[OE-core][dunfell][PATCH v3] go: Backport fix for CVE-2023-45287
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255 & https://github.com/golang/go/commit/c9d5f60eaa4450ccf1ce878d55b4c6a12843f2f3 & https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807 & https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035] Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/go/go-1.14.inc |4 + .../go/go-1.14/CVE-2023-45287-pre1.patch | 393 .../go/go-1.14/CVE-2023-45287-pre2.patch | 401 .../go/go-1.14/CVE-2023-45287-pre3.patch | 86 + .../go/go-1.14/CVE-2023-45287.patch | 1697 + 5 files changed, 2581 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index b827a3606d..42a9ac8435 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -83,6 +83,10 @@ SRC_URI += "\ file://CVE-2023-39318.patch \ file://CVE-2023-39319.patch \ file://CVE-2023-39326.patch \ +file://CVE-2023-45287-pre1.patch \ +file://CVE-2023-45287-pre2.patch \ +file://CVE-2023-45287-pre3.patch \ +file://CVE-2023-45287.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch new file mode 100644 index 00..4d65180253 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch @@ -0,0 +1,393 @@ +From 9baafabac9a84813a336f068862207d2bb06d255 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Wed, 1 Apr 2020 17:25:40 -0400 +Subject: [PATCH] crypto/rsa: refactor RSA-PSS signing and verification + +Cleaned up for readability and consistency. + +There is one tiny behavioral change: when PSSSaltLengthEqualsHash is +used and both hash and opts.Hash were set, hash.Size() was used for the +salt length instead of opts.Hash.Size(). That's clearly wrong because +opts.Hash is documented to override hash. + +Change-Id: I3e25dad933961eac827c6d2e3bbfe45fc5a6fb0e +Reviewed-on: https://go-review.googlesource.com/c/go/+/226937 +Run-TryBot: Filippo Valsorda +TryBot-Result: Gobot Gobot +Reviewed-by: Katie Hockman + +Upstream-Status: Backport [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255] +CVE: CVE-2023-45287 #Dependency Patch1 +Signed-off-by: Vijay Anusuri +--- + src/crypto/rsa/pss.go | 173 ++ + src/crypto/rsa/rsa.go | 9 ++- + 2 files changed, 96 insertions(+), 86 deletions(-) + +diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go +index 3ff0c2f4d0076..f9844d87329a8 100644 +--- a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go +@@ -4,9 +4,7 @@ + + package rsa + +-// This file implements the PSS signature scheme [1]. +-// +-// [1] https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf ++// This file implements the RSASSA-PSS signature scheme according to RFC 8017. + + import ( + "bytes" +@@ -17,8 +15,22 @@ import ( + "math/big" + ) + ++// Per RFC 8017, Section 9.1 ++// ++// EM = MGF1 xor DB || H( 8*0x00 || mHash || salt ) || 0xbc ++// ++// where ++// ++// DB = PS || 0x01 || salt ++// ++// and PS can be empty so ++// ++// emLen = dbLen + hLen + 1 = psLen + sLen + hLen + 2 ++// ++ + func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) ([]byte, error) { +- // See [1], section 9.1.1 ++ // See RFC 8017, Section 9.1.1. ++ + hLen := hash.Size() + sLen := len(salt) + emLen := (emBits + 7) / 8 +@@ -30,7 +42,7 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) ([]byt + // 2. Let mHash = Hash(M), an octet string of length hLen. + + if len(mHash) != hLen { +- return nil, errors.New("crypto/rsa: input must be hashed message") ++ return nil, errors.New("crypto/rsa: input must be hashed with given hash") + } + + // 3. If emLen < hLen + sLen + 2, output "encoding error" and stop. +@@ -40,8 +52,9 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) ([]byt + } + + em := make([]byte, emLen) +- db := em[:emLen-sLen-hLen-2+1+sLen] +- h := em[emLen-sLen-hLen-2+1+sLen : emLen-1] ++ psLen := emLen - sLen - hLen - 2 ++ db := em[:psLen+1+sLen] ++ h := em[psLen+1+sLen : emLen-1] + + // 4. Generate a random octet string salt of length sLen; if sLen = 0, + // then salt is the
Re: [OE-core] bitbake-server does not exit after build ends
On Fri, Jan 5, 2024 at 7:02 AM Steve Sakoman via lists.openembedded.org wrote: > > On Fri, Jan 5, 2024 at 6:54 AM Martin Jansa wrote: > > > > On Fri, Jan 5, 2024 at 5:06 PM Martin Jansa via lists.openembedded.org > > wrote: > >> > >> FWIW: I see the processes running after bitbake exit only in kirkstone and > >> only with > >> PRSERV_HOST = "localhost:0" > >> if I drop PRSERV_HOST then all 3 bitbake-server processes exist together > >> with bitbake itself. > >> > >> luneos-kirkstone $ rm -f bitbake-cookerdaemon.log > >> luneos-kirkstone $ ps aux | grep luneos-kirkstone > >> martin 4184043 0.0 0.0 9124 2048 pts/4S+ 16:47 0:00 grep > >> --colour=auto luneos-kirkstone > >> luneos-kirkstone $ bitbake -k zlib-native > >> NOTE: Started PRServer with DBfile: > >> /OE/build/luneos-kirkstone/cache/prserv.sqlite3, Address: 127.0.0.1:35811, > >> PID: 4184924 > >> Loading cache: 100% > >> |##| > >> Time: 0:00:04 > >> Loaded 4570 entries from dependency cache. > >> ... > >> Sstate summary: Wanted 10 Local 10 Mirrors 0 Missed 0 Current 11 (100% > >> match, 100% complete) > >> NOTE: Executing Tasks > >> NOTE: Tasks Summary: Attempted 92 tasks of which 92 didn't need to be > >> rerun and all succeeded. > >> NOTE: Writing buildhistory > >> NOTE: Writing buildhistory took: 15 seconds > >> luneos-kirkstone $ ps aux | grep luneos-kirkstone > >> martin 51324 0.0 0.0 9124 2048 pts/4S+ 16:54 0:00 grep > >> --colour=auto luneos-kirkstone > >> martin 4184584 8.9 0.4 668196 536892 ? Sl 16:47 0:37 > >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server > >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log > >> /OE/build/luneos-kirkstone/bitbake.lock > >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 > >> martin 4184924 0.0 0.1 340280 196428 ? S16:47 0:00 > >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server > >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log > >> /OE/build/luneos-kirkstone/bitbake.lock > >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 > >> martin 4184927 0.0 0.1 340328 194440 ? S16:47 0:00 > >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server > >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log > >> /OE/build/luneos-kirkstone/bitbake.lock > >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 > >> > >> luneos-kirkstone $ cat bitbake-cookerdaemon.log > >> 4184584 16:47:38.367593 --- Starting bitbake server pid 4184584 at > >> 2024-01-05 16:47:38.367526 --- > >> 4184584 16:47:38.370315 Started bitbake server pid 4184584 > >> 4184584 16:47:38.370831 Entering server connection loop > >> 4184584 16:47:38.372043 Accepting [ >> proto=0, laddr=bitbake.sock>] ([]) > >> 4184584 16:47:38.376431 Processing Client > >> 4184584 16:47:38.376633 Connecting Client > >> 4184584 16:47:38.377632 Running command ['setFeatures', [2, 1]] > >> 4184584 16:47:38.379355 Command Completed > >> 4184584 16:47:38.379868 Running command ['updateConfig', {'halt': False, > >> 'force': False, 'invalidate_stamp': None, 'dry_run': False, > >> 'dump_signatures': [], 'extra_assume_provided': [], 'profile': False, > >> 'prefile': [], 'postfile': [], 'server_timeout': None, 'nosetscene': > >> False, 'setsceneonly': False, 'skipsetscene': False, 'runall': None, > >> 'runonly': None, 'writeeventlog': None, 'build_verbose_shell': False, > >> 'build_verbose_stdout': False, 'default_loglevel': 20, 'debug_domains': > >> {}}, {'SHELL': '/bin/bash', 'BB_ENV_PASSTHROUGH_ADDITIONS': 'MACHINE > >> DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY > >> no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE > >> BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND GIT_PROXY_IGNORE > >> SOCKS5_PASSWD SOCKS5_USER WEBOS_DISTRO_BUILD_ID PSEUDO_DISABLED > >> PSEUDO_BUILD', 'DISTRO': 'luneos', 'SSH_AUTH_SOCK': > >> '/tmp/ssh-XX2ZxYBo/agent.1893', 'SSH_AGENT_PID': '1894', 'PWD': > >> '/OE/build/luneos-kirkstone', 'LOGNAME': 'martin', 'HOME': > >> '/home/martin-gentoo', 'MACHINE': 'qemux86-64', 'USER': 'martin', 'PATH': > >> '/OE/build/luneos-kirkstone/openembedded-core/scripts:/OE/build/luneos-kirkstone/bitbake/bin:/home/martin-gentoo/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/bin:/usr/lib/llvm/17/bin:/opt/android-sdk-update-manager/tools:/opt/android-sdk-update-manager/platform-tools:/etc/eselect/wine/bin:/usr/lib64/opencascade/bin:/var/lib/snapd/snap/bin', > >> 'LC_ALL': 'en_US.UTF-8', 'SESSION_MANAGER': > >> 'local/jama:@/tmp/.ICE-unix/1838,unix/jama:/tmp/.ICE-unix/1838', > >> 'WINDOWID': '35651587', 'COLORTERM': 'truecolor', > >> 'CSF_MDTVTexturesDirectory':
Re: [OE-core] [PATCH 1/2] python3-attrs: upgrade 23.1.0 -> 23.2.0
Ignore this one, since it has already been addressed by: https://patchwork.yoctoproject.org/project/oe-core/patch/1704271378-18012-1-git-send-email-wan...@fujitsu.com/ But please take 2/2 for ptest. On Fri, Jan 5, 2024 at 10:17 AM Tim Orling via lists.openembedded.org wrote: > https://www.attrs.org/en/stable/changelog.html > > 23.2.0 - 2023-12-31 > > Changes > * The type annotation for attrs.resolve_types() is now correct. #1141 > * Type stubs now use typing.dataclass_transform to decorate dataclass-like > decorators, instead of the non-standard __dataclass_transform__ special > form, which is only supported by Pyright. #1158 > * Fixed serialization of namedtuple fields using attrs.asdict/astuple() > with > retain_collection_types=True. #1165 > * attrs.AttrsInstance is now a typing.Protocol in both type hints and code. > This allows you to subclass it along with another Protocol. #1172 > * If attrs detects that __attrs_pre_init__ accepts more than just self, it > will call it with the same arguments as __init__ was called. This allows > you to, for example, pass arguments to super().__init__(). #1187 > * Slotted classes now transform functools.cached_property decorated methods > to support equivalent semantics. #1200 > * Added class_body argument to attrs.make_class() to provide additional > attributes for newly created classes. It is, for example, now possible to > attach methods. #1203 > > Signed-off-by: Tim Orling > --- > Requires python3-hatch-fancy-pypi-readme upgrade beyond 23.1.0 > > https://patchwork.yoctoproject.org/project/oe-core/patch/1704180223-8624-1-git-send-email-wan...@fujitsu.com/ > > .../python/{python3-attrs_23.1.0.bb => python3-attrs_23.2.0.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-devtools/python/{python3-attrs_23.1.0.bb => > python3-attrs_23.2.0.bb} (82%) > > diff --git a/meta/recipes-devtools/python/python3-attrs_23.1.0.bb > b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb > similarity index 82% > rename from meta/recipes-devtools/python/python3-attrs_23.1.0.bb > rename to meta/recipes-devtools/python/python3-attrs_23.2.0.bb > index 314053de081..e00e1520156 100644 > --- a/meta/recipes-devtools/python/python3-attrs_23.1.0.bb > +++ b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb > @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.attrs.org/; > LICENSE = "MIT" > LIC_FILES_CHKSUM = "file://LICENSE;md5=5e55731824cf9205cfabeab9a0600887" > > -SRC_URI[sha256sum] = > "6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015" > +SRC_URI[sha256sum] = > "935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30" > > inherit pypi python_hatchling > > -- > 2.34.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193379): https://lists.openembedded.org/g/openembedded-core/message/193379 Mute This Topic: https://lists.openembedded.org/mt/103548100/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] python3-attrs: enable ptest
