinput/CVE-2022-1215.patch | 360 ++
.../wayland/libinput_1.15.2.bb| 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../fribidi/fribidi/CVE-2022-25308.patch | 50 +++
.../fribidi/fribidi/CVE-2022-25309.patch | 31 ++
.../fribidi/fribidi/CVE-2022-25310.patch | 30 ++
meta/recipes-support/fribidi/fribidi_1.0.9.bb | 3 +
scripts/{git-intercept => }/git | 9 +-
18 files changed, 674 insertions(+), 55 deletions(-)
create mode 100644
meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
create mode 100644
meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
rename scripts/{git-intercept => }/git (52%)
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165506):
https://lists.openembedded.org/g/openembedded-core/message/165506
Mute This Topic: https://lists.openembedded.org/mt/91042147/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] linux-firmware: package new Qualcomm firmware
I am seeing these errors seems to be related to this changeset
https://errors.yoctoproject.org/Errors/Details/656617/
https://errors.yoctoproject.org/Errors/Details/656615/
https://errors.yoctoproject.org/Errors/Details/656616/
https://errors.yoctoproject.org/Errors/Details/656618/
On Tue, May 10, 2022 at 8:39 AM Dmitry Baryshkov wrote:
>
> Create separate packages with firmware files for APQ8096 SoC and for
> Adreno 2xx/4xx. Include A330 firmware into the 3xx package.
>
> Signed-off-by: Dmitry Baryshkov
> ---
> .../linux-firmware/linux-firmware_20220509.bb | 13 +++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
> b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
> index 7d238e661899..6e328e57260a 100644
> --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
> +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
> @@ -307,8 +307,9 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
> ${PN}-qcom-license \
> ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2
> ${PN}-qcom-venus-5.4 \
> ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
> - ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \
> + ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx
> ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
> ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650
> ${PN}-qcom-adreno-a660 \
> + ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
> ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute
> ${PN}-qcom-sdm845-modem \
> ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
> ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
> @@ -965,11 +966,15 @@ FILES:${PN}-qcom-venus-5.2 =
> "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
> FILES:${PN}-qcom-venus-5.4 =
> "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
> FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
> FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
> -FILES:${PN}-qcom-adreno-a3xx =
> "${nonarch_base_libdir}/firmware/qcom/a300_*.fw
> ${nonarch_base_libdir}/firmware/a300_*.fw"
> +FILES:${PN}-qcom-adreno-a2xx =
> "${nonarch_base_libdir}/firmware/qcom/leia_*.fw"
> +FILES:${PN}-qcom-adreno-a3xx =
> "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw
> ${nonarch_base_libdir}/firmware/a300_*.fw"
> +FILES:${PN}-qcom-adreno-a4xx =
> "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
> FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
> FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.*
> ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
> FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.*
> ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
> FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
> +FILES:${PN}-qcom-apq8096-audio =
> "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
> +FILES:${PN}-qcom-apq8096-modem =
> "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn
> ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.*
> ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
> FILES:${PN}-qcom-sdm845-audio =
> "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
> FILES:${PN}-qcom-sdm845-compute =
> "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
> FILES:${PN}-qcom-sdm845-modem =
> "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn
> ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.*
> ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
> @@ -981,11 +986,15 @@ RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
> +RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
> +RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
> +RDEPENDS:${PN}-qcom-apq8096-audio = "${PN}-qcom-license"
> +RDEPENDS:${PN}-qcom-apq8096-modem = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-sdm845-audio = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-sdm845-compute = "${PN}-qcom-license"
> RDEPENDS:${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
> --
> 2.30.2
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165505):
https://lists.openembedded.org/g/openembedded-core/message/165505
Mute This Topic: https://lists.openembedded.org/mt/91015911/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
[OE-core] [PATCH] libstd-rs: Forward port rust libc patches
libstd-rs update also updated the vendored libc to 0.2.116, the rv64 musl patches were applied to 0.2.112 and hence needed forward porting done with this changeset. Signed-off-by: Khem Raj --- ...ies-syscalls-to-musl-riscv64-definitions.patch | 6 +++--- ...ate-checksums-for-modified-vendored-libc.patch | 15 ++- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/meta/recipes-devtools/rust/libstd-rs/0001-Add-400-series-syscalls-to-musl-riscv64-definitions.patch b/meta/recipes-devtools/rust/libstd-rs/0001-Add-400-series-syscalls-to-musl-riscv64-definitions.patch index 12f529b07bf..2f2ca279107 100644 --- a/meta/recipes-devtools/rust/libstd-rs/0001-Add-400-series-syscalls-to-musl-riscv64-definitions.patch +++ b/meta/recipes-devtools/rust/libstd-rs/0001-Add-400-series-syscalls-to-musl-riscv64-definitions.patch @@ -9,10 +9,10 @@ Signed-off-by: Khem Raj .../linux_like/linux/musl/b64/riscv64/mod.rs | 19 +++ 1 file changed, 19 insertions(+) -diff --git a/vendor/libc-0.2.112/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs b/vendor/libc-0.2.112/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs +diff --git a/vendor/libc-0.2.116/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs b/vendor/libc-0.2.116/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs index 6b17621c7..2036583d5 100644 a/vendor/libc-0.2.112/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs -+++ b/vendor/libc-0.2.112/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs +--- a/vendor/libc-0.2.116/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs b/vendor/libc-0.2.116/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs @@ -465,6 +465,25 @@ pub const SYS_pkey_mprotect: ::c_long = 288; pub const SYS_pkey_alloc: ::c_long = 289; pub const SYS_pkey_free: ::c_long = 290; diff --git a/meta/recipes-devtools/rust/libstd-rs/0001-Update-checksums-for-modified-vendored-libc.patch b/meta/recipes-devtools/rust/libstd-rs/0001-Update-checksums-for-modified-vendored-libc.patch index 1569a36581e..923a8fbf844 100644 --- a/meta/recipes-devtools/rust/libstd-rs/0001-Update-checksums-for-modified-vendored-libc.patch +++ b/meta/recipes-devtools/rust/libstd-rs/0001-Update-checksums-for-modified-vendored-libc.patch @@ -7,15 +7,12 @@ Upstream-Status: Inappropriate [Relevant until backported patch is needed] Signed-off-by: Khem Raj --- - vendor/libc-0.2.108/.cargo-checksum.json | 2 +- + vendor/libc-0.2.116/.cargo-checksum.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/vendor/libc-0.2.108/.cargo-checksum.json b/vendor/libc-0.2.108/.cargo-checksum.json -index 6b976e48a..a6906588e 100644 a/vendor/libc-0.2.112/.cargo-checksum.json -+++ b/vendor/libc-0.2.112/.cargo-checksum.json -@@ -1 +1,2 @@
[OE-core] [PATCH] classes/kernel.bbclass: allow disabling symlink creation also for pkg_postinst
The commit d7341f1f22c32ff6cc95d7127f26f87d7fc9c6bd has introduced a
variable to disable the symlink creation for kernel images.
kernel.bbclass contains code to generate a pkg_posinst step for the
kernel-image package which will generate a symlink after installation
on target/during rootfs creation. This part didn't checked the
KERNEL_IMAGETYPE_SYMLINK variable.
This patch adds this check, so that it is possible to disable this
symlink also.
