Re: [OE-core] [PATCH] nghttp2: Fix do_rootfs error as following:
This does not seem correct. These two packages have FILES specified, and
ALLOW_EMPTY:${PN} is set to "1". I suspect the actually problem lies in
somewhere else.
Regards,
Qi
On 2/10/23 15:34, leimaohui wrote:
Problem: conflicting requests
- nothing provides nghttp2-client >= 1.51.0 needed by
nghttp2-1.51.0-r0.core2_64
- nothing provides nghttp2-server >= 1.51.0 needed by
nghttp2-1.51.0-r0.core2_64
Signed-off-by: Lei Maohui
---
meta/recipes-support/nghttp2/nghttp2_1.51.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
b/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
index 8ddb851f71..72a4372214 100644
--- a/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
+++ b/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
@@ -24,6 +24,8 @@ RDEPENDS:${PN}:class-native = ""
RDEPENDS:${PN}-proxy = "openssl python3-core python3-io python3-shell"
ALLOW_EMPTY:${PN} = "1"
+ALLOW_EMPTY:${PN}-server = "1"
+ALLOW_EMPTY:${PN}-client = "1"
FILES:${PN} = ""
FILES:lib${BPN} = "${libdir}/*${SOLIBS}"
FILES:${PN}-client = "${bindir}/h2load ${bindir}/nghttp"
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176985):
https://lists.openembedded.org/g/openembedded-core/message/176985
Mute This Topic: https://lists.openembedded.org/mt/96872036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] nghttp2: Fix do_rootfs error as following:
If neither client nor server packages contain any files, then what is
installed? Is there some other useful package than nghttp2 package
pulls in, or does it itself contain something useful?
Alex
On Fri, 10 Feb 2023 at 08:35, leimaohui wrote:
>
> Problem: conflicting requests
> - nothing provides nghttp2-client >= 1.51.0 needed by
> nghttp2-1.51.0-r0.core2_64
> - nothing provides nghttp2-server >= 1.51.0 needed by
> nghttp2-1.51.0-r0.core2_64
>
> Signed-off-by: Lei Maohui
> ---
> meta/recipes-support/nghttp2/nghttp2_1.51.0.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
> b/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
> index 8ddb851f71..72a4372214 100644
> --- a/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
> +++ b/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
> @@ -24,6 +24,8 @@ RDEPENDS:${PN}:class-native = ""
> RDEPENDS:${PN}-proxy = "openssl python3-core python3-io python3-shell"
>
> ALLOW_EMPTY:${PN} = "1"
> +ALLOW_EMPTY:${PN}-server = "1"
> +ALLOW_EMPTY:${PN}-client = "1"
> FILES:${PN} = ""
> FILES:lib${BPN} = "${libdir}/*${SOLIBS}"
> FILES:${PN}-client = "${bindir}/h2load ${bindir}/nghttp"
> --
> 2.34.1
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176984):
https://lists.openembedded.org/g/openembedded-core/message/176984
Mute This Topic: https://lists.openembedded.org/mt/96872036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] nghttp2: Fix do_rootfs error as following:
Problem: conflicting requests
- nothing provides nghttp2-client >= 1.51.0 needed by
nghttp2-1.51.0-r0.core2_64
- nothing provides nghttp2-server >= 1.51.0 needed by
nghttp2-1.51.0-r0.core2_64
Signed-off-by: Lei Maohui
---
meta/recipes-support/nghttp2/nghttp2_1.51.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
b/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
index 8ddb851f71..72a4372214 100644
--- a/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
+++ b/meta/recipes-support/nghttp2/nghttp2_1.51.0.bb
@@ -24,6 +24,8 @@ RDEPENDS:${PN}:class-native = ""
RDEPENDS:${PN}-proxy = "openssl python3-core python3-io python3-shell"
ALLOW_EMPTY:${PN} = "1"
+ALLOW_EMPTY:${PN}-server = "1"
+ALLOW_EMPTY:${PN}-client = "1"
FILES:${PN} = ""
FILES:lib${BPN} = "${libdir}/*${SOLIBS}"
FILES:${PN}-client = "${bindir}/h2load ${bindir}/nghttp"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176983):
https://lists.openembedded.org/g/openembedded-core/message/176983
Mute This Topic: https://lists.openembedded.org/mt/96872036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 8/8] mesa: update 22.3.3 -> 22.3.5
Signed-off-by: Alexander Kanavin
---
...ove-fix-ALWAYS_INLINE-compiler-error.patch | 36 ---
.../{mesa-gl_22.3.3.bb => mesa-gl_22.3.5.bb} | 0
meta/recipes-graphics/mesa/mesa.inc | 3 +-
.../mesa/{mesa_22.3.3.bb => mesa_22.3.5.bb} | 0
4 files changed, 1 insertion(+), 38 deletions(-)
delete mode 100644
meta/recipes-graphics/mesa/files/0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch
rename meta/recipes-graphics/mesa/{mesa-gl_22.3.3.bb => mesa-gl_22.3.5.bb}
(100%)
rename meta/recipes-graphics/mesa/{mesa_22.3.3.bb => mesa_22.3.5.bb} (100%)
diff --git
a/meta/recipes-graphics/mesa/files/0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch
b/meta/recipes-graphics/mesa/files/0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch
deleted file mode 100644
index 1cf23492fe..00
---
a/meta/recipes-graphics/mesa/files/0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 267dd1f4d571ee606141aa66f1665aa152b4e911 Mon Sep 17 00:00:00 2001
-From: t0b3
-Date: Sat, 10 Dec 2022 14:32:53 +0100
-Subject: [PATCH] nir/nir_opt_move: fix ALWAYS_INLINE compiler error
-
-Reviewed-by: Iago Toral Quiroga
-Reviewed-by: Adam Jackson
-Closes: #6825
-Fixes: f1d20ec6 ("nir/nir_opt_move: handle non-SSA defs ")
-Part-of:
-
-Upstream-Status: Backport
[https://gitlab.freedesktop.org/mesa/mesa/-/commit/267dd1f4d571ee606141aa66f1665aa152b4e911]
- src/compiler/nir/nir_opt_move.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/compiler/nir/nir_opt_move.c b/src/compiler/nir/nir_opt_move.c
-index 81bcde5c436..9aeb9f4cf86 100644
a/src/compiler/nir/nir_opt_move.c
-+++ b/src/compiler/nir/nir_opt_move.c
-@@ -51,13 +51,13 @@
- * lower register pressure.