The conftest.py file is needed to define the "slots" and "frozen" fixtures for pytest Signed-off-by: Tim Orling --- All ptests passed on core-image-ptest-python3-attrs in about 19 seconds on qemux86-64 .../conf/distro/include/ptest-packagelists.inc | 1 + .../python/python3-attrs/run-ptest | 3 +++ .../python/python3-attrs_23.2.0.bb | 18 +- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/python/python3-attrs/run-ptest diff --git a/meta/conf/distro/include/ptest-packagelists.inc b/meta/conf/distro/include/ptest-packagelists.inc index 9057c12b091..ef6f471e7bd 100644 --- a/meta/conf/distro/include/ptest-packagelists.inc +++ b/meta/conf/distro/include/ptest-packagelists.inc @@ -57,6 +57,7 @@ PTESTS_FAST = "\ pango \ popt \ python3-atomicwrites \ +python3-attrs \ python3-bcrypt \ python3-calver \ python3-hypothesis \ diff --git a/meta/recipes-devtools/python/python3-attrs/run-ptest b/meta/recipes-devtools/python/python3-attrs/run-ptest new file mode 100644 index 000..8d2017d39ce --- /dev/null +++ b/meta/recipes-devtools/python/python3-attrs/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest --automake diff --git a/meta/recipes-devtools/python/python3-attrs_23.2.0.bb b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb index e00e1520156..7b6a6bd94c9 100644 --- a/meta/recipes-devtools/python/python3-attrs_23.2.0.bb +++ b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb @@ -5,7 +5,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5e55731824cf9205cfabeab9a0600887" SRC_URI[sha256sum] = "935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30" -inherit pypi python_hatchling +inherit pypi ptest python_hatchling + +SRC_URI += " \ + file://run-ptest \ +" DEPENDS += " \ python3-hatch-vcs-native \ @@ -18,4 +22,16 @@ RDEPENDS:${PN}+= " \ python3-crypt \ " +RDEPENDS:${PN}-ptest += " \ +${PYTHON_PN}-hypothesis \ +${PYTHON_PN}-pytest \ +${PYTHON_PN}-unittest-automake-output \ +" + +do_install_ptest() { +install -d ${D}${PTEST_PATH}/tests +cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ +install ${S}/conftest.py ${D}${PTEST_PATH}/ +} + BBCLASSEXTEND = "native nativesdk" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193378): https://lists.openembedded.org/g/openembedded-core/message/193378 Mute This Topic: https://lists.openembedded.org/mt/103548149/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] python3-attrs: upgrade 23.1.0 -> 23.2.0
https://www.attrs.org/en/stable/changelog.html 23.2.0 - 2023-12-31 Changes * The type annotation for attrs.resolve_types() is now correct. #1141 * Type stubs now use typing.dataclass_transform to decorate dataclass-like decorators, instead of the non-standard __dataclass_transform__ special form, which is only supported by Pyright. #1158 * Fixed serialization of namedtuple fields using attrs.asdict/astuple() with retain_collection_types=True. #1165 * attrs.AttrsInstance is now a typing.Protocol in both type hints and code. This allows you to subclass it along with another Protocol. #1172 * If attrs detects that __attrs_pre_init__ accepts more than just self, it will call it with the same arguments as __init__ was called. This allows you to, for example, pass arguments to super().__init__(). #1187 * Slotted classes now transform functools.cached_property decorated methods to support equivalent semantics. #1200 * Added class_body argument to attrs.make_class() to provide additional attributes for newly created classes. It is, for example, now possible to attach methods. #1203 Signed-off-by: Tim Orling --- Requires python3-hatch-fancy-pypi-readme upgrade beyond 23.1.0 https://patchwork.yoctoproject.org/project/oe-core/patch/1704180223-8624-1-git-send-email-wan...@fujitsu.com/ .../python/{python3-attrs_23.1.0.bb => python3-attrs_23.2.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-attrs_23.1.0.bb => python3-attrs_23.2.0.bb} (82%) diff --git a/meta/recipes-devtools/python/python3-attrs_23.1.0.bb b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb similarity index 82% rename from meta/recipes-devtools/python/python3-attrs_23.1.0.bb rename to meta/recipes-devtools/python/python3-attrs_23.2.0.bb index 314053de081..e00e1520156 100644 --- a/meta/recipes-devtools/python/python3-attrs_23.1.0.bb +++ b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.attrs.org/; LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=5e55731824cf9205cfabeab9a0600887" -SRC_URI[sha256sum] = "6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015" +SRC_URI[sha256sum] = "935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30" inherit pypi python_hatchling -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193377): https://lists.openembedded.org/g/openembedded-core/message/193377 Mute This Topic: https://lists.openembedded.org/mt/103548100/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] Revert "opkg-utils: upgrade 0.6.2 -> 0.6.3"
On Fri, Jan 5, 2024 at 8:16 AM Alexandre Belloni wrote: > > I believe this caused: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/4191/steps/12/logs/stdio > Likely, so because this patch https://git.yoctoproject.org/opkg-utils/commit/?id=8d9953dd8d589e9b740307976cbe474e0ce292a0 to opkg fixes mtime to be consistent across runs and this seems likely to be the reason for the reproducibiliy failiure. I wish xattr/acl support and this piece were two separate patches perhaps we could then revert just the one affecting GID issue. I would say lets wait for above bugs progress and hold on to this patch until then. > On 03/01/2024 18:10:51-0800, Khem Raj wrote: > > This reverts commit a856192be5dd78c621478ed29871191c580686c4. > > > > It causes a regression in creating different GIDs in image and ipk as > > reported in [1] > > > > [1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=15334 > > > > Signed-off-by: Khem Raj > > --- > > .../opkg-utils/{opkg-utils_0.6.3.bb => opkg-utils_0.6.2.bb} | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > rename meta/recipes-devtools/opkg-utils/{opkg-utils_0.6.3.bb => > > opkg-utils_0.6.2.bb} (97%) > > > > diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.3.bb > > b/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb > > similarity index 97% > > rename from meta/recipes-devtools/opkg-utils/opkg-utils_0.6.3.bb > > rename to meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb > > index b509227e1a6..eb88b9b734c 100644 > > --- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.3.bb > > +++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb > > @@ -10,7 +10,7 @@ PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', > > 'update-alternatives', 'virtu > > SRC_URI = > > "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \ > > file://0001-update-alternatives-correctly-match-priority.patch \ > > " > > -SRCREV = "589880d01969eb9af1e66120e731d43193504718" > > +SRCREV = "67994e62dc598282830385da75ba9b1abbbda941" > > > > S = "${WORKDIR}/git" > > > > -- > > 2.43.0 > > > > > > > > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193376): https://lists.openembedded.org/g/openembedded-core/message/193376 Mute This Topic: https://lists.openembedded.org/mt/103515671/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] python3-bcrypt: upgrade 4.1.1 -> 4.1.2
* Refresh -crates.inc https://github.com/pyca/bcrypt/compare/4.1.1...4.1.2 https://github.com/pyca/bcrypt/?tab=readme-ov-file#changelog https://github.com/pyca/bcrypt/?tab=readme-ov-file#412 * Publish both py37 and py39 wheels. This should resolve some errors relating to initializing a module multiple times per process. Signed-off-by: Tim Orling --- All ptests pass on core-image-ptest-python3-bcrypt on qemux86-64 .../python/python3-bcrypt-crates.inc | 12 ++-- ...thon3-bcrypt_4.1.1.bb => python3-bcrypt_4.1.2.bb} | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) rename meta/recipes-devtools/python/{python3-bcrypt_4.1.1.bb => python3-bcrypt_4.1.2.bb} (90%) diff --git a/meta/recipes-devtools/python/python3-bcrypt-crates.inc b/meta/recipes-devtools/python/python3-bcrypt-crates.inc index b99d753a877..5db6d1e96ef 100644 --- a/meta/recipes-devtools/python/python3-bcrypt-crates.inc +++ b/meta/recipes-devtools/python/python3-bcrypt-crates.inc @@ -20,10 +20,10 @@ SRC_URI += " \ crate://crates.io/heck/0.4.1 \ crate://crates.io/indoc/2.0.4 \ crate://crates.io/inout/0.1.3 \ -crate://crates.io/libc/0.2.150 \ +crate://crates.io/libc/0.2.151 \ crate://crates.io/lock_api/0.4.11 \ crate://crates.io/memoffset/0.9.0 \ -crate://crates.io/once_cell/1.18.0 \ +crate://crates.io/once_cell/1.19.0 \ crate://crates.io/parking_lot/0.12.1 \ crate://crates.io/parking_lot_core/0.9.9 \ crate://crates.io/pbkdf2/0.12.2 \ @@ -39,7 +39,7 @@ SRC_URI += " \ crate://crates.io/sha2/0.10.8 \ crate://crates.io/smallvec/1.11.2 \ crate://crates.io/subtle/2.5.0 \ -crate://crates.io/syn/2.0.39 \ +crate://crates.io/syn/2.0.41 \ crate://crates.io/target-lexicon/0.12.12 \ crate://crates.io/typenum/1.17.0 \ crate://crates.io/unicode-ident/1.0.12 \ @@ -75,10 +75,10 @@ SRC_URI[getrandom-0.2.11.sha256sum] = "fe9006bed769170c11f845cf00c7c1e9092aeb3f2 SRC_URI[heck-0.4.1.sha256sum] = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" SRC_URI[indoc-2.0.4.sha256sum] = "1e186cfbae8084e513daff4240b4797e342f988cecda4fb6c939150f96315fd8" SRC_URI[inout-0.1.3.sha256sum] = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" -SRC_URI[libc-0.2.150.sha256sum] = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +SRC_URI[libc-0.2.151.sha256sum] = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" SRC_URI[lock_api-0.4.11.sha256sum] = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" SRC_URI[memoffset-0.9.0.sha256sum] = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -SRC_URI[once_cell-1.18.0.sha256sum] = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +SRC_URI[once_cell-1.19.0.sha256sum] = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" SRC_URI[parking_lot-0.12.1.sha256sum] = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" SRC_URI[parking_lot_core-0.9.9.sha256sum] = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" SRC_URI[pbkdf2-0.12.2.sha256sum] = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" @@ -94,7 +94,7 @@ SRC_URI[scopeguard-1.2.0.sha256sum] = "94143f37725109f92c262ed2cf5e59bce7498c01b SRC_URI[sha2-0.10.8.sha256sum] = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" SRC_URI[smallvec-1.11.2.sha256sum] = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" SRC_URI[subtle-2.5.0.sha256sum] = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" -SRC_URI[syn-2.0.39.sha256sum] = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +SRC_URI[syn-2.0.41.sha256sum] = "44c8b28c477cc3bf0e7966561e3460130e1255f7a1cf71931075f1c5e7a7e269" SRC_URI[target-lexicon-0.12.12.sha256sum] = "14c39fd04924ca3a864207c66fc2cd7d22d7c016007f9ce846cbb9326331930a" SRC_URI[typenum-1.17.0.sha256sum] = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" SRC_URI[unicode-ident-1.0.12.sha256sum] = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" diff --git a/meta/recipes-devtools/python/python3-bcrypt_4.1.1.bb b/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb similarity index 90% rename from meta/recipes-devtools/python/python3-bcrypt_4.1.1.bb rename to meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb index 30063c3410f..860f2914769 100644 --- a/meta/recipes-devtools/python/python3-bcrypt_4.1.1.bb +++ b/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://pypi.org/project/bcrypt/; DEPENDS += "${PYTHON_PN}-cffi-native" LDFLAGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', ' -fuse-ld=bfd', '', d)}" -SRC_URI[sha256sum] = "df37f5418d4f1cdcff845f60e747a015389fa4e63703c918330865e06ad80007" +SRC_URI[sha256sum] = "33313a1200a3ae90b75587ceac502b048b840fc69e7f7a0905b5f87fac7a1258" inherit pypi