Signed-off-by: Jonas Höppner
---
meta/classes/kernel.bbclass | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 8299b394a7..87e0970f00 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -93,6 +93,7 @@ python __anonymous () {
kname = d.getVar('KERNEL_PACKAGE_NAME') or "kernel"
imagedest = d.getVar('KERNEL_IMAGEDEST')
+ kernel_imagetype_symlink = d.getVar('KERNEL_IMAGETYPE_SYMLINK')
for type in types.split():
if bb.data.inherits_class('nopackages', d):
@@ -110,7 +111,8 @@ python __anonymous () {
d.setVar('PKG:%s-image-%s' % (kname,typelower),
'%s-image-%s-${KERNEL_VERSION_PKG_NAME}' % (kname, typelower))
d.setVar('ALLOW_EMPTY:%s-image-%s' % (kname, typelower), '1')
- d.setVar('pkg_postinst:%s-image-%s' % (kname,typelower), """set +e
+ if kernel_imagetype_symlink == 1:
+ d.setVar('pkg_postinst:%s-image-%s' % (kname,typelower), """set +e
if [ -n "$D" ]; then
ln -sf %s-${KERNEL_VERSION} $D/${KERNEL_IMAGEDEST}/%s > /dev/null 2>&1
else
@@ -122,7 +124,7 @@ else
fi
set -e
""" % (type, type, type, type, type, type, type))
- d.setVar('pkg_postrm:%s-image-%s' % (kname,typelower), """set +e
+ d.setVar('pkg_postrm:%s-image-%s' % (kname,typelower), """set +e
if [ -f "${KERNEL_IMAGEDEST}/%s" -o -L "${KERNEL_IMAGEDEST}/%s" ]; then
rm -f ${KERNEL_IMAGEDEST}/%s > /dev/null 2>&1
fi
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165503):
https://lists.openembedded.org/g/openembedded-core/message/165503
Mute This Topic: https://lists.openembedded.org/mt/91039268/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][master][PATCH 2/3] cve-export.bbclass: Add a new class to get patched and ignored CVEs from the build
This class executes an anonymous function which sets the
below variables
CVE_IGNORED = CVEs that are ignored in recipes
CVE_PATCHED = CVEs that are fixed by applying patches
It does not consider CVEs that are ignored in
poky/meta/conf/distro/include/cve-extra-exclusions.inc
and only provide CVEs that are ignored in the recipe.
Default values are set for CVE_PRODUCT and CVE_VERSION
to BPN and PV respectively.
Considered setting these values so that anyone can get
below information about the CVE from the build.
CVE_PRODUCT
CVE_VERSION
CVE_IGNORED
CVE_PATCHED
Signed-off-by: Akash Hadke
Signed-off-by: Akash Hadke
---
meta/classes/cve-export.bbclass | 37 +
1 file changed, 37 insertions(+)
create mode 100644 meta/classes/cve-export.bbclass
diff --git a/meta/classes/cve-export.bbclass b/meta/classes/cve-export.bbclass
new file mode 100644
index 00..5ed5760970
--- /dev/null
+++ b/meta/classes/cve-export.bbclass
@@ -0,0 +1,37 @@
+# This class is used to get patched and ignored CVEs from the build
+#
+# To use this class inherit it in the local.conf file.
+#
+# It executes an anonymous function which sets below variables
+#
+# CVE_IGNORED = CVEs those are ignored in recipes
+# CVE_PATCHED = CVEs those are fixed by applying patches
+#
+# It does not consider all the CVEs that are ignored in
+# poky/meta/conf/distro/include/cve-extra-exclusions.inc
+# and only provide CVEs that are ignored in the recipe.