- */
-
--static ALWAYS_INLINE bool
-+static inline bool
- src_is_ssa(nir_src *src, void *state)
- {
-return src->is_ssa;
- }
-
--static ALWAYS_INLINE bool
-+static inline bool
- instr_reads_register(nir_instr *instr)
- {
-return !nir_foreach_src(instr, src_is_ssa, NULL);
diff --git a/meta/recipes-graphics/mesa/mesa-gl_22.3.3.bb
b/meta/recipes-graphics/mesa/mesa-gl_22.3.5.bb
similarity index 100%
rename from meta/recipes-graphics/mesa/mesa-gl_22.3.3.bb
rename to meta/recipes-graphics/mesa/mesa-gl_22.3.5.bb
diff --git a/meta/recipes-graphics/mesa/mesa.inc
b/meta/recipes-graphics/mesa/mesa.inc
index cc4aa5eeab..0a3dc1dd62 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -19,10 +19,9 @@ SRC_URI =
"https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
file://0001-util-format-Check-for-NEON-before-using-it.patch \
file://0001-gbm-backend-fix-gbm-compile-without-dri.patch \
- file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch
\
"
-SRC_URI[sha256sum] =
"bed799788bf2bd9ef079d97cd8e09348bf53cb086818578e40773b2b17812922"
+SRC_URI[sha256sum] =
"3eed2ecae2bc674494566faab9fcc9beb21cd804c7ba2b59a1694f3d7236e6a9"
UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P\d+(\.\d+)+)"
diff --git a/meta/recipes-graphics/mesa/mesa_22.3.3.bb
b/meta/recipes-graphics/mesa/mesa_22.3.5.bb
similarity index 100%
rename from meta/recipes-graphics/mesa/mesa_22.3.3.bb
rename to meta/recipes-graphics/mesa/mesa_22.3.5.bb
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176982):
https://lists.openembedded.org/g/openembedded-core/message/176982
Mute This Topic: https://lists.openembedded.org/mt/96871671/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 7/8] gstreamer1.0: update 1.20.5 -> 1.22.0
Drop xingmux license snippet from plugins-ugly as it moved to plugins-good;
the license was LGPL in any case:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/blob/d132592423be64ec18a223b67810ac89f391277e/subprojects/gst-plugins-good/tests/check/elements/xingmux.c
videoconvert/videoscale plgins were merged into one.