Re: [OE-core] bitbake-server does not exit after build ends
On Fri, Jan 5, 2024, 9:54 AM Martin Jansa wrote: > On Fri, Jan 5, 2024 at 5:06 PM Martin Jansa via lists.openembedded.org > wrote: > >> FWIW: I see the processes running after bitbake exit only in kirkstone >> and only with >> PRSERV_HOST = "localhost:0" >> if I drop PRSERV_HOST then all 3 bitbake-server processes exist together >> with bitbake itself. >> >> luneos-kirkstone $ rm -f bitbake-cookerdaemon.log >> luneos-kirkstone $ ps aux | grep luneos-kirkstone >> martin 4184043 0.0 0.0 9124 2048 pts/4S+ 16:47 0:00 grep >> --colour=auto luneos-kirkstone >> luneos-kirkstone $ bitbake -k zlib-native >> NOTE: Started PRServer with DBfile: >> /OE/build/luneos-kirkstone/cache/prserv.sqlite3, Address: 127.0.0.1:35811, >> PID: 4184924 >> Loading cache: 100% >> |##| >> Time: 0:00:04 >> Loaded 4570 entries from dependency cache. >> ... >> Sstate summary: Wanted 10 Local 10 Mirrors 0 Missed 0 Current 11 (100% >> match, 100% complete) >> NOTE: Executing Tasks >> NOTE: Tasks Summary: Attempted 92 tasks of which 92 didn't need to be >> rerun and all succeeded. >> NOTE: Writing buildhistory >> NOTE: Writing buildhistory took: 15 seconds >> luneos-kirkstone $ ps aux | grep luneos-kirkstone >> martin 51324 0.0 0.0 9124 2048 pts/4S+ 16:54 0:00 grep >> --colour=auto luneos-kirkstone >> martin 4184584 8.9 0.4 668196 536892 ? Sl 16:47 0:37 >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log >> /OE/build/luneos-kirkstone/bitbake.lock >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 >> martin 4184924 0.0 0.1 340280 196428 ? S16:47 0:00 >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log >> /OE/build/luneos-kirkstone/bitbake.lock >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 >> martin 4184927 0.0 0.1 340328 194440 ? S16:47 0:00 >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log >> /OE/build/luneos-kirkstone/bitbake.lock >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 >> >> luneos-kirkstone $ cat bitbake-cookerdaemon.log >> 4184584 16:47:38.367593 --- Starting bitbake server pid 4184584 at >> 2024-01-05 16:47:38.367526 --- >> 4184584 16:47:38.370315 Started bitbake server pid 4184584 >> 4184584 16:47:38.370831 Entering server connection loop >> 4184584 16:47:38.372043 Accepting [> proto=0, laddr=bitbake.sock>] ([]) >> 4184584 16:47:38.376431 Processing Client >> 4184584 16:47:38.376633 Connecting Client >> 4184584 16:47:38.377632 Running command ['setFeatures', [2, 1]] >> 4184584 16:47:38.379355 Command Completed >> 4184584 16:47:38.379868 Running command ['updateConfig', {'halt': False, >> 'force': False, 'invalidate_stamp': None, 'dry_run': False, >> 'dump_signatures': [], 'extra_assume_provided': [], 'profile': False, >> 'prefile': [], 'postfile': [], 'server_timeout': None, 'nosetscene': False, >> 'setsceneonly': False, 'skipsetscene': False, 'runall': None, 'runonly': >> None, 'writeeventlog': None, 'build_verbose_shell': False, >> 'build_verbose_stdout': False, 'default_loglevel': 20, 'debug_domains': >> {}}, {'SHELL': '/bin/bash', 'BB_ENV_PASSTHROUGH_ADDITIONS': 'MACHINE DISTRO >> TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy >> SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS >> PARALLEL_MAKE GIT_PROXY_COMMAND GIT_PROXY_IGNORE SOCKS5_PASSWD SOCKS5_USER >> WEBOS_DISTRO_BUILD_ID PSEUDO_DISABLED PSEUDO_BUILD', 'DISTRO': 'luneos', >> 'SSH_AUTH_SOCK': '/tmp/ssh-XX2ZxYBo/agent.1893', 'SSH_AGENT_PID': >> '1894', 'PWD': '/OE/build/luneos-kirkstone', 'LOGNAME': 'martin', 'HOME': >> '/home/martin-gentoo', 'MACHINE': 'qemux86-64', 'USER': 'martin', 'PATH': >> '/OE/build/luneos-kirkstone/openembedded-core/scripts:/OE/build/luneos-kirkstone/bitbake/bin:/home/martin-gentoo/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/bin:/usr/lib/llvm/17/bin:/opt/android-sdk-update-manager/tools:/opt/android-sdk-update-manager/platform-tools:/etc/eselect/wine/bin:/usr/lib64/opencascade/bin:/var/lib/snapd/snap/bin', >> 'LC_ALL': 'en_US.UTF-8', 'SESSION_MANAGER': >> 'local/jama:@/tmp/.ICE-unix/1838,unix/jama:/tmp/.ICE-unix/1838', >> 'WINDOWID': '35651587', 'COLORTERM': 'truecolor', >> 'CSF_MDTVTexturesDirectory': '/usr/share/opencascade/resources/Textures', >> 'MACHINES': 'qemux86-64', 'XDG_CONFIG_DIRS': '/etc/xdg', 'LESS': '-R -M >> --shift 5', 'XDG_SESSION_PATH': '/org/freedesktop/DisplayManager/Session1', >> 'XDG_MENU_PREFIX': 'xfce-', 'JDK_HOME': >> '/etc/java-config-2/current-system-vm', 'CONFIG_PROTECT_MASK': >> '/etc/sandbox.d
Re: [OE-core] bitbake-server does not exit after build ends
On Fri, Jan 5, 2024 at 6:54 AM Martin Jansa wrote: > > On Fri, Jan 5, 2024 at 5:06 PM Martin Jansa via lists.openembedded.org > wrote: >> >> FWIW: I see the processes running after bitbake exit only in kirkstone and >> only with >> PRSERV_HOST = "localhost:0" >> if I drop PRSERV_HOST then all 3 bitbake-server processes exist together >> with bitbake itself. >> >> luneos-kirkstone $ rm -f bitbake-cookerdaemon.log >> luneos-kirkstone $ ps aux | grep luneos-kirkstone >> martin 4184043 0.0 0.0 9124 2048 pts/4S+ 16:47 0:00 grep >> --colour=auto luneos-kirkstone >> luneos-kirkstone $ bitbake -k zlib-native >> NOTE: Started PRServer with DBfile: >> /OE/build/luneos-kirkstone/cache/prserv.sqlite3, Address: 127.0.0.1:35811, >> PID: 4184924 >> Loading cache: 100% >> |##| >> Time: 0:00:04 >> Loaded 4570 entries from dependency cache. >> ... >> Sstate summary: Wanted 10 Local 10 Mirrors 0 Missed 0 Current 11 (100% >> match, 100% complete) >> NOTE: Executing Tasks >> NOTE: Tasks Summary: Attempted 92 tasks of which 92 didn't need to be rerun >> and all succeeded. >> NOTE: Writing buildhistory >> NOTE: Writing buildhistory took: 15 seconds >> luneos-kirkstone $ ps aux | grep luneos-kirkstone >> martin 51324 0.0 0.0 9124 2048 pts/4S+ 16:54 0:00 grep >> --colour=auto luneos-kirkstone >> martin 4184584 8.9 0.4 668196 536892 ? Sl 16:47 0:37 >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log >> /OE/build/luneos-kirkstone/bitbake.lock >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 >> martin 4184924 0.0 0.1 340280 196428 ? S16:47 0:00 >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log >> /OE/build/luneos-kirkstone/bitbake.lock >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 >> martin 4184927 0.0 0.1 340328 194440 ? S16:47 0:00 >> bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server >> decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log >> /OE/build/luneos-kirkstone/bitbake.lock >> /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 >> >> luneos-kirkstone $ cat bitbake-cookerdaemon.log >> 4184584 16:47:38.367593 --- Starting bitbake server pid 4184584 at >> 2024-01-05 16:47:38.367526 --- >> 4184584 16:47:38.370315 Started bitbake server pid 4184584 >> 4184584 16:47:38.370831 Entering server connection loop >> 4184584 16:47:38.372043 Accepting [> proto=0, laddr=bitbake.sock>] ([]) >> 4184584 16:47:38.376431 Processing Client >> 4184584 16:47:38.376633 Connecting Client >> 4184584 16:47:38.377632 Running command ['setFeatures', [2, 1]] >> 4184584 16:47:38.379355 Command Completed >> 4184584 16:47:38.379868 Running command ['updateConfig', {'halt': False, >> 'force': False, 'invalidate_stamp': None, 'dry_run': False, >> 'dump_signatures': [], 'extra_assume_provided': [], 'profile': False, >> 'prefile': [], 'postfile': [], 'server_timeout': None, 'nosetscene': False, >> 'setsceneonly': False, 'skipsetscene': False, 'runall': None, 'runonly': >> None, 'writeeventlog': None, 'build_verbose_shell': False, >> 'build_verbose_stdout': False, 'default_loglevel': 20, 'debug_domains': {}}, >> {'SHELL': '/bin/bash', 'BB_ENV_PASSTHROUGH_ADDITIONS': 'MACHINE DISTRO >> TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy >> SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS >> PARALLEL_MAKE GIT_PROXY_COMMAND GIT_PROXY_IGNORE SOCKS5_PASSWD SOCKS5_USER >> WEBOS_DISTRO_BUILD_ID PSEUDO_DISABLED PSEUDO_BUILD', 'DISTRO': 'luneos', >> 'SSH_AUTH_SOCK': '/tmp/ssh-XX2ZxYBo/agent.1893', 'SSH_AGENT_PID': >> '1894', 'PWD': '/OE/build/luneos-kirkstone', 'LOGNAME': 'martin', 'HOME': >> '/home/martin-gentoo', 'MACHINE': 'qemux86-64', 'USER': 'martin', 'PATH': >> '/OE/build/luneos-kirkstone/openembedded-core/scripts:/OE/build/luneos-kirkstone/bitbake/bin:/home/martin-gentoo/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/bin:/usr/lib/llvm/17/bin:/opt/android-sdk-update-manager/tools:/opt/android-sdk-update-manager/platform-tools:/etc/eselect/wine/bin:/usr/lib64/opencascade/bin:/var/lib/snapd/snap/bin', >> 'LC_ALL': 'en_US.UTF-8', 'SESSION_MANAGER': >> 'local/jama:@/tmp/.ICE-unix/1838,unix/jama:/tmp/.ICE-unix/1838', 'WINDOWID': >> '35651587', 'COLORTERM': 'truecolor', 'CSF_MDTVTexturesDirectory': >> '/usr/share/opencascade/resources/Textures', 'MACHINES': 'qemux86-64', >> 'XDG_CONFIG_DIRS': '/etc/xdg', 'LESS': '-R -M --shift 5', >> 'XDG_SESSION_PATH': '/org/freedesktop/DisplayManager/Session1', >> 'XDG_MENU_PREFIX': 'xfce-', 'JDK_HOME': >> '/etc/java-config-2/current-system-vm',
[OE-core] [PATCH] openssh: upgrade 9.5p1 -> 9.6p1