+#
+# The product name sets default to BPN and version sets default to
+# PV but it can be overriden per recipe, to get the value of
+# product and version use d.getVar()
+
+CVE_PRODUCT ??= "${BPN}"
+CVE_VERSION ??= "${PV}"
+CVE_CHECK_IGNORE ?= ""
+
+python __anonymous () {
+import re
+from oe.cve_check import get_patched_cves
+from oe.cve_check import get_ignored_cves
+
+# Check if cve-extra-exclusions.inc file is included or not
+if re.search('cve-extra-exclusions.inc', d.getVar('BBINCLUDED')):
+paths = d.getVar('PATH').split(':')
+cves = d.getVar('CVE_CHECK_IGNORE').split()
+ignored_cves = get_ignored_cves(paths, cves)
+else:
+ignored_cves = " ".join(d.getVar('CVE_CHECK_IGNORE'))
+
+d.setVar('CVE_IGNORED', ignored_cves)
+d.setVar('CVE_PATCHED', " ".join(get_patched_cves(d)))
+}
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165502):
https://lists.openembedded.org/g/openembedded-core/message/165502
Mute This Topic: https://lists.openembedded.org/mt/91037025/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves
Add new method get_ignored_cves in cve_check.py
to get ignored CVEs from recipe by excluding distro-wide
ignored CVEs from meta/conf/distro/include/cve-extra-exclusions.inc
While calling this method use below code to get argument values
paths = d.getVar('PATH').split(':')
cves = d.getVar('CVE_CHECK_IGNORE').split()
Signed-off-by: Akash Hadke
Signed-off-by: Akash Hadke
---
meta/lib/oe/cve_check.py | 38 ++
1 file changed, 38 insertions(+)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index dc7d2e2826..d96d47b737 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -163,3 +163,41 @@ def cve_check_merge_jsons(output, data):
return
output["package"].append(data["package"][0])
+
+def get_ignored_cves(paths, cves):
+"""
+Get ignored CVEs from the recipe and exlude the CVEs from
+meta/conf/distro/include/cve-extra-exclusions.inc
+
+While calling this method use below code to get argument values
+paths = d.getVar('PATH').split(':')
+cves = d.getVar('CVE_CHECK_IGNORE').split()
+"""
+import os
+
+cve_extra_exclusion_inc_file =
"../meta/conf/distro/include/cve-extra-exclusions.inc"
+for path in paths:
+check_for_correct_file_path = os.path.join(path,
cve_extra_exclusion_inc_file)
+if os.path.isfile(check_for_correct_file_path):
+inc_file = check_for_correct_file_path
+else:
+continue
+
+cve_check_ignored = set()
+ignored_cves = set()
+with open(inc_file) as f:
+lines = f.readlines()
+for line in lines:
+if line.strip():
+# Ignore the comments from cve-extra-exclusions.inc
+if not re.search("^#", line):
+cve_match = re.findall(r'CVE\-\d{4}\-\d+', line)
+for cve in cve_match:
+ignored_cves.add(cve)
+
+for cve in cves:
+if cve not in ignored_cves:
+cve_check_ignored.add(cve)
+ignored_cves_from_recipe = " ".join(cve_check_ignored)
+
+return ignored_cves_from_recipe
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165500):
https://lists.openembedded.org/g/openembedded-core/message/165500
Mute This Topic: https://lists.openembedded.org/mt/91037023/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][master][PATCH 3/3] cve_export.py: Add new selftest for cve-export.bbclass
This test compares values of variables CVE_CHECK_IGNORE with
CVE_IGNORED that is exported from cve-export.bbclass
Signed-off-by: Akash Hadke
Signed-off-by: Akash Hadke
---
meta/lib/oeqa/selftest/cases/cve_export.py | 24 ++
1 file changed, 24 insertions(+)
create mode 100644 meta/lib/oeqa/selftest/cases/cve_export.py
diff --git a/meta/lib/oeqa/selftest/cases/cve_export.py
b/meta/lib/oeqa/selftest/cases/cve_export.py
new file mode 100644
index 00..7c7fd07957
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/cve_export.py
@@ -0,0 +1,24 @@
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_var
+from oe.cve_check import get_ignored_cves
+
+class CveExportTest (OESelftestTestCase):
+
+def test_ignored_cves(self):
+"""
+This test compares the values of variables CVE_CHECK_IGNORE with
+CVE_IGNORED that is exported from cve-export.bbclass
+"""
+target = 'unzip'
+feature = 'INHERIT += "cve-export"\n'
+feature += 'require conf/distro/include/cve-extra-exclusions.inc'
+self.write_config(feature)
+
+res = bitbake("%s -c fetch" % target, ignore_status=True)
+self.assertEqual(res.status, 0, "\nCouldn't build.\nbitbake output %s"
% res.output)
+
+paths = get_bb_var('PATH', target).split(':')
+cves = get_bb_var('CVE_CHECK_IGNORE', target).split()
+final_cve = get_ignored_cves(paths, cves)
+ignore_cves_from_exported_variable = get_bb_var('CVE_IGNORED', target)