Signed-off-by: Alexander Kanavin
---
...tools_1.20.5.bb => gst-devtools_1.22.0.bb} | 2 +-
...1.20.5.bb => gstreamer1.0-libav_1.22.0.bb} | 2 +-
.../gstreamer/gstreamer1.0-meta-base.bb | 3 +-
...x_1.20.5.bb => gstreamer1.0-omx_1.22.0.bb} | 2 +-
bb => gstreamer1.0-plugins-bad_1.22.0.bb} | 2 +-
...bb => gstreamer1.0-plugins-base_1.22.0.bb} | 2 +-
...bb => gstreamer1.0-plugins-good_1.22.0.bb} | 2 +-
...bb => gstreamer1.0-plugins-ugly_1.22.0.bb} | 4 +-
20.5.bb => gstreamer1.0-python_1.22.0.bb} | 2 +-
bb => gstreamer1.0-rtsp-server_1.22.0.bb} | 2 +-
...1.20.5.bb => gstreamer1.0-vaapi_1.22.0.bb} | 21 +-
...spect-the-idententaion-used-in-meson.patch | 24 +-
...ts-add-support-for-install-the-tests.patch | 56 ++--
...005-bin-Fix-race-conditions-in-tests.patch | 300 --
...er1.0_1.20.5.bb => gstreamer1.0_1.22.0.bb} | 7 +-
15 files changed, 66 insertions(+), 365 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.5.bb =>
gst-devtools_1.22.0.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.5.bb =>
gstreamer1.0-libav_1.22.0.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.5.bb =>
gstreamer1.0-omx_1.22.0.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.5.bb
=> gstreamer1.0-plugins-bad_1.22.0.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.5.bb
=> gstreamer1.0-plugins-base_1.22.0.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.5.bb
=> gstreamer1.0-plugins-good_1.22.0.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.5.bb
=> gstreamer1.0-plugins-ugly_1.22.0.bb} (88%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.5.bb =>
gstreamer1.0-python_1.22.0.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.5.bb
=> gstreamer1.0-rtsp-server_1.22.0.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.5.bb =>
gstreamer1.0-vaapi_1.22.0.bb} (70%)
delete mode 100644
meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.5.bb =>
gstreamer1.0_1.22.0.bb} (93%)
diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.0.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
rename to meta/recipes-multimedia/gstreamer/gst-devtools_1.22.0.bb
index 9db31c18e4..3e9a789d24 100644
--- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.0.bb
@@ -12,7 +12,7 @@ SRC_URI =
"https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] =
"5684436121b8bae07fd00b74395f95e44b5f26323dce4fa045fa665676807bba"
+SRC_URI[sha256sum] =
"4d21fee5c15f2877c0b1f6c2da0cdba67ce7caab2c199ab27e91a1394d5ba195"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0
gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.0.bb
similarity index 91%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.0.bb
index e5925c6510..625a52ea55 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.0.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \
"
SRC_URI =
"https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz;
-SRC_URI[sha256sum] =
"b152e3cc49d014899f53c39d8a6224a44e1399b4cf76aa5f9a903fdf9793c3cc"
+SRC_URI[sha256sum] =
"0e48407b4905227a260213dbda84cba3812f0530fc7a75b43829102ef82810f1"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-meta-base.bb
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-meta-base.bb
index 57a9adbaec..6cc11e1928 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-meta-base.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-meta-base.bb
@@ -34,8 +34,7 @@ RDEPENDS:gstreamer1.0-meta-base = "\
gstreamer1.0-plugins-base-audioconvert \
gstreamer1.0-plugins-base-audioresample \
[OE-core] [PATCH 6/8] vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs
Signed-off-by: Alexander Kanavin --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 9bc6881fce..fcb5cf6334 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".1211" -SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" +PV .= ".1293" +SRCREV = "0caaf1e46511f7a92e036f05e6aa9d5992540117" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176980): https://lists.openembedded.org/g/openembedded-core/message/176980 Mute This Topic: https://lists.openembedded.org/mt/96871669/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 5/8] go-cross-canadian: use gcc-crosssdk, not gcc-native
The recipe was building native go against build host headers and libraries,
and then installing it as a nativesdk item, which is entirely incorrect. This
has
been working by coincidence (go generally uses C and C libraries lightly)
but with go 1.20 this turned into hard breakage.
Also nativesdk sysroot was being passed in incorrectly.
Signed-off-by: Alexander Kanavin
---
meta/recipes-devtools/go/go-cross-canadian.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-devtools/go/go-cross-canadian.inc
b/meta/recipes-devtools/go/go-cross-canadian.inc
index c1aa987427..5a80ceffa3 100644
--- a/meta/recipes-devtools/go/go-cross-canadian.inc
+++ b/meta/recipes-devtools/go/go-cross-canadian.inc
@@ -21,10 +21,10 @@ export GO_LDFLAGS = '-linkmode external -extld
${HOST_PREFIX}gcc -extldflags "--
do_configure[noexec] = "1"
do_compile() {
- export CC_FOR_${HOST_GOTUPLE}="${HOST_PREFIX}gcc
--sysroot=${STAGING_DIR_HOST}${SDKPATHNATIVE} ${SECURITY_NOPIE_CFLAGS}"
- export CXX_FOR_${HOST_GOTUPLE}="${HOST_PREFIX}gxx
--sysroot=${STAGING_DIR_HOST}${SDKPATHNATIVE} ${SECURITY_NOPIE_CFLAGS}"
+ export CC_FOR_${HOST_GOTUPLE}="${HOST_PREFIX}gcc
--sysroot=${STAGING_DIR_HOST} ${SECURITY_NOPIE_CFLAGS}"
+ export CXX_FOR_${HOST_GOTUPLE}="${HOST_PREFIX}gxx
--sysroot=${STAGING_DIR_HOST} ${SECURITY_NOPIE_CFLAGS}"
cd src
- ./make.bash --host-only --no-banner
+ ./make.bash --target-only --no-banner
cd ${B}
}
do_compile[cleandirs] += "${GOTMPDIR} ${B}/bin ${B}/pkg"
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176978):
https://lists.openembedded.org/g/openembedded-core/message/176978
Mute This Topic: https://lists.openembedded.org/mt/96871666/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/8] bblayers/setupwriters/oe-setup-layers: create dir if not exists
From: Adrian Freihofer
Without this patch:
$ bitbake-layers create-layers-setup /home/adrian/temp/poky-clone
NOTE: Starting bitbake server...