* Relocate Upstream-Status in 0001-regress-banner.sh-log-input-and-output-files-on-erro.patch so it will not throw an error in AUH https://www.openssh.com/txt/release-9.6 https://github.com/openssh/openssh-portable/compare/V_9_5_P1...V_9_6_P1 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-51384 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 CVE: CVE-2023-48795 CVE: CVE-2023-51384 CVE: CVE-2023-51385 Signed-off-by: Tim Orling --- All ptests passed on core-image-ptest-openssh on qemux86-64 ...regress-banner.sh-log-input-and-output-files-on-erro.patch | 4 ++-- .../openssh/{openssh_9.5p1.bb => openssh_9.6p1.bb}| 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-connectivity/openssh/{openssh_9.5p1.bb => openssh_9.6p1.bb} (98%) diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch index 2c14014fed8..8763f30f4b3 100644 --- a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch +++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch @@ -34,13 +34,13 @@ return value: 1 See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 +Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] + Signed-off-by: Mikko Rapeli --- regress/banner.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] - diff --git a/regress/banner.sh b/regress/banner.sh index a84feb5a..de84957a 100644 --- a/regress/banner.sh diff --git a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb similarity index 98% rename from meta/recipes-connectivity/openssh/openssh_9.5p1.bb rename to meta/recipes-connectivity/openssh/openssh_9.6p1.bb index bbb8fb091ad..fa44eb0bd4e 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -28,7 +28,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ " -SRC_URI[sha256sum] = "f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b" +SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193372): https://lists.openembedded.org/g/openembedded-core/message/193372 Mute This Topic: https://lists.openembedded.org/mt/103546397/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] bitbake-server does not exit after build ends
On Fri, Jan 5, 2024 at 5:06 PM Martin Jansa via lists.openembedded.org wrote: > FWIW: I see the processes running after bitbake exit only in kirkstone and > only with > PRSERV_HOST = "localhost:0" > if I drop PRSERV_HOST then all 3 bitbake-server processes exist together > with bitbake itself. > > luneos-kirkstone $ rm -f bitbake-cookerdaemon.log > luneos-kirkstone $ ps aux | grep luneos-kirkstone > martin 4184043 0.0 0.0 9124 2048 pts/4S+ 16:47 0:00 grep > --colour=auto luneos-kirkstone > luneos-kirkstone $ bitbake -k zlib-native > NOTE: Started PRServer with DBfile: > /OE/build/luneos-kirkstone/cache/prserv.sqlite3, Address: 127.0.0.1:35811, > PID: 4184924 > Loading cache: 100% > |##| > Time: 0:00:04 > Loaded 4570 entries from dependency cache. > ... > Sstate summary: Wanted 10 Local 10 Mirrors 0 Missed 0 Current 11 (100% > match, 100% complete) > NOTE: Executing Tasks > NOTE: Tasks Summary: Attempted 92 tasks of which 92 didn't need to be > rerun and all succeeded. > NOTE: Writing buildhistory > NOTE: Writing buildhistory took: 15 seconds > luneos-kirkstone $ ps aux | grep luneos-kirkstone > martin 51324 0.0 0.0 9124 2048 pts/4S+ 16:54 0:00 grep > --colour=auto luneos-kirkstone > martin 4184584 8.9 0.4 668196 536892 ? Sl 16:47 0:37 > bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server > decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log > /OE/build/luneos-kirkstone/bitbake.lock > /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 > martin 4184924 0.0 0.1 340280 196428 ? S16:47 0:00 > bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server > decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log > /OE/build/luneos-kirkstone/bitbake.lock > /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 > martin 4184927 0.0 0.1 340328 194440 ? S16:47 0:00 > bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server > decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log > /OE/build/luneos-kirkstone/bitbake.lock > /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 > > luneos-kirkstone $ cat bitbake-cookerdaemon.log > 4184584 16:47:38.367593 --- Starting bitbake server pid 4184584 at > 2024-01-05 16:47:38.367526 --- > 4184584 16:47:38.370315 Started bitbake server pid 4184584 > 4184584 16:47:38.370831 Entering server connection loop > 4184584 16:47:38.372043 Accepting [ proto=0, laddr=bitbake.sock>] ([]) > 4184584 16:47:38.376431 Processing Client > 4184584 16:47:38.376633 Connecting Client > 4184584 16:47:38.377632 Running command ['setFeatures', [2, 1]] > 4184584 16:47:38.379355 Command Completed > 4184584 16:47:38.379868 Running command ['updateConfig', {'halt': False, > 'force': False, 'invalidate_stamp': None, 'dry_run': False, > 'dump_signatures': [], 'extra_assume_provided': [], 'profile': False, > 'prefile': [], 'postfile': [], 'server_timeout': None, 'nosetscene': False, > 'setsceneonly': False, 'skipsetscene': False, 'runall': None, 'runonly': > None, 'writeeventlog': None, 'build_verbose_shell': False, > 'build_verbose_stdout': False, 'default_loglevel': 20, 'debug_domains': > {}}, {'SHELL': '/bin/bash', 'BB_ENV_PASSTHROUGH_ADDITIONS': 'MACHINE DISTRO > TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy > SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS > PARALLEL_MAKE GIT_PROXY_COMMAND GIT_PROXY_IGNORE SOCKS5_PASSWD SOCKS5_USER > WEBOS_DISTRO_BUILD_ID PSEUDO_DISABLED PSEUDO_BUILD', 'DISTRO': 'luneos', > 'SSH_AUTH_SOCK': '/tmp/ssh-XX2ZxYBo/agent.1893', 'SSH_AGENT_PID': > '1894', 'PWD': '/OE/build/luneos-kirkstone', 'LOGNAME': 'martin', 'HOME': > '/home/martin-gentoo', 'MACHINE': 'qemux86-64', 'USER': 'martin', 'PATH': > '/OE/build/luneos-kirkstone/openembedded-core/scripts:/OE/build/luneos-kirkstone/bitbake/bin:/home/martin-gentoo/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/bin:/usr/lib/llvm/17/bin:/opt/android-sdk-update-manager/tools:/opt/android-sdk-update-manager/platform-tools:/etc/eselect/wine/bin:/usr/lib64/opencascade/bin:/var/lib/snapd/snap/bin', > 'LC_ALL': 'en_US.UTF-8', 'SESSION_MANAGER': > 'local/jama:@/tmp/.ICE-unix/1838,unix/jama:/tmp/.ICE-unix/1838', > 'WINDOWID': '35651587', 'COLORTERM': 'truecolor', > 'CSF_MDTVTexturesDirectory': '/usr/share/opencascade/resources/Textures', > 'MACHINES': 'qemux86-64', 'XDG_CONFIG_DIRS': '/etc/xdg', 'LESS': '-R -M > --shift 5', 'XDG_SESSION_PATH': '/org/freedesktop/DisplayManager/Session1', > 'XDG_MENU_PREFIX': 'xfce-', 'JDK_HOME': > '/etc/java-config-2/current-system-vm', 'CONFIG_PROTECT_MASK': > '/etc/sandbox.d /etc/fonts/fonts.conf /etc/gentoo-release /etc/dconf > /etc/ca-certificates.conf /etc/revdep-rebuild', 'TERMCAP': > 'SC|screen.xterm-256color|VT
Re: [OE-core] [PATCH 1/2] Revert "opkg-utils: upgrade 0.6.2 -> 0.6.3"
I believe this caused: https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/4191/steps/12/logs/stdio On 03/01/2024 18:10:51-0800, Khem Raj wrote: > This reverts commit a856192be5dd78c621478ed29871191c580686c4. > > It causes a regression in creating different GIDs in image and ipk as > reported in [1] > > [1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=15334 > > Signed-off-by: Khem Raj > --- > .../opkg-utils/{opkg-utils_0.6.3.bb => opkg-utils_0.6.2.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-devtools/opkg-utils/{opkg-utils_0.6.3.bb => > opkg-utils_0.6.2.bb} (97%) > > diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.3.bb > b/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb > similarity index 97% > rename from meta/recipes-devtools/opkg-utils/opkg-utils_0.6.3.bb > rename to meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb > index b509227e1a6..eb88b9b734c 100644 > --- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.3.bb > +++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb > @@ -10,7 +10,7 @@ PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', > 'update-alternatives', 'virtu > SRC_URI = > "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \ > file://0001-update-alternatives-correctly-match-priority.patch \ > " > -SRCREV = "589880d01969eb9af1e66120e731d43193504718" > +SRCREV = "67994e62dc598282830385da75ba9b1abbbda941" > > S = "${WORKDIR}/git" > > -- > 2.43.0 > > > > -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193370): https://lists.openembedded.org/g/openembedded-core/message/193370 Mute This Topic: https://lists.openembedded.org/mt/103515671/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] bitbake-server does not exit after build ends
FWIW: I see the processes running after bitbake exit only in kirkstone and only with PRSERV_HOST = "localhost:0" if I drop PRSERV_HOST then all 3 bitbake-server processes exist together with bitbake itself. luneos-kirkstone $ rm -f bitbake-cookerdaemon.log luneos-kirkstone $ ps aux | grep luneos-kirkstone martin 4184043 0.0 0.0 9124 2048 pts/4S+ 16:47 0:00 grep --colour=auto luneos-kirkstone luneos-kirkstone $ bitbake -k zlib-native NOTE: Started PRServer with DBfile: /OE/build/luneos-kirkstone/cache/prserv.sqlite3, Address: 127.0.0.1:35811, PID: 4184924 Loading cache: 100% |##| Time: 0:00:04 Loaded 4570 entries from dependency cache. ... Sstate summary: Wanted 10 Local 10 Mirrors 0 Missed 0 Current 11 (100% match, 100% complete) NOTE: Executing Tasks NOTE: Tasks Summary: Attempted 92 tasks of which 92 didn't need to be rerun and all succeeded. NOTE: Writing buildhistory NOTE: Writing buildhistory took: 15 seconds luneos-kirkstone $ ps aux | grep luneos-kirkstone martin 51324 0.0 0.0 9124 2048 pts/4S+ 16:54 0:00 grep --colour=auto luneos-kirkstone martin 4184584 8.9 0.4 668196 536892 ? Sl 16:47 0:37 bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log /OE/build/luneos-kirkstone/bitbake.lock /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 martin 4184924 0.0 0.1 340280 196428 ? S16:47 0:00 bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log /OE/build/luneos-kirkstone/bitbake.lock /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 martin 4184927 0.0 0.1 340328 194440 ? S16:47 0:00 bitbake-server /OE/build/luneos-kirkstone/bitbake/bin/bitbake-server decafbad 3 5 /OE/build/luneos-kirkstone/bitbake-cookerdaemon.log /OE/build/luneos-kirkstone/bitbake.lock /OE/build/luneos-kirkstone/bitbake.sock 0 None 0 luneos-kirkstone $ cat bitbake-cookerdaemon.log 4184584 16:47:38.367593 --- Starting bitbake server pid 4184584 at 2024-01-05 16:47:38.367526 --- 4184584 16:47:38.370315 Started bitbake server pid 4184584 4184584 16:47:38.370831 Entering server connection loop 4184584 16:47:38.372043 Accepting [] ([]) 4184584 16:47:38.376431 Processing Client 4184584 16:47:38.376633 Connecting Client 4184584 16:47:38.377632 Running command ['setFeatures', [2, 1]] 4184584 16:47:38.379355 Command Completed 4184584 16:47:38.379868 Running command ['updateConfig', {'halt': False, 'force': False, 'invalidate_stamp': None, 'dry_run': False, 'dump_signatures': [], 'extra_assume_provided': [], 'profile': False, 'prefile': [], 'postfile': [], 'server_timeout': None, 'nosetscene': False, 'setsceneonly': False, 