+self.assertEqual(final_cve,
ignore_cves_from_exported_variable.strip(), "Ignored CVEs are not matching")
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165501):
https://lists.openembedded.org/g/openembedded-core/message/165501
Mute This Topic: https://lists.openembedded.org/mt/91037024/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] local.conf.sample: add comments for missing machines
On Wed, 11 May 2022, Alexander Kanavin wrote: > I would rather just refer to the directory where 'additional, less > well tested machines are'. > > Alex sure, something like that works for me. rday -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165499): https://lists.openembedded.org/g/openembedded-core/message/165499 Mute This Topic: https://lists.openembedded.org/mt/91032627/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] local.conf.sample: add comments for missing machines
I would rather just refer to the directory where 'additional, less well tested machines are'. Alex On Wed, 11 May 2022 at 13:14, Robert P. J. Day wrote: > > On Wed, 11 May 2022, Alexander Kanavin wrote: > > > I have to note that the project does not test these machines, and they > > may not necessarily work. Advertising them in local.conf may result in > > frustrating fails for people who are running bitbake for the very > > first time. > > > > Alex > > > > On Wed, 11 May 2022 at 12:48, Robert P. J. Day > > wrote: > > > > > > > > > Fill out the commented list of supported machines for completeness. > > > > > > Signed-off-by: Robert P. J. Day > > > > > > --- > > > > > > diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample > > > index c05691de58..f0b8952947 100644 > > > --- a/meta/conf/local.conf.sample > > > +++ b/meta/conf/local.conf.sample > > > @@ -20,9 +20,13 @@ > > > # > > > #MACHINE ?= "qemuarm" > > > #MACHINE ?= "qemuarm64" > > > +#MACHINE ?= "qemuarmv5" > > > #MACHINE ?= "qemumips" > > > #MACHINE ?= "qemumips64" > > > #MACHINE ?= "qemuppc" > > > +#MACHINE ?= "qemuppc64" > > > +#MACHINE ?= "qemuriscv32" > > > +#MACHINE ?= "qemuriscv64" > > > #MACHINE ?= "qemux86" > > > #MACHINE ?= "qemux86-64" > > > # > > that's the first thing i thought of, but what is a cleaner solution? > if those machine definitions come with OE, then why should they be > treated as second-class citizens? if those machines aren't tested, > then maybe an extra comment pointing that out would be appropriate. > > i just think this should be consistent. thoughts? > > rday -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165498): https://lists.openembedded.org/g/openembedded-core/message/165498 Mute This Topic: https://lists.openembedded.org/mt/91032627/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] local.conf.sample: add comments for missing machines
On Wed, 11 May 2022, Alexander Kanavin wrote: > I have to note that the project does not test these machines, and they > may not necessarily work. Advertising them in local.conf may result in > frustrating fails for people who are running bitbake for the very > first time. > > Alex > > On Wed, 11 May 2022 at 12:48, Robert P. J. Day wrote: > > > > > > Fill out the commented list of supported machines for completeness. > > > > Signed-off-by: Robert P. J. Day > > > > --- > > > > diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample > > index c05691de58..f0b8952947 100644 > > --- a/meta/conf/local.conf.sample > > +++ b/meta/conf/local.conf.sample > > @@ -20,9 +20,13 @@ > > # > > #MACHINE ?= "qemuarm" > > #MACHINE ?= "qemuarm64" > > +#MACHINE ?= "qemuarmv5" > > #MACHINE ?= "qemumips" > > #MACHINE ?= "qemumips64" > > #MACHINE ?= "qemuppc" > > +#MACHINE ?= "qemuppc64" > > +#MACHINE ?= "qemuriscv32" > > +#MACHINE ?= "qemuriscv64" > > #MACHINE ?= "qemux86" > > #MACHINE ?= "qemux86-64" > > # that's the first thing i thought of, but what is a cleaner solution? if those machine definitions come with OE, then why should they be treated as second-class citizens? if those machines aren't tested, then maybe an extra comment pointing that out would be appropriate. i just think this should be consistent. thoughts? rday -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165497): https://lists.openembedded.org/g/openembedded-core/message/165497 Mute This Topic: https://lists.openembedded.org/mt/91032627/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
On Wed, 11 May 2022 at 10:15, leimao...@fujitsu.com
wrote:
> I got it. It seems an unusual method because there is no recipe using this
> way in .