Traceback (most recent call last):
File "/home/adrian/projects/poky/bitbake/lib/bb/process.py", line 169, in run
pipe = Popen(cmd, **options)
File "/home/adrian/projects/poky/bitbake/lib/bb/process.py", line 73, in
__init__
subprocess.Popen.__init__(self, *args, **options)
File "/usr/lib64/python3.10/subprocess.py", line 971, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib64/python3.10/subprocess.py", line 1847, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory:
'/home/adrian/temp/poky-clone'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/adrian/projects/poky/bitbake/bin/bitbake-layers", line 95, in
ret = main()
File "/home/adrian/projects/poky/bitbake/bin/bitbake-layers", line 88, in main
return args.func(args)
File "/home/adrian/projects/poky/meta/lib/bblayers/makesetup.py", line 90, in
do_make_setup
p.do_write(self, args)
File
"/home/adrian/projects/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py",
line 36, in do_write
repos = parent.make_repo_config(args.destdir, args.include_layer_repo)
File "/home/adrian/projects/poky/meta/lib/bblayers/makesetup.py", line 55, in
make_repo_config
destdir_repo = self._get_repo_path(destdir)
File "/home/adrian/projects/poky/meta/lib/bblayers/makesetup.py", line 30, in
_get_repo_path
repo_path, _ = bb.process.run('git rev-parse --show-toplevel',
cwd=layer_path)
File "/home/adrian/projects/poky/bitbake/lib/bb/process.py", line 172, in run
raise NotFoundError(cmd)
bb.process.NotFoundError: Execution of 'git rev-parse --show-toplevel' failed:
command not found
with this patch:
$ bitbake-layers create-layers-setup /home/adrian/temp/poky-clone
NOTE: Starting bitbake server...
NOTE: Created /home/adrian/temp/poky-clone/setup-layers.json
NOTE: Created /home/adrian/temp/poky-clone/setup-layers
Signed-off-by: Alexander Kanavin
---
meta/lib/bblayers/setupwriters/oe-setup-layers.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/bblayers/setupwriters/oe-setup-layers.py
b/meta/lib/bblayers/setupwriters/oe-setup-layers.py
index f6a484b766..d5bc19a8cb 100644
--- a/meta/lib/bblayers/setupwriters/oe-setup-layers.py
+++ b/meta/lib/bblayers/setupwriters/oe-setup-layers.py
@@ -33,6 +33,8 @@ class OeSetupLayersWriter():
def do_write(self, parent, args):
""" Writes out a python script and a json config that replicate the
directory structure and revisions of the layers in a current build. """
+if not os.path.exists(args.destdir):
+os.makedirs(args.destdir)
repos = parent.make_repo_config(args.destdir)
json = {"version":"1.0","sources":repos}
if not repos:
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176975):
https://lists.openembedded.org/g/openembedded-core/message/176975
Mute This Topic: https://lists.openembedded.org/mt/96871663/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/8] bblayers/makesetup: skip git repos that are submodules
Signed-off-by: Alexander Kanavin
---
meta/lib/bblayers/makesetup.py | 10 ++
1 file changed, 10 insertions(+)
diff --git a/meta/lib/bblayers/makesetup.py b/meta/lib/bblayers/makesetup.py
index 834e9338bc..5fb6f1469e 100644
--- a/meta/lib/bblayers/makesetup.py
+++ b/meta/lib/bblayers/makesetup.py
@@ -45,6 +45,13 @@ class MakeSetupPlugin(LayerPlugin):
return ""
return describe.strip()
+def _is_submodule(self, repo_path):
+# This is slightly brittle: git does not offer a way to tell whether
+# a given repo dir is a submodule checkout, so we need to rely on .git
+# being a file (rather than a dir like it is in standalone checkouts).
+# The file typically contains a gitdir pointer to elsewhere.
+return os.path.isfile(os.path.join(repo_path,".git"))
+
def make_repo_config(self, destdir):
""" This is a helper function for the writer plugins that discovers
currently configured layers.