'skipsetscene': False, 'runall': None, 'runonly': None, 'writeeventlog': None, 'build_verbose_shell': False, 'build_verbose_stdout': False, 'default_loglevel': 20, 'debug_domains': {}}, {'SHELL': '/bin/bash', 'BB_ENV_PASSTHROUGH_ADDITIONS': 'MACHINE DISTRO TCMODE TCLIBC http_proxy ftp_proxy https_proxy all_proxy ALL_PROXY no_proxy SSH_AGENT_PID SSH_AUTH_SOCK BB_SRCREV_POLICY SDKMACHINE BB_NUMBER_THREADS PARALLEL_MAKE GIT_PROXY_COMMAND GIT_PROXY_IGNORE SOCKS5_PASSWD SOCKS5_USER WEBOS_DISTRO_BUILD_ID PSEUDO_DISABLED PSEUDO_BUILD', 'DISTRO': 'luneos', 'SSH_AUTH_SOCK': '/tmp/ssh-XX2ZxYBo/agent.1893', 'SSH_AGENT_PID': '1894', 'PWD': '/OE/build/luneos-kirkstone', 'LOGNAME': 'martin', 'HOME': '/home/martin-gentoo', 'MACHINE': 'qemux86-64', 'USER': 'martin', 'PATH': '/OE/build/luneos-kirkstone/openembedded-core/scripts:/OE/build/luneos-kirkstone/bitbake/bin:/home/martin-gentoo/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/bin:/usr/lib/llvm/17/bin:/opt/android-sdk-update-manager/tools:/opt/android-sdk-update-manager/platform-tools:/etc/eselect/wine/bin:/usr/lib64/opencascade/bin:/var/lib/snapd/snap/bin', 'LC_ALL': 'en_US.UTF-8', 'SESSION_MANAGER': 'local/jama:@/tmp/.ICE-unix/1838,unix/jama:/tmp/.ICE-unix/1838', 'WINDOWID': '35651587', 'COLORTERM': 'truecolor', 'CSF_MDTVTexturesDirectory': '/usr/share/opencascade/resources/Textures', 'MACHINES': 'qemux86-64', 'XDG_CONFIG_DIRS': '/etc/xdg', 'LESS': '-R -M --shift 5', 'XDG_SESSION_PATH': '/org/freedesktop/DisplayManager/Session1', 'XDG_MENU_PREFIX': 'xfce-', 'JDK_HOME': '/etc/java-config-2/current-system-vm', 'CONFIG_PROTECT_MASK': '/etc/sandbox.d /etc/fonts/fonts.conf /etc/gentoo-release /etc/dconf /etc/ca-certificates.conf /etc/revdep-rebuild', 'TERMCAP': 'SC|screen.xterm-256color|VT 100/ANSI X3.64 virtual
Re: [OE-core][PATCH 1/3] systemd: upgrade to 255.1
Hello, This fails with: https://autobuilder.yoctoproject.org/typhoon/#/builders/106/builds/7361/steps/12/logs/warnings WARNING: core-image-full-cmdline-1.0-r0 do_rootfs: User root has been defined as (root, 0, 0, root, /root, /bin/sh) but sysusers.d expects it as (root, 0, 0, Super User, /root, -) WARNING: core-image-full-cmdline-1.0-r0 do_rootfs: User nobody has been defined as (nobody, 65534, 65534, nobody, /nonexistent, /usr/sbin/nologin) but sysusers.d expects it as (nobody, 65534, 65534, Kernel Overflow User, -, -) WARNING: core-image-sato-1.0-r0 do_rootfs: User root has been defined as (root, 0, 0, root, /root, /bin/sh) but sysusers.d expects it as (root, 0, 0, Super User, /root, -) WARNING: core-image-sato-1.0-r0 do_rootfs: User nobody has been defined as (nobody, 65534, 65534, nobody, /nonexistent, /usr/sbin/nologin) but sysusers.d expects it as (nobody, 65534, 65534, Kernel Overflow User, -, -) WARNING: core-image-sato-sdk-1.0-r0 do_rootfs: User root has been defined as (root, 0, 0, root, /root, /bin/sh) but sysusers.d expects it as (root, 0, 0, Super User, /root, -) WARNING: core-image-sato-sdk-1.0-r0 do_rootfs: User nobody has been defined as (nobody, 65534, 65534, nobody, /nonexistent, /usr/sbin/nologin) but sysusers.d expects it as (nobody, 65534, 65534, Kernel Overflow User, -, -) On 27/12/2023 12:20:34+0800, Chen Qi via lists.openembedded.org wrote: > From: Chen Qi > > 1. Patch changes: > > 0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch > is removed because it has no real effect now. The /lib is now > /usr/lib because 'usrmerge' is a required distro feature for systemd. > > 0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch is > refreshed for the new version to avoid patch-fuzz issue. > > 2. root user's home directory now defaults to "/root": > > The sysuers.d/basic.conf is still modified to respect the ROOT_HOME > value, so if users set ROOT_HOME to "/home/root", the behavior is the > same as before. However, this is only for backward compatibility. With > this patch, The ROOT_HOME value is set to "/root" in init-manager-systemd.inc. > This is because systemd's source codes are hardcoding "/root", and other > values are not officially supported. See the list below. > $ grep -rl '"/root"' src/ | grep -v 'src/test' > src/core/namespace.c > src/basic/user-util.c > src/nss-systemd/nss-systemd.c > src/nspawn/nspawn.c > src/firstboot/firstboot.c > src/shared/userdb.c > src/shared/user-record.c > $ grep -rl /root network/ factory/ sysctl.d/ sysusers.d/ rules.d/ tmpfiles.d/ > units/ xorg/ tools/ > sysusers.d/basic.conf.in > tmpfiles.d/provision.conf > units/emergency.service.in > units/rescue.service.in > tools/list-discoverable-partitions.py > Previously, the recipe was just substituting sysusers.d/basic.conf.in, > which is not enough to be treated as 'fully support'. I deliberately put > a warning message in do_install to warn users about non "/root" ROOT_HOME > value. Don't remove it until all above places are handled. > > 3. cgroupv2 is now the default. > cgroupv2 is the default for systemd for many years and it's the default > for distros such as ubuntu and fedora. Let's also use it as the default. > > Signed-off-by: Chen Qi > --- > .../distro/include/init-manager-systemd.inc | 2 + > meta/recipes-core/systemd/systemd.inc | 4 +- > ...tall-dependency-links-at-install-tim.patch | 22 +++--- > ...sysctl.d-binfmt.d-modules-load.d-to-.patch | 73 --- > .../systemd/systemd/basic.conf.in | 40 -- > .../{systemd_254.4.bb => systemd_255.1.bb}| 16 ++-- > 6 files changed, 25 insertions(+), 132 deletions(-) > delete mode 100644 > meta/recipes-core/systemd/systemd/0004-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch > delete mode 100644 meta/recipes-core/systemd/systemd/basic.conf.in > rename meta/recipes-core/systemd/{systemd_254.4.bb => systemd_255.1.bb} (98%) > > diff --git a/meta/conf/distro/include/init-manager-systemd.inc > b/meta/conf/distro/include/init-manager-systemd.inc > index 595d1f2644..0a76647459 100644 > --- a/meta/conf/distro/include/init-manager-systemd.inc > +++ b/meta/conf/distro/include/init-manager-systemd.inc > @@ -5,3 +5,5 @@ VIRTUAL-RUNTIME_init_manager ??= "systemd" > VIRTUAL-RUNTIME_initscripts ??= "systemd-compat-units" > VIRTUAL-RUNTIME_login_manager ??= "shadow-base" > VIRTUAL-RUNTIME_dev_manager ??= "systemd" > +# systemd hardcodes /root in its source codes, other values are not > offically supported > +ROOT_HOME ?= "/root" > diff --git a/meta/recipes-core/systemd/systemd.inc > b/meta/recipes-core/systemd/systemd.inc > index ccc3236457..1417e0150f 100644 > --- a/meta/recipes-core/systemd/systemd.inc > +++ b/meta/recipes-core/systemd/systemd.inc > @@ -15,8 +15,8 @@ LICENSE:libsystemd = "LGPL-2.1-or-later" > LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe > \ > >
Patchtest results for [OE-core][dunfell 4/5] cve-update-nvd2-native: increase the delay between subsequent request failures
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/dunfell-4-5-cve-update-nvd2-native-increase-the-delay-between-subsequent-request-failures.patch FAIL: test shortlog length: Edit shortlog so that it is 90 characters or less (currently 92 characters) (test_mbox.TestMbox.test_shortlog_length) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193367): https://lists.openembedded.org/g/openembedded-core/message/193367 Mute This Topic: https://lists.openembedded.org/mt/103542937/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 5/5] linux-firmware: upgrade 20230804 -> 20231030
From: Dmitry Baryshkov License-Update: additional firmwares Signed-off-by: Dmitry Baryshkov Signed-off-by: Alexandre Belloni (cherry picked from commit 7c725d1f2ed9a271d39d899ac2534558c2d103fc) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20230804.bb => linux-firmware_20231030.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230804.bb => linux-firmware_20231030.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb index 507a003224..65cbca798e 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "41f9a48bf27971b126a36f9344594dcd" +WHENCE_CHKSUM = "ceb5248746d24d165b603e71b288cf75" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688" +SRC_URI[sha256sum] = "c98d200fc4a3120de1a594713ce34e135819dff23e883a4ed387863ba25679c7" inherit allarch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193365): https://lists.openembedded.org/g/openembedded-core/message/193365 Mute This Topic: https://lists.openembedded.org/mt/103542662/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 4/5] cve-update-nvd2-native: increase the delay between subsequent request failures
From: Dhairya Nagodra Sometimes NVD servers are unstable and return too many errors. There is an option to have higher fetch attempts to increase the chances of successfully fetching the CVE data. Additionally, it also makes sense to progressively increase the delay after a failed request to an already unstable or busy server. The increase in delay is reset after every successful request and the maximum delay is limited to 30 seconds. Also, the logs are improved to give more clarity. Signed-off-by: Dhairya Nagodra Signed-off-by: Alexandre Belloni (cherry picked from commit 7101d654635b707e56b0dbae8c2146b312d211ea) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 0a8b6a8a0a..69ba20a6cb 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -114,7 +114,10 @@ def cleanup_db_download(db_file, db_tmp_file): if os.path.exists(db_tmp_file): os.remove(db_tmp_file) -def nvd_request_next(url, attempts, api_key, args): +def nvd_request_wait(attempt, min_wait): +return min ( ( (2 * attempt) + min_wait ) , 30) + +def nvd_request_next(url, attempts, api_key, args, min_wait): """ Request next part of the NVD dabase """ @@ -143,8 +146,10 @@ def nvd_request_next(url, attempts, api_key, args): r.close() except Exception as e: -bb.note("CVE database: received error (%s), retrying" % (e)) -time.sleep(6) +wait_time = nvd_request_wait(attempt, min_wait) +bb.note("CVE database: received error (%s)" % (e)) +bb.note("CVE database: retrying download after %d seconds. attempted (%d/%d)" % (wait_time, attempt+1, attempts)) +time.sleep(wait_time) pass else: return raw_data @@ -195,7 +200,7 @@ def update_db_file(db_tmp_file, d, database_time): while True: req_args['startIndex'] = index -raw_data = nvd_request_next(url, attempts, api_key, req_args) +raw_data = nvd_request_next(url, attempts, api_key, req_args, wait_time) if raw_data is None: # We haven't managed to download data return False -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193364): https://lists.openembedded.org/g/openembedded-core/message/193364 Mute This Topic: https://lists.openembedded.org/mt/103542654/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 3/5] cve-update-nvd2-native: faster requests with API keys