> In this way, it means that if user want to enable fips, the following
> PACKAGECONFIG should be added in recipe.
>
> PACKAGECONFIG:append:class-target = fips
> PACKAGECONFIG:append:class-nativesdk = fips
> PACKAGECONFIG:append:class-target = fips-native
Yes, this should be fine. You can add a comment in the recipe
explaining how to do it.
> So, I'll send a v3 patch in this way, is it ok?
Yes please. The real problem here is that gnutls upstream didn't
consider how fips build is supposed to work in cross-compilation,
so you should also file a ticket with them and hopefully discuss how
the problem can be properly solved.
There are two options:
- do what your patch does and use the needed binary from the host
system, subject to ./configure flag.
- build the needed binary twice, first for the host (using BUILD_CC),
then for the cross-target.
Alex
>
> > -Original Message-
> > From: Alexander Kanavin
> > Sent: Wednesday, May 11, 2022 1:40 PM
> > To: Lei, Maohui
> > Cc: OE-core
> > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
> >
> > On Tue, 10 May 2022 at 02:54, leimao...@fujitsu.com
> > wrote:
> > > I'm afraid I'm not quite with you. Searched poky by the following command
> > > and
> > there is no example about how to config PACKAGECONFIG[xxx] for target or
> > native separately.
> > > The result is all about how to config PACKAGECONFIG for target or native.
> > >
> > > $ grep -ir PACKAGECONFIG *|grep class-native
> > > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-native ??=
> > ""
> > > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = ""
> > > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native ?=
> > > "fts4
> > fts5 rtree dyn_ext"
> > > ..
> > >
> > >
> > > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. For
> > example, in libcap_2.64.bb file:
> > > $ cat meta/recipes-support/libcap/libcap_2.64.bb
> > > ..
> > > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES',
> > > 'seccomp', d)} " //not here ..
> > > PACKAGECONFIG[fips] = "--enable-fips140-mode
> > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" //Your
> > comment means modify here
> > > ...
> > >
> > > Did I misunderstand?
> >
> > Sorry, it's always a bit confusing with PACKAGECONFIG, as the keyword is
> > used for
> > two different purposes.