The writers do not have to use it, but it can save a bit of work and
avoid duplicated code, hence it is
@@ -63,6 +70,9 @@ class MakeSetupPlugin(LayerPlugin):
logger.error("Layer {name} in {path} has uncommitted
modifications or is not in a git repository.".format(name=l_name,path=l_path))
return
repo_path = self._get_repo_path(l_path)
+
+if self._is_submodule(repo_path):
+continue
if repo_path not in repos.keys():
repos[repo_path] =
{'path':os.path.basename(repo_path),'git-remote':{'rev':l_rev,
'branch':l_branch, 'remotes':self._get_remotes(repo_path),
'describe':self._get_describe(repo_path)}}
if repo_path == destdir_repo:
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176976):
https://lists.openembedded.org/g/openembedded-core/message/176976
Mute This Topic: https://lists.openembedded.org/mt/96871664/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/8] scripts/oe-setup-layers: print a note about submodules if present
Signed-off-by: Alexander Kanavin
---
scripts/oe-setup-layers | 6 ++
1 file changed, 6 insertions(+)
diff --git a/scripts/oe-setup-layers b/scripts/oe-setup-layers
index d0bc9f1667..461560de9f 100755
--- a/scripts/oe-setup-layers
+++ b/scripts/oe-setup-layers
@@ -46,6 +46,9 @@ def _is_layer_at_remote_uri(layerdir, remote, uri):
pass
return False
+def _contains_submodules(layerdir):
+return os.path.exists(os.path.join(layerdir,".gitmodules"))
+
def _do_checkout(args, json):
layers = json['sources']
for l_name in layers:
@@ -90,6 +93,9 @@ def _do_checkout(args, json):
print("Running '{}' in {}".format(cmd, layerdir))
subprocess.check_output(cmd, shell=True, cwd=layerdir)
+if _contains_submodules(layerdir):
+print("Repo {} contains submodules, use 'git submodule update'
to ensure they are up to date".format(layerdir))
+
parser = argparse.ArgumentParser(description="A self contained python script
that fetches all the needed layers and sets them to correct revisions using
data in a json format from a separate file. The json data can be created from
an active build directory with 'bitbake-layers create-layers-setup destdir' and
there's a sample file and a schema in meta/files/")
parser.add_argument('--force-bootstraplayer-checkout', action='store_true',
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176977):
https://lists.openembedded.org/g/openembedded-core/message/176977
Mute This Topic: https://lists.openembedded.org/mt/96871665/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [patch][kirkstone] git: upgrade to 2.35.6
From: Chee Yang Lee
upgrade include fix for CVE-2022-23521 and CVE-2022-41903
Signed-off-by: Chee Yang Lee
---
meta/recipes-devtools/git/{git_2.35.5.bb => git_2.35.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/git/{git_2.35.5.bb => git_2.35.6.bb} (98%)
diff --git a/meta/recipes-devtools/git/git_2.35.5.bb
b/meta/recipes-devtools/git/git_2.35.6.bb
similarity index 98%
rename from meta/recipes-devtools/git/git_2.35.5.bb
rename to meta/recipes-devtools/git/git_2.35.6.bb
index be4e3ca1d3..016b743ece 100644
--- a/meta/recipes-devtools/git/git_2.35.5.bb
+++ b/meta/recipes-devtools/git/git_2.35.6.bb
@@ -165,4 +165,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
"
EXTRA_OEMAKE += "NO_GETTEXT=1"
-SRC_URI[tarball.sha256sum] =
"2cca63fe7bebb5b4bf8efea7b46b12bb89c16ff9711b6b6d845928501d00d0a3"
+SRC_URI[tarball.sha256sum] =
"6bd51e0487028543ba40fe3d5b33bd124526a7f7109824aa7f022e79edf93bd1"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176974):
https://lists.openembedded.org/g/openembedded-core/message/176974
Mute This Topic: https://lists.openembedded.org/mt/96871153/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [patch][langdale] git: upgrade to 2.37.5
From: Chee Yang Lee
upgrade include fix for CVE-2022-23521 and CVE-2022-41903
Signed-off-by: Chee Yang Lee
---
meta/recipes-devtools/git/{git_2.37.4.bb => git_2.37.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/git/{git_2.37.4.bb => git_2.37.5.bb} (98%)
diff --git a/meta/recipes-devtools/git/git_2.37.4.bb
b/meta/recipes-devtools/git/git_2.37.5.bb
similarity index 98%
rename from meta/recipes-devtools/git/git_2.37.4.bb
rename to meta/recipes-devtools/git/git_2.37.5.bb
index 2205a50d16..387845b69d 100644
--- a/meta/recipes-devtools/git/git_2.37.4.bb
+++ b/meta/recipes-devtools/git/git_2.37.5.bb
@@ -165,4 +165,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
"
EXTRA_OEMAKE += "NO_GETTEXT=1"
-SRC_URI[tarball.sha256sum] =
"a638c9bf9e45e8d48592076266adaa9b7aa272a99ee2aee2e166a649a9ba8a03"
+SRC_URI[tarball.sha256sum] =
"5c11f90652afee6c77ef7ddfc672facd4bc6f2596d9627df2f1780664b058b9a"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176973):
https://lists.openembedded.org/g/openembedded-core/message/176973
Mute This Topic: https://lists.openembedded.org/mt/96871033/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-Core][master][kirkstone][PATCH] dhcpcd: fix dhcpcd start failure on qemuppc64
From: Xiangyu Chen
Backport patch to fix dhcpcd start failed on qemuppc64.