From: Dhairya Nagodra As per NVD, the public rate limit is 5 requests in 30s (6s delay). Using an API key increases the limit to 50 requests in 30s (0.6s delay). However, NVD still recommends sleeping for several seconds so that the other legitimate requests are serviced without denial or interruption. Keeping the default sleep at 6 seconds and 2 seconds with an API key. For failures, the wait time is unchanged (6 seconds). Reference: https://nvd.nist.gov/developers/start-here#RateLimits Signed-off-by: Dhairya Nagodra Signed-off-by: Alexandre Belloni (cherry picked from commit 5c32e2941d1dc3d04a799a1b7cbd275c1ccc9e79) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index dab0b69edc..0a8b6a8a0a 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -188,6 +188,11 @@ def update_db_file(db_tmp_file, d, database_time): api_key = d.getVar("NVDCVE_API_KEY") or None attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS")) +# Recommended by NVD +wait_time = 6 +if api_key: +wait_time = 2 + while True: req_args['startIndex'] = index raw_data = nvd_request_next(url, attempts, api_key, req_args) @@ -210,7 +215,7 @@ def update_db_file(db_tmp_file, d, database_time): break # Recommended by NVD -time.sleep(6) +time.sleep(wait_time) # Update success, set the date to cve_check file. cve_f.write('CVE database update : %s\n\n' % datetime.date.today()) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193363): https://lists.openembedded.org/g/openembedded-core/message/193363 Mute This Topic: https://lists.openembedded.org/mt/103542653/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 2/5] cve-update-nvd2-native: make number of fetch attemtps configurable
From: Peter Marko Sometimes NVD servers are unstable and return too many errors. Last time we increased number of attempts from 3 to 5, but further increasing is not reasonable as in normal case too many retries is just abusive. Keep retries low as default and allow to increase as needed. Signed-off-by: Peter Marko Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 6b6fd8043d83b9954ab6ad2c745d07c6bcc1) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 64a96a46f0..dab0b69edc 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,6 +26,9 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" +# Number of attmepts for each http query to nvd server before giving up +CVE_DB_UPDATE_ATTEMPTS ?= "5" + CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" @@ -111,7 +114,7 @@ def cleanup_db_download(db_file, db_tmp_file): if os.path.exists(db_tmp_file): os.remove(db_tmp_file) -def nvd_request_next(url, api_key, args): +def nvd_request_next(url, attempts, api_key, args): """ Request next part of the NVD dabase """ @@ -127,7 +130,7 @@ def nvd_request_next(url, api_key, args): request.add_header("apiKey", api_key) bb.note("Requesting %s" % request.full_url) -for attempt in range(5): +for attempt in range(attempts): try: r = urllib.request.urlopen(request) @@ -183,10 +186,11 @@ def update_db_file(db_tmp_file, d, database_time): index = 0 url = d.getVar("NVDCVE_URL") api_key = d.getVar("NVDCVE_API_KEY") or None +attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS")) while True: req_args['startIndex'] = index -raw_data = nvd_request_next(url, api_key, req_args) +raw_data = nvd_request_next(url, attempts, api_key, req_args) if raw_data is None: # We haven't managed to download data return False -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193362): https://lists.openembedded.org/g/openembedded-core/message/193362 Mute This Topic: https://lists.openembedded.org/mt/103542652/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 1/5] cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
From: Peter Marko This variable is not referenced in oe-core anymore. Signed-off-by: Peter Marko Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 905b45a814cb33327503b793741c19b44c8550b3) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 --- 1 file changed, 3 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 67d76f75dd..64a96a46f0 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,9 +26,6 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" -# Timeout for blocking socket operations, such as the connection attempt. -CVE_SOCKET_TIMEOUT ?= "60" - CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193361): https://lists.openembedded.org/g/openembedded-core/message/193361 Mute This Topic: https://lists.openembedded.org/mt/103542651/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 0/5] Patch review
Please review this set of changes for dunfell and have comments back by end of day Tuesday, January 9 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6418 The following changes since commit 3ea36d92800b139eaaf75995cdd59912b63db9ee: tzdata: Upgrade to 2023d (2024-01-02 03:43:26 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Dhairya Nagodra (2): cve-update-nvd2-native: faster requests with API keys cve-update-nvd2-native: increase the delay between subsequent request failures Dmitry Baryshkov (1): linux-firmware: upgrade 20230804 -> 20231030 Peter Marko (2): cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT cve-update-nvd2-native: make number of fetch attemtps configurable .../meta/cve-update-nvd2-native.bb| 27 +-- ...20230804.bb => linux-firmware_20231030.bb} | 4 +-- 2 files changed, 21 insertions(+), 10 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230804.bb => linux-firmware_20231030.bb} (99%) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193360): https://lists.openembedded.org/g/openembedded-core/message/193360 Mute This Topic: https://lists.openembedded.org/mt/103542629/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][dunfell][PATCH v2] go: Backport fix for CVE-2023-45287
V2 also has issues, as flagged by patchtest and my local testing: Applying: go: Backport fix for CVE-2023-45287 error: corrupt patch at line 2273 error: could not build fake ancestor Patch failed at 0001 go: Backport fix for CVE-2023-45287 Steve On Thu, Jan 4, 2024 at 9:33 PM Vijay Anusuri via lists.openembedded.org wrote: > > From: Vijay Anusuri > > Upstream-Status: Backport > [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255 > & > https://github.com/golang/go/commit/c9d5f60eaa4450ccf1ce878d55b4c6a12843f2f3 > & > https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807 > & > https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035] > > Signed-off-by: Vijay Anusuri > --- > meta/recipes-devtools/go/go-1.14.inc |4 + > .../go/go-1.14/CVE-2023-45287-pre1.patch | 393 > .../go/go-1.14/CVE-2023-45287-pre2.patch | 401 > .../go/go-1.14/CVE-2023-45287-pre3.patch | 86 + > .../go/go-1.14/CVE-2023-45287.patch | 1697 + > 5 files changed, 2581 insertions(+) > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch > > diff --git a/meta/recipes-devtools/go/go-1.14.inc > b/meta/recipes-devtools/go/go-1.14.inc > index b827a3606d..42a9ac8435 100644 > --- a/meta/recipes-devtools/go/go-1.14.inc > +++ b/meta/recipes-devtools/go/go-1.14.inc > @@ -83,6 +83,10 @@ SRC_URI += "\ > file://CVE-2023-39318.patch \ > file://CVE-2023-39319.patch \ > file://CVE-2023-39326.patch \ > +file://CVE-2023-45287-pre1.patch \ > +file://CVE-2023-45287-pre2.patch \ > +file://CVE-2023-45287-pre3.patch \ > +file://CVE-2023-45287.patch \ > " > > SRC_URI_append_libc-musl = " > file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" > diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > new file mode 100644 > index 00..4d65180253 > --- /dev/null > +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > @@ -0,0 +1,393 @@ > +From 9baafabac9a84813a336f068862207d2bb06d255 Mon Sep 17 00:00:00 2001 > +From: Filippo Valsorda > +Date: Wed, 1 Apr 2020 17:25:40 -0400 > +Subject: [PATCH] crypto/rsa: refactor RSA-PSS signing and verification > + > +Cleaned up for readability and consistency. > + > +There is one tiny behavioral change: when PSSSaltLengthEqualsHash is > +used and both hash and opts.Hash were set, hash.Size() was used for the > +salt length instead of opts.Hash.Size(). That's clearly wrong because > +opts.Hash is documented to override hash. > + > +Change-Id: I3e25dad933961eac827c6d2e3bbfe45fc5a6fb0e > +Reviewed-on: https://go-review.googlesource.com/c/go/+/226937 > +Run-TryBot: Filippo Valsorda > +TryBot-Result: Gobot Gobot > +Reviewed-by: Katie Hockman > + > +Upstream-Status: Backport > [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255] > +CVE: CVE-2023-45287 #Dependency Patch1 > +Signed-off-by: Vijay Anusuri > +--- > + src/crypto/rsa/pss.go | 173 ++ > + src/crypto/rsa/rsa.go | 9 ++- > + 2 files changed, 96 insertions(+), 86 deletions(-) > + > +diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go > +index 3ff0c2f4d0076..f9844d87329a8 100644 > +--- a/src/crypto/rsa/pss.go > b/src/crypto/rsa/pss.go > +@@ -4,9 +4,7 @@ > + > + package rsa > + > +-// This file implements the PSS signature scheme [1]. > +-// > +-// [1] > https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf > ++// This file implements the RSASSA-PSS signature scheme according to RFC > 8017. > + > + import ( > + "bytes" > +@@ -17,8 +15,22 @@ import ( > + "math/big" > + ) > + > ++// Per RFC 8017, Section 9.1 > ++// > ++// EM = MGF1 xor DB || H( 8*0x00 || mHash || salt ) || 0xbc > ++// > ++// where > ++// > ++// DB = PS || 0x01 || salt > ++// > ++// and PS can be empty so > ++// > ++// emLen = dbLen + hLen + 1 = psLen + sLen + hLen + 2 > ++// > ++ > + func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) > ([]byte, error) { > +- // See [1], section 9.1.1 > ++ // See RFC 8017, Section 9.1.1. > ++ > + hLen := hash.Size() > + sLen := len(salt) > + emLen := (emBits + 7) / 8 > +@@ -30,7 +42,7 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, > hash hash.Hash) ([]byt > + // 2. Let mHash = Hash(M), an octet string of length hLen. > + > + if len(mHash) != hLen { > +- return nil, errors.New("crypto/rsa: input must be hashed > message") > ++ return nil, errors.New("crypto/rsa: input must be hashed with >
[OE-core] Patchtest results for [PATCH 3/3] python3-cython: update 0.29.36 -> 3.0.7
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/3-3-python3-cython-update-0.29.36---3.0.7.patch FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM changed without "License-Update:" tag and description in commit message (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193358): https://lists.openembedded.org/g/openembedded-core/message/193358 Mute This Topic: https://lists.openembedded.org/mt/103542374/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/3] python3-cython: update 0.29.36 -> 3.0.7