> >
> > What I meant is something like this:
> >
> > PACKAGECONFIG ??= "fips"
> > PACKAGECONFIG:class-native ??= "fips-native"
> >
> > Alex
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165496):
https://lists.openembedded.org/g/openembedded-core/message/165496
Mute This Topic: https://lists.openembedded.org/mt/90926966/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] local.conf.sample: add comments for missing machines
I have to note that the project does not test these machines, and they may not necessarily work. Advertising them in local.conf may result in frustrating fails for people who are running bitbake for the very first time. Alex On Wed, 11 May 2022 at 12:48, Robert P. J. Day wrote: > > > Fill out the commented list of supported machines for completeness. > > Signed-off-by: Robert P. J. Day > > --- > > diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample > index c05691de58..f0b8952947 100644 > --- a/meta/conf/local.conf.sample > +++ b/meta/conf/local.conf.sample > @@ -20,9 +20,13 @@ > # > #MACHINE ?= "qemuarm" > #MACHINE ?= "qemuarm64" > +#MACHINE ?= "qemuarmv5" > #MACHINE ?= "qemumips" > #MACHINE ?= "qemumips64" > #MACHINE ?= "qemuppc" > +#MACHINE ?= "qemuppc64" > +#MACHINE ?= "qemuriscv32" > +#MACHINE ?= "qemuriscv64" > #MACHINE ?= "qemux86" > #MACHINE ?= "qemux86-64" > # > > -- > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165495): https://lists.openembedded.org/g/openembedded-core/message/165495 Mute This Topic: https://lists.openembedded.org/mt/91032627/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] local.conf.sample: add comments for missing machines
Fill out the commented list of supported machines for completeness. Signed-off-by: Robert P. J. Day --- diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample index c05691de58..f0b8952947 100644 --- a/meta/conf/local.conf.sample +++ b/meta/conf/local.conf.sample @@ -20,9 +20,13 @@ # #MACHINE ?= "qemuarm" #MACHINE ?= "qemuarm64" +#MACHINE ?= "qemuarmv5" #MACHINE ?= "qemumips" #MACHINE ?= "qemumips64" #MACHINE ?= "qemuppc" +#MACHINE ?= "qemuppc64" +#MACHINE ?= "qemuriscv32" +#MACHINE ?= "qemuriscv64" #MACHINE ?= "qemux86" #MACHINE ?= "qemux86-64" # -- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165494): https://lists.openembedded.org/g/openembedded-core/message/165494 Mute This Topic: https://lists.openembedded.org/mt/91032627/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] should local.conf.sample include MACHINEs related to RISC-V?
On Wed, 11 May 2022, Alistair Francis wrote: > On Wed, May 11, 2022 at 12:06 PM Robert P. J. Day > wrote: > > > > > > just now noticed that while oe-core includes machine definitions for > > qemuriscv*, local.conf.sample does not mention them. is this just an > > oversight? > > Yeah, that's just an oversight. If you want you can send a patch :) on it. rday -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165493): https://lists.openembedded.org/g/openembedded-core/message/165493 Mute This Topic: https://lists.openembedded.org/mt/91032184/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] should local.conf.sample include MACHINEs related to RISC-V?
On Wed, May 11, 2022 at 12:06 PM Robert P. J. Day wrote: > > > just now noticed that while oe-core includes machine definitions for > qemuriscv*, local.conf.sample does not mention them. is this just an > oversight? Yeah, that's just an oversight. If you want you can send a patch :) Alistair > > rday > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165492): https://lists.openembedded.org/g/openembedded-core/message/165492 Mute This Topic: https://lists.openembedded.org/mt/91032184/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] should local.conf.sample include MACHINEs related to RISC-V?
just now noticed that while oe-core includes machine definitions for qemuriscv*, local.conf.sample does not mention them. is this just an oversight? rday -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165491): https://lists.openembedded.org/g/openembedded-core/message/165491 Mute This Topic: https://lists.openembedded.org/mt/91032184/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
Hi, Alex
> PACKAGECONFIG ??= "fips"
> PACKAGECONFIG:class-native ??= "fips-native"
I got it. It seems an unusual method because there is no recipe using this way
in .
In this way, it means that if user want to enable fips, the following
PACKAGECONFIG should be added in recipe.
PACKAGECONFIG:append:class-target = fips
PACKAGECONFIG:append:class-nativesdk = fips
PACKAGECONFIG:append:class-target = fips-native
So, I'll send a v3 patch in this way, is it ok?
Best regards
Lei
> -Original Message-
> From: Alexander Kanavin
> Sent: Wednesday, May 11, 2022 1:40 PM
> To: Lei, Maohui
> Cc: OE-core
> Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
>
> On Tue, 10 May 2022 at 02:54, leimao...@fujitsu.com
> wrote:
> > I'm afraid I'm not quite with you. Searched poky by the following command
> > and
> there is no example about how to config PACKAGECONFIG[xxx] for target or
> native separately.
> > The result is all about how to config PACKAGECONFIG for target or native.