Signed-off-by: Xiangyu Chen
---
.../dhcpcd/dhcpcd_9.4.1.bb| 1 +
...x-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch | 34 +++
2 files changed, 35 insertions(+)
create mode 100644
meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
index 5cf77fa0f6..39e689d2f6 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -16,6 +16,7 @@ SRC_URI =
"https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \
file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \
+
file://0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch \
file://dhcpcd.service \
file://dhcpcd@.service \
"
diff --git
a/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
new file mode 100644
index 00..1c514f9b8c
--- /dev/null
+++
b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
@@ -0,0 +1,34 @@
+From 7a2d9767585ed2c407d4985bd2d81552034fb90a Mon Sep 17 00:00:00 2001
+From: CHEN Xiangyu
+Date: Thu, 9 Feb 2023 18:41:52 +0800
+Subject: [PATCH] privsep-linux: fix SECCOMP_AUDIT_ARCH missing ppc64le (#181)
+
+when dhcpcd running on ppc64le platform, it would be killed by SIGSYS.
+
+Upstream-Status: Backport [7a2d9767585ed2c407d4985bd2d81552034fb90a]
+
+Signed-off-by: Xiangyu Chen
+---
+ src/privsep-linux.c | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index 7372d26b..6a301950 100644
+--- a/src/privsep-linux.c
b/src/privsep-linux.c
+@@ -232,7 +232,11 @@ ps_root_sendnetlink(struct dhcpcd_ctx *ctx, int protocol,
struct msghdr *msg)
+ #elif defined(__or1k__)
+ # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_OPENRISC
+ #elif defined(__powerpc64__)
+-# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64
++# if (BYTE_ORDER == LITTLE_ENDIAN)
++#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64LE
++# else
++#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64
++# endif
+ #elif defined(__powerpc__)
+ # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC
+ #elif defined(__riscv)
+--
+2.34.1
+
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176972):
https://lists.openembedded.org/g/openembedded-core/message/176972
Mute This Topic: https://lists.openembedded.org/mt/96868623/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] DNF5
On Thu, Feb 9, 2023 at 10:15 AM Khem Raj wrote: > Is there some reading material for quick highlights of dnf5 and its future > ? > The Fedora change wiki has some important caveats: https://fedoraproject.org/wiki/Changes/ReplaceDnfWithDnf5 The above references this: https://dnf5.readthedocs.io/en/latest/dnf5.8.html This is probably the best source of what is planned: https://github.com/rpm-software-management/dnf5/milestone/1 Rather long thread about status: https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/thread/DG7VBHCWGIQKN3QC3HHF2IZ4JL66ZO6Y/ > On Thu, Feb 9, 2023 at 4:05 AM Ross Burton wrote: > > > > Hi, > > > > At FOSDEM there were was a session about DNF 5 and someone (sorry if > you’re reading this, I can’t remember your name) came to the stand to ask > if we’ve looked at it. I was aware of a DNF replacement but wasn’t aware > that it had actually started making releases. > > > > I’ve just pushed a branch to poky-contrib:ross/dnf5 which adds recipes > for DNF5 and any new dependencies (it also needs meta-oe right now, as some > dependencies are there). It builds a dnf-native, but the blocker is that > it doesn’t yet implement —repofrompath to add a repository without a > corresponding configuration file, which is what we use at rootfs time. We > can probably work around that by writing a temporary repo file, or just > implement the feature upstream. > > > > If anyone is interested in helping the port to DNF5 then your help would > be appreciated! > > > > Ross > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176971): https://lists.openembedded.org/g/openembedded-core/message/176971 Mute This Topic: https://lists.openembedded.org/mt/96851390/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [patch][master][langdale] libgit2: upgrade to 1.5.1
Hello Lee Chee, On Thu, 9 Feb 2023 21:02:29 +0800 "Lee Chee Yang" wrote: > From: Chee Yang Lee > > This is a security release to address CVE-2023-22742: when compiled > using the optional, included libssh2 backend, libgit2 fails to verify > SSH keys by default. > > When using an SSH remote with the optional, included libssh2 backend, > libgit2 does not perform certificate checking by default. Prior versions > of libgit2 require the caller to set the `certificate_check` field of > libgit2's `git_remote_callbacks` structure - if a certificate check > callback is not set, libgit2 does not perform any certificate checking. > This means that by default - without configuring a certificate check > callback, clients will not perform validation on the server SSH keys and > may be subject to a man-in-the-middle attack. > > Signed-off-by: Chee Yang Lee A patch doing this same upgrade has been sent yesterday by Alex Kanavin and is already in master. -- Luca Ceresoli, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176970): https://lists.openembedded.org/g/openembedded-core/message/176970 Mute This Topic: https://lists.openembedded.org/mt/96852194/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH v2] sstatesig: Improve output hash calculation
From: Mateusz Marciniec Symbolic links to the files are included during the output hash calculation but symlinks to the directories are missed. So if the new symlink to a directory was the only change made, then the output hash won't change, and the Hash Equivalence server may change unihash. In the next run bitbake may use an older package from sstate-cache. To fix this followlinks=True flag could be set for os.walk but it can lead to infinite recursion if link points to a parent directory of itself. Also, all files from a directory to which symlink points would be included in depsig file. Therefore another solution was applied, I added code that will loop through directories and process those that are symlinks. Signed-off-by: Mateusz Marciniec Signed-off-by: Tomasz Dziendzielski --- meta/lib/oe/sstatesig.py | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index f0224454c9..71b71cec31 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -652,6 +652,11 @@ def OEOuthashBasic(path, sigfile, task, d): if f == 'fixmepath': continue process(os.path.join(root, f)) + +for dir in dirs: +if not os.path.islink(os.path.join(root, dir)): +continue +process(os.path.join(root, dir)) finally: os.chdir(prev_dir) -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176969): https://lists.openembedded.org/g/openembedded-core/message/176969 Mute This Topic: https://lists.openembedded.org/mt/96859850/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [langdale][PATCH-v2] Upgrade OpenSSL 3.0.7 -> 3.0.8
One additional comment on the content of your subject line:
You should start with the base recipe name so reviewers know what
recipe you are changing, so something like "openssl: upgrade 3.0.7 ->
3.0.8" would be appropriate for this patch.