pep517 build backends require cython 3.x when python is at 3.12, so we can't hold this update any longer. There are only a few things in meta-oe and meta that break anymore, and fixes for them are provided at the same time as this patch. License-update: http -> https Signed-off-by: Alexander Kanavin --- meta/recipes-devtools/python/python-cython.inc | 7 +-- .../{python3-cython_0.29.36.bb => python3-cython_3.0.7.bb} | 0 2 files changed, 5 insertions(+), 2 deletions(-) rename meta/recipes-devtools/python/{python3-cython_0.29.36.bb => python3-cython_3.0.7.bb} (100%) diff --git a/meta/recipes-devtools/python/python-cython.inc b/meta/recipes-devtools/python/python-cython.inc index 6aec6b012f1..bc1953c5045 100644 --- a/meta/recipes-devtools/python/python-cython.inc +++ b/meta/recipes-devtools/python/python-cython.inc @@ -5,11 +5,11 @@ It's designed to bridge the gap between the nice, high-level, easy-to-use world and the messy, low-level world of C." SECTION = "devel/python" LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e23fadd6ceef8c618fc1c65191d846fa" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=61c3ee8961575861fa86c7e62bc9f69c" PYPI_PACKAGE = "Cython" BBCLASSEXTEND = "native nativesdk" -SRC_URI[sha256sum] = "41c0cfd2d754e383c9eeb95effc9aa4ab847d0c9747077ddd7c0dcb68c3bc01f" +SRC_URI[sha256sum] = "fb299acf3a578573c190c858d49e0cf9d75f4bc49c3f24c5a63804997ef09213" UPSTREAM_CHECK_REGEX = "Cython-(?P.*)\.tar" inherit pypi @@ -39,4 +39,7 @@ do_install:append() { for PYTHSCRIPT in `grep -rIl '^#!.*python' ${D}`; do sed -i -e '1s|^#!.*|#!/usr/bin/env ${PYTHON_PN}|' $PYTHSCRIPT done + +# remove build paths from generated sources +sed -i -e 's|${WORKDIR}||' ${S}/Cython/*.c ${S}/Cython/Compiler/*.c ${S}/Cython/Plex/*.c } diff --git a/meta/recipes-devtools/python/python3-cython_0.29.36.bb b/meta/recipes-devtools/python/python3-cython_3.0.7.bb similarity index 100% rename from meta/recipes-devtools/python/python3-cython_0.29.36.bb rename to meta/recipes-devtools/python/python3-cython_3.0.7.bb -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193357): https://lists.openembedded.org/g/openembedded-core/message/193357 Mute This Topic: https://lists.openembedded.org/mt/103542146/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/3] python3-pyaaml: make compatible with cython 3.x
This has been rejected by upstream in favour of requiring obsolete cython until there's 'proper' 3.x support. Months later, there's still no progress so let's just take the rejected fix, as it does work (as reported by others as well), and allows moving forward with cython. Signed-off-by: Alexander Kanavin --- .../0001-Fix-builds-with-Cython-3.patch | 54 +++ .../python/python3-pyyaml_6.0.1.bb| 1 + 2 files changed, 55 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyyaml/0001-Fix-builds-with-Cython-3.patch diff --git a/meta/recipes-devtools/python/python3-pyyaml/0001-Fix-builds-with-Cython-3.patch b/meta/recipes-devtools/python/python3-pyyaml/0001-Fix-builds-with-Cython-3.patch new file mode 100644 index 000..a87d588b6a1 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyyaml/0001-Fix-builds-with-Cython-3.patch @@ -0,0 +1,54 @@ +From 9cc23db56add79357b8f8257fe6fc0d6879d4579 Mon Sep 17 00:00:00 2001 +From: "Andrew J. Hesford" +Date: Fri, 21 Jul 2023 09:50:00 -0400 +Subject: [PATCH] Fix builds with Cython 3 + +This is a *de minimis* fix for building with Cython 3. Recent Cython<3 +releases provided `Cython.Distutils.build_ext` as an alias to +`Cython.Distutils.old_build_ext.old_build_ext`; Cython 3 drops this +alias and instead uses a wholly new `Cython.Distutils.build_ext` that +does not provide the `cython_sources` function used in `setup.py`. + +Explicitly importing `old_build_ext` preserves the existing behavior for +recent Cython<3 and uses the correct behavior for Cython 3. Should the +import fail (*e.g.*, because the version of Cython available predates +the availability of `old_build_ext`), the import falls back to just +`Cython.Distutils.build_ext`. + +Signed-off-by: Andrew J. Hesford +Upstream-Status: Denied [https://github.com/yaml/pyyaml/pull/731] +Signed-off-by: Alexander Kanavin +--- + pyproject.toml | 2 +- + setup.py | 6 +- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/pyproject.toml b/pyproject.toml +index 4bc04c0..2bf5ec8 100644 +--- a/pyproject.toml b/pyproject.toml +@@ -1,3 +1,3 @@ + [build-system] +-requires = ["setuptools", "wheel", "Cython<3.0"] ++requires = ["setuptools", "wheel", "Cython"] + build-backend = "setuptools.build_meta" +diff --git a/setup.py b/setup.py +index 65b0ea0..4461580 100644 +--- a/setup.py b/setup.py +@@ -82,7 +82,11 @@ if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1': + with_cython = True + try: + from Cython.Distutils.extension import Extension as _Extension +-from Cython.Distutils import build_ext as _build_ext ++try: ++from Cython.Distutils.old_build_ext import old_build_ext as _build_ext ++except ImportError: ++from Cython.Distutils import build_ext as _build_ext ++ + with_cython = True + except ImportError: + if with_cython: +-- +2.39.2 + diff --git a/meta/recipes-devtools/python/python3-pyyaml_6.0.1.bb b/meta/recipes-devtools/python/python3-pyyaml_6.0.1.bb index 4ab8f038f42..61f7cbc6b36 100644 --- a/meta/recipes-devtools/python/python3-pyyaml_6.0.1.bb +++ b/meta/recipes-devtools/python/python3-pyyaml_6.0.1.bb @@ -9,6 +9,7 @@ PYPI_PACKAGE = "PyYAML" inherit pypi python_setuptools_build_meta +SRC_URI += "file://0001-Fix-builds-with-Cython-3.patch" SRC_URI[sha256sum] = "bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43" RDEPENDS:${PN} += "\ -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193356): https://lists.openembedded.org/g/openembedded-core/message/193356 Mute This Topic: https://lists.openembedded.org/mt/103542145/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/3] devtool/standard: correctly escape \
python 3.12 points out that: SyntaxWarning: invalid escape sequence '\*' Signed-off-by: Alexander Kanavin --- scripts/lib/devtool/standard.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py index 559fd45676c..c20c0321a35 100644 --- a/scripts/lib/devtool/standard.py +++ b/scripts/lib/devtool/standard.py @@ -772,7 +772,7 @@ def get_staging_kver(srcdir): def get_staging_kbranch(srcdir): staging_kbranch = "" if os.path.exists(srcdir) and os.listdir(srcdir): -(branch, _) = bb.process.run('git branch | grep \* | cut -d \' \' -f2', cwd=srcdir) +(branch, _) = bb.process.run('git branch | grep \\* | cut -d \' \' -f2', cwd=srcdir) staging_kbranch = "".join(branch.split('\n')[0]) return staging_kbranch -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193355): https://lists.openembedded.org/g/openembedded-core/message/193355 Mute This Topic: https://lists.openembedded.org/mt/103542143/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/7] sstatesig/find_siginfo: unify a disjointed API
On Fri, 2024-01-05 at 12:42 +0100, Alexander Kanavin wrote: > On Fri, 5 Jan 2024 at 12:22, Richard Purdie > wrote: > > > I've a few ideas on how we might be able to detect potential problems, > > I'll continue to try and work something out but I want to make it clear > > there are some things it is hard to change :/. > > There's the option of adding another function (find_siginfo_v2) and > leaving this one as it was, this is how the kernel does things. They > don't shy away from adding v3, v4 and so on either. But I thought less > code is better than more code. That is effectively what I just merged, except I did break compatibility by dropping the v1. We need to give the user good messages about how to fix their problem which is why a number is needed rather than just a function name. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193354): https://lists.openembedded.org/g/openembedded-core/message/193354 Mute This Topic: https://lists.openembedded.org/mt/103239349/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] sstatesig: Add version information for find_sigingfo
Since we're changing the return values of the function, add a version so bitbake can ensure it is using a compatible function. Signed-off-by: Richard Purdie --- meta/lib/oe/sstatesig.py | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 6f124e4f59b..1b4380f21bc 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -422,6 +422,7 @@ def find_siginfo(pn, taskname, taskhashlist, d): return hashfiles bb.siggen.find_siginfo = find_siginfo +bb.siggen.find_siginfo_version = 2 def sstate_get_manifest_filename(task, d): -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193353): https://lists.openembedded.org/g/openembedded-core/message/193353 Mute This Topic: https://lists.openembedded.org/mt/103540998/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/7] sstatesig/find_siginfo: unify a disjointed API
On Fri, 5 Jan 2024 at 12:22, Richard Purdie wrote: > I've a few ideas on how we might be able to detect potential problems, > I'll continue to try and work something out but I want to make it clear > there are some things it is hard to change :/. There's the option of adding another function (find_siginfo_v2) and leaving this one as it was, this is how the kernel does things. They don't shy away from adding v3, v4 and so on either. But I thought less code is better than more code. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193352): https://lists.openembedded.org/g/openembedded-core/message/193352 Mute This Topic: https://lists.openembedded.org/mt/103239349/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/7] sstatesig/find_siginfo: unify a disjointed API
On Mon, 2023-12-18 at 09:43 +0100, Alexander Kanavin wrote: > find_siginfo() returns two different data structures depending > on whether its third argument (list of hashes to find) is empty or > not: > - a dict of timestamps keyed by path > - a dict of paths keyed by hash > > This is not a good API design; it's much better to return > a dict of dicts that include both timestamp and path, keyed by > hash. Then the API consumer can decide how they want to use these > fields, particularly for additional diagnostics or informational > output. > > I also took the opportunity to add a binary field that > tells if the match came from sstate or local stamps dir, which > will help prioritize local stamps when looking up most > recent task signatures. > > Signed-off-by: Alexander Kanavin > --- > meta/lib/oe/buildhistory_analysis.py| 2 +- > meta/lib/oe/sstatesig.py| 31 + > meta/lib/oeqa/selftest/cases/sstatetests.py | 10 +++ > 3 files changed, 19 insertions(+), 24 deletions(-) I can see why you've done this. I had thought this might have been a compatibility issue but it wasn't, it was just bad design from the start (and I wasn't responsible for it for a change!). It gives me a real headache for merging though since it requires OE- Core and bitbake to change in lockstep. There is a risk people might just update bitbake but not OE-Core and also vice versa, they update OE-Core but not bitbake. This can happen for all kinds of reasons, e.g. mixing a newer bitbake with an older release. The latter is easy to address with a bitbake version check bit the former is not really possible to detect with our current code as bitbake can't know OE-Core doesn't support what it needs. With other changes in the pipeline like inherit_defer and the fact there is a bug related to this on a stable branch, it makes it all the more likely people will try and mix/match different versions. I've a few ideas on how we might be able to detect potential problems, I'll continue to try and work something out but I want to make it clear there are some things it is hard to change :/. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193351): https://lists.openembedded.org/g/openembedded-core/message/193351 Mute This Topic: https://lists.openembedded.org/mt/103239349/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC v2 1/2] bitbake-layers: Add ability to update the reference of repositories