> >
> > $ grep -ir PACKAGECONFIG *|grep class-native
> > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-native ??=
> ""
> > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = ""
> > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native ?= "fts4
> fts5 rtree dyn_ext"
> > ..
> >
> >
> > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. For
> example, in libcap_2.64.bb file:
> > $ cat meta/recipes-support/libcap/libcap_2.64.bb
> > ..
> > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES',
> > 'seccomp', d)} " //not here ..
> > PACKAGECONFIG[fips] = "--enable-fips140-mode
> --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" //Your
> comment means modify here
> > ...
> >
> > Did I misunderstand?
>
> Sorry, it's always a bit confusing with PACKAGECONFIG, as the keyword is used
> for
> two different purposes.
>
> What I meant is something like this:
>
> PACKAGECONFIG ??= "fips"
> PACKAGECONFIG:class-native ??= "fips-native"
>
> Alex
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165490):
https://lists.openembedded.org/g/openembedded-core/message/165490
Mute This Topic: https://lists.openembedded.org/mt/90926966/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
Hi Dmitry,
Il giorno Tue, 10 May 2022 18:43:27 +0300
"Dmitry Baryshkov" ha scritto:
> From: Dmitry Baryshkov
>
> Since the commit fe26b2379ecd ("image.bbclass: Depend on
> virtual/kernel:do_deploy"), the image.bbclass made building images
> depend on virtual/kernel. For some images, including small initramfs,
> this is not the case. Allow overriding this dependency in case
> developers knows what they are doing.
>
> Signed-off-by: Dmitry Baryshkov
> ---
>
> Changes since v1:
> - Use the same variable in both lines
> - Change the var name to KERNEL_DEPLOY_DEPEND as suggested in the
>revert message.
>
> ---
> meta/classes/image.bbclass | 7 ++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index 7f1f6f80a464..c4051961c030 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -132,7 +132,12 @@ def rootfs_variables(d):
>
> do_rootfs[vardeps] += "${@rootfs_variables(d)}"
>
> -do_build[depends] += "virtual/kernel:do_deploy"
> +# This is needed to have kernel image in DEPLOY_DIR.
> +# This follow many common usecases and user expectations.
Typo: follow -> follows.
I'm taking this patch for testing and I fixed the typo while doing
that. Please fix it on your side in case you need to send another
version.
Kind regards.
--
Luca Ceresoli, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165489):
https://lists.openembedded.org/g/openembedded-core/message/165489
Mute This Topic: https://lists.openembedded.org/mt/91016017/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] vim: upgrade 8.2.4681 -> 8.2.4912
This update include fixes for two CVEs. CVE: CVE-2022-1381 CVE: CVE-2022-1420 Signed-off-by: Davide Gardenal --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 21ff036cf4..c5922b7fcd 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -21,8 +21,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://racefix.patch \ " -PV .= ".4681" -SRCREV = "15f74fab653a784548d5d966644926b47ba2cfa7" +PV .= ".4912" +SRCREV = "a7583c42cd6b64fd276a5d7bb0db5ce7bfafa730" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" -- 2.32.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165488): https://lists.openembedded.org/g/openembedded-core/message/165488 Mute This Topic: https://lists.openembedded.org/mt/91030810/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/5] recipetool-create: add ensure_native_cmd function
Hi Luca, Lukas will check the logs and fix the problem. Regards Stefan Am 09.05.2022 um 23:46 schrieb Luca Ceresoli: Hello Stefan, Il giorno Fri, 6 May 2022 08:59:13 +0200 "Stefan Herbrechtsmeier" ha scritto: From: Lukas Funke Signed-off-by: Lukas Funke Signed-off-by: Stefan Herbrechtsmeier Testing builds with your series trigger many build failures related to recipetool. Can you check these logs? https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/3557/steps/15/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/3506/steps/14/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/86/builds/3527/steps/14/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/3566/steps/14/logs/stdio -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165487): https://lists.openembedded.org/g/openembedded-core/message/165487 Mute This Topic: https://lists.openembedded.org/mt/90928682/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