Thanks!
Steve
On Thu, Feb 9, 2023 at 4:37 AM mv wrote:
>
> From: Siddharth Doshi
>
> OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
> security vulnerability [1].
>
> Upgrade the recipe to point to 3.0.8.
>
> CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
> well.
>
> [1] https://www.openssl.org/news/vulnerabilities.html
>
> CVEs Fixed:
> https://www.openssl.org/news/secadv/20230207.txt
>
> Signed-off-by: Siddharth Doshi
> ---
> .../openssl/openssl/CVE-2022-3996.patch | 43 ---
> .../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 3 +-
> 2 files changed, 1 insertion(+), 45 deletions(-)
> delete mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
> openssl_3.0.8.bb} (98%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> deleted file mode 100644
> index 6d70b323d1..00
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> +++ /dev/null
> @@ -1,43 +0,0 @@
> -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> -From: Pauli
> -Date: Fri, 11 Nov 2022 09:40:19 +1100
> -Subject: [PATCH] x509: fix double locking problem
> -
> -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
> -redundant flag setting.
> -
> -Fixes #19643
> -
> -Fixes LOW CVE-2022-3996
> -
> -Reviewed-by: Dmitry Belyavskiy
> -Reviewed-by: Tomas Mraz
> -(Merged from https://github.com/openssl/openssl/pull/19652)
> -
> -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> -
> -Upstream-Status: Backport
> [https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
> -CVE: CVE-2022-3996
> -Signed-off-by: Vivek Kumbhar
>
> - crypto/x509/pcy_map.c | 4
> - 1 file changed, 4 deletions(-)
> -
> -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> -index 05406c6493..60dfd1e320 100644
> a/crypto/x509/pcy_map.c
> -+++ b/crypto/x509/pcy_map.c
> -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x,
> POLICY_MAPPINGS *maps)
> -
> - ret = 1;
> - bad_mapping:
> --if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> --x->ex_flags |= EXFLAG_INVALID_POLICY;
> --CRYPTO_THREAD_unlock(x->lock);
> --}
> - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> - return ret;
> -
> ---
> -2.30.2
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> similarity index 98%
> rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> index 1842148592..8771884dda 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> @@ -12,14 +12,13 @@ SRC_URI =
> "http://www.openssl.org/source/openssl-${PV}.tar.gz \
>
> file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
> file://afalg.patch \
> file://0001-Configure-do-not-tweak-mips-cflags.patch \
> - file://CVE-2022-3996.patch \
> "
>
> SRC_URI:append:class-nativesdk = " \
> file://environment.d-openssl.sh \
> "
>
> -SRC_URI[sha256sum] =
> "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
> +SRC_URI[sha256sum] =
> "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
>
> inherit lib_package multilib_header multilib_script ptest perlnative
> MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
> --
> 2.25.1
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176968):
https://lists.openembedded.org/g/openembedded-core/message/176968
Mute This Topic: https://lists.openembedded.org/mt/96853888/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] linux-yocto.inc: add dt-schema to devshell
If the user invokes the devshell on the linux-yocto kernel, add
python3-dtschema-native to their native sysroot so they can do
things like:
devshell> make dtbs_check
Signed-off-by: Trevor Woerner
---
meta/recipes-kernel/linux/linux-yocto.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-kernel/linux/linux-yocto.inc
b/meta/recipes-kernel/linux/linux-yocto.inc
index 091003ed8299..782dc7a06ef7 100644
--- a/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/meta/recipes-kernel/linux/linux-yocto.inc
@@ -63,6 +63,7 @@ KERNEL_FEATURES:append:qemuall="
features/kernel-sample/kernel-sample.scc"
KERNEL_DEBUG_OPTIONS ?= "stack"
KERNEL_EXTRA_ARGS:append:x86-64 = "
${@bb.utils.contains('KERNEL_DEBUG_OPTIONS', 'stack',
'HOST_LIBELF_LIBS="-L${RECIPE_SYSROOT_NATIVE}/usr/lib/pkgconfig/../../../usr/lib/
-lelf"', '', d)}"
+do_devshell[depends] += "python3-dtschema-native:do_populate_sysroot"
do_devshell:prepend() {
# setup native pkg-config variables (kconfig scripts call pkg-config
directly, cannot generically be overriden to pkg-config-native)
d.setVar("PKG_CONFIG_DIR",
"${STAGING_DIR_NATIVE}${libdir_native}/pkgconfig")
--
2.36.0.rc2.17.g4027e30c53
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176967):
https://lists.openembedded.org/g/openembedded-core/message/176967
Mute This Topic: https://lists.openembedded.org/mt/96859716/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] python3-dtschema: add dependency on pylibfdt
dt-schema has a dependency on pylibfdt.