On Fri, 5 Jan 2024 at 12:14, Jermain Horsman wrote: > This leave the question of what to do if only the '--reference' option is > used? > Do nothing or update/use a custom revision for all repos? Updating all repos to the same reference is unlikely to work well with real world combinations of layer repositories. I would do nothing and print a message indicating so. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193350): https://lists.openembedded.org/g/openembedded-core/message/193350 Mute This Topic: https://lists.openembedded.org/mt/103521079/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC v2 1/2] bitbake-layers: Add ability to update the reference of repositories
> On further thought, if done this way, then --update could instead > serve to update file that already exists, whereas the default would be I would prefer this, as I might have a config with repo A and B for which I have changed both locally, but I'd only want to apply the changes to B to the layers setup, writing a new file will update A, whereas using the old layers setup will leave A as is. > to overwrite the file with a new one. To clarify as it is not entirely clear this is what you suggested. Use '--update' as a boolean flag which determines whether or not to use the old layers setup or write a new one and use an additional '--use-custom-reference repo' option to determine for with repo to use the custom reference. This leave the question of what to do if only the '--reference' option is used? Do nothing or update/use a custom revision for all repos? An separate option like '--use-custom-reference-all' seems undesirable to me. Sincerely, Jermain Horsman -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193349): https://lists.openembedded.org/g/openembedded-core/message/193349 Mute This Topic: https://lists.openembedded.org/mt/103521079/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] lib/sstatesig/find_siginfo: raise an error instead of returning None when obtaining mtime
Right, I guess the code can be tweaked to not return entries where mtime could not be determined, but I'd like to observe the actual failure in the wild first, for the sake of a better commit message. Alex On Fri, 5 Jan 2024 at 11:46, Richard Purdie wrote: > > On Tue, 2024-01-02 at 15:50 +0100, Alexander Kanavin wrote: > > Suppressing the error and returning None can result in a delayed failure: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/86/builds/6254/steps/14/logs/stdio > > https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/6262/steps/14/logs/stdio > > > > It is not clear why the os.stat() error occurs to begin with (it > > shouldn't), so rather than > > adding further workarounds, let's get diagnostics at the source first, so > > we understand > > what is going on. > > > > Signed-off-by: Alexander Kanavin > > --- > > meta/lib/oe/sstatesig.py | 5 + > > 1 file changed, 1 insertion(+), 4 deletions(-) > > > > diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py > > index 0342bcdc87a..6f124e4f59b 100644 > > --- a/meta/lib/oe/sstatesig.py > > +++ b/meta/lib/oe/sstatesig.py > > @@ -357,10 +357,7 @@ def find_siginfo(pn, taskname, taskhashlist, d): > > return siginfo.rpartition('.')[2] > > > > def get_time(fullpath): > > -try: > > -return os.stat(fullpath).st_mtime > > -except OSError: > > -return None > > +return os.stat(fullpath).st_mtime > > > > # First search in stamps dir > > localdata = d.createCopy() > > FWIW, this comes from: > > https://git.yoctoproject.org/poky/commit/meta/lib/oe/sstatesig.py?id=3df8773ed9301b0fc0e385e066a48110900136f7 > > I also suspect it is possible for a file to exist as a temp file but > get renamed into place while the test runs. > > Cheers, > > Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193348): https://lists.openembedded.org/g/openembedded-core/message/193348 Mute This Topic: https://lists.openembedded.org/mt/103482180/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] lib/sstatesig/find_siginfo: raise an error instead of returning None when obtaining mtime
On Tue, 2024-01-02 at 15:50 +0100, Alexander Kanavin wrote: > Suppressing the error and returning None can result in a delayed failure: > https://autobuilder.yoctoproject.org/typhoon/#/builders/86/builds/6254/steps/14/logs/stdio > https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/6262/steps/14/logs/stdio > > It is not clear why the os.stat() error occurs to begin with (it shouldn't), > so rather than > adding further workarounds, let's get diagnostics at the source first, so we > understand > what is going on. > > Signed-off-by: Alexander Kanavin > --- > meta/lib/oe/sstatesig.py | 5 + > 1 file changed, 1 insertion(+), 4 deletions(-) > > diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py > index 0342bcdc87a..6f124e4f59b 100644 > --- a/meta/lib/oe/sstatesig.py > +++ b/meta/lib/oe/sstatesig.py > @@ -357,10 +357,7 @@ def find_siginfo(pn, taskname, taskhashlist, d): > return siginfo.rpartition('.')[2] > > def get_time(fullpath): > -try: > -return os.stat(fullpath).st_mtime > -except OSError: > -return None > +return os.stat(fullpath).st_mtime > > # First search in stamps dir > localdata = d.createCopy() FWIW, this comes from: https://git.yoctoproject.org/poky/commit/meta/lib/oe/sstatesig.py?id=3df8773ed9301b0fc0e385e066a48110900136f7 I also suspect it is possible for a file to exist as a temp file but get renamed into place while the test runs. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193347): https://lists.openembedded.org/g/openembedded-core/message/193347 Mute This Topic: https://lists.openembedded.org/mt/103482180/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC PATCH V2 0/5] Fix persistent tmp
Hi, Richard I had send a similar patch before, subjected as "bitbake.conf: support persistent /var/tmp", and you have replied me with some concerns on 2021/9/13. But I noticed that another variable VOLATILE_TMP_DIR is added in 2023. but as I tested, it not works, so I make this patch to make it work for both sysV and systemd. Not sure if you still have those concerns now, so just kindly ping to check. Thanks Changqing On 12/11/23 08:58, Changqing Li wrote: From: Changqing Li Hi, All Currently, VOLATILE_TMP_DIR not works, set VOLATILE_TMP_DIR="no", VOLATILE_LOG_DIR="no", after boot target, /var/tmp still link to tmpfs /var/volatile/tmp lrwxrwxrwx 1 root root 11 Mar 9 2018 lock -> ../run/lock drwxr-xr-x 4 root root 1024 Dec 4 07:55 log lrwxrwxrwx 1 root root6 Mar 9 2018 run -> ../run drwxr-xr-x 3 root root 1024 Mar 9 2018 spool lrwxrwxrwx 1 root root 12 Mar 9 2018 tmp -> volatile/tmp drwxrwxrwt 4 root root 80 Dec 4 07:55 volatile So I do some research, fix this issue and do some other changes accordingly. Please help to review this patch, thanks. Targets: 1. Support persistent tmp, For persistent tmp, only /var/tmp is persistent, /tmp is tmpfs, For volatile tmp, /tmp link to /var/tmp, /var/tmp link to /var/volatile/tmp 2. make systemd and SysVinit have the same directory structure. Currently, systemd and SysVinit have different directory structure, the difference focus on how to handle /tmp. when volatile is enabled, for sysVinit, /tmp link to /var/tmp, /var/tmp link to /var/volatile/tmp refer [4][5]. but for systemd, /tmp is a directory, it is mounted by systemd as tmpfs. /var/tmp linked to /var/volatile/tmp. And for systemd, refer [6], set different age for /tmp and /var/tmp. Since volatile disabled not works, ignore the difference when volatile is disabled. With this patch, VOLATILE_TMP_DIR will behavior like this: For both sysvinit and systemd: 1. VOLATILE_TMP_DIR="yes": /tmp link to /var/tmp, /var/tmp link to /var/volatile/log, /var/volatile is mounted as tmpfs In this case, for systemd, /tmp and /var/tmp will set to the same age, 10d. Compare to current behavior, there are 2 changes: 1) for systemd, /tmp changed from a directy to a symlink to /var/tmp 2) age of /tmp and /var/tmp will be same 2. VOLATILE_TMP_DIR="no": /tmp is a directory mounted as tmpfs, /var/tmp is a directory on persistent fs, and keep the age as [6] Change like this in order to meet [1][2], also maybe [3] for systemd. Compare to current behavior, there is one change: 1) for sysVinit, /tmp changed from a symlink to a directory [1]https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s18.html [2]https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s15.html [3]https://systemd.io/TEMPORARY_DIRECTORIES/ [4]https://git.openembedded.org/openembedded/tree/docs/usermanual/chapters/recipes.xml#n3535 [5]https://git.openembedded.org/openembedded-core/commit/?id=12c4acd7ac5a27cf3676065b60f1c8395c96854c [6]https://github.com/systemd/systemd/blob/main/tmpfiles.d/tmp.conf [7]https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html Test Result of following cases: 1. SysVinit VOLATILE_TMP_DIR="yes" VOLATILE_LOG_DIR="yes" root@qemux86-64:~# ls -al /tmp lrwxrwxrwx1 root root 8 Dec 8 08:51 /tmp -> /var/tmp root@qemux86-64:~# ls -al /var/log lrwxrwxrwx1 root root17 Dec 8 08:51 /var/log -> /var/volatile/log root@qemux86-64:~# ls -al /var/tmp lrwxrwxrwx1 root root17 Dec 8 08:51 /var/tmp -> /var/volatile/tmp root@qemux86-64:~# mount | grep volatile tmpfs on /var/volatile type tmpfs (rw,relatime) root@qemux86-64:~# 2. SysVinit VOLATILE_TMP_DIR="no" VOLATILE_LOG_DIR="no" root@qemux86-64:/# ls -al drwxr-xr-x 18 root root 1024 Dec 8 09:22 . drwxr-xr-x 18 root root 1024 Dec 8 09:22 .. drwxr-xr-x2 root root 3072 Mar 9 2018 bin drwxr-xr-x2 root root 1024 Mar 9 2018 boot drwxr-xr-x 13 root root 2960 Dec 8 09:24 dev drwxr-xr-x 20 root root 1024 Dec 8 09:24 etc drwxr-xr-x3 root root 1024 Mar 9 2018 home drwxr-xr-x6 root root 1024 Mar 9 2018 lib drwx--2 root root 12288 Dec 8 09:22 lost+found drwxr-xr-x2 root root 1024 Mar 9 2018 media drwxr-xr-x2 root root 1024 Mar 9 2018 mnt dr-xr-xr-x 161 root root 0 Dec 8 09:24 proc drwxr-xr-x4 root root 240 Dec 8 09:24 run drwxr-xr-x2 root root 3072 Mar 9 2018 sbin dr-xr-xr-x 12 root root 0 Dec 8 09:24 sys drwxrwxrwt2 root root40 Dec 8 09:24 tmp drwxr-xr-x9 root root 1024 Mar 9 2018 usr drwxr-xr-x 10 root root 1024 Dec 8 09:24 var root@qemux86-64:/# cd /var/ root@qemux86-64:/var# ls -al drwxr-xr-x 10 root root 1024 Dec 8