Signed-off-by: Trevor Woerner
---
.../python/python3-dtschema_2023.1.bb | 2 +-
.../python/python3-pylibfdt_1.6.1.bb | 14 ++
2 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/python/python3-pylibfdt_1.6.1.bb
diff --git a/meta/recipes-devtools/python/python3-dtschema_2023.1.bb
b/meta/recipes-devtools/python/python3-dtschema_2023.1.bb
index 9767c95d3043..24bded9710a9 100644
--- a/meta/recipes-devtools/python/python3-dtschema_2023.1.bb
+++ b/meta/recipes-devtools/python/python3-dtschema_2023.1.bb
@@ -10,6 +10,6 @@ PYPI_PACKAGE = "dtschema"
SRC_URI[sha256sum] =
"8fc8c269e4c57e9d008af7b32cd33b77afd4ea1ac9552bcfa96b41b9e0c52586"
DEPENDS += "python3-setuptools-scm-native"
-RDEPENDS:${PN} += "python3-ruamel-yaml python3-jsonschema python3-rfc3987"
+RDEPENDS:${PN} += "python3-ruamel-yaml python3-jsonschema python3-rfc3987
python3-pylibfdt"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/python/python3-pylibfdt_1.6.1.bb
b/meta/recipes-devtools/python/python3-pylibfdt_1.6.1.bb
new file mode 100644
index ..966f8f1413fb
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pylibfdt_1.6.1.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "libfdt from the dtc project"
+HOMEPAGE = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://BSD-2-Clause;md5=5d6306d1b08f8df623178dfd81880927"
+
+inherit pypi setuptools3
+
+PYPI_PACKAGE = "pylibfdt"
+
+SRC_URI[sha256sum] =
"90c667c5adf44c6ab2f13bdc566598897784c7b781bed91064e7373bd270b778"
+
+DEPENDS += "python3-setuptools-scm-native swig-native"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.36.0.rc2.17.g4027e30c53
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176966):
https://lists.openembedded.org/g/openembedded-core/message/176966
Mute This Topic: https://lists.openembedded.org/mt/96859715/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] DNF5
Is there some reading material for quick highlights of dnf5 and its future ? On Thu, Feb 9, 2023 at 4:05 AM Ross Burton wrote: > > Hi, > > At FOSDEM there were was a session about DNF 5 and someone (sorry if you’re > reading this, I can’t remember your name) came to the stand to ask if we’ve > looked at it. I was aware of a DNF replacement but wasn’t aware that it had > actually started making releases. > > I’ve just pushed a branch to poky-contrib:ross/dnf5 which adds recipes for > DNF5 and any new dependencies (it also needs meta-oe right now, as some > dependencies are there). It builds a dnf-native, but the blocker is that it > doesn’t yet implement —repofrompath to add a repository without a > corresponding configuration file, which is what we use at rootfs time. We > can probably work around that by writing a temporary repo file, or just > implement the feature upstream. > > If anyone is interested in helping the port to DNF5 then your help would be > appreciated! > > Ross > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176965): https://lists.openembedded.org/g/openembedded-core/message/176965 Mute This Topic: https://lists.openembedded.org/mt/96851390/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] wic: Fix usage of fstype=none in wic
This allows to specify partition with fstype=none in the wks file
to have partition created but without following mkfs. The none fstype
is in the list already but the usage is not documented.
Example;
part /data --ondisk mmcblk0 --fstype=none --align 4096 --fixed-size 512
will create a partition, filesystem may be created manualy on the host
or target and data will be preserved if the device is reflashed using
same wks. Works with bmaptool and probably does not work with dd.
Use case is persistent filesystem/data between reflashing of the image.
Signed-off-by: Pavel Zhukov
---
scripts/lib/wic/partition.py | 5 +
1 file changed, 5 insertions(+)
diff --git a/scripts/lib/wic/partition.py b/scripts/lib/wic/partition.py
index 2a916e077c..382afa44bc 100644
--- a/scripts/lib/wic/partition.py
+++ b/scripts/lib/wic/partition.py
@@ -133,6 +133,8 @@ class Partition():
self.update_fstab_in_rootfs = True
if not self.source:
+if self.fstype == "none":
+return
if not self.size and not self.fixed_size:
raise WicError("The %s partition has a size of zero. Please "
"specify a non-zero --size/--fixed-size for
that "
@@ -405,6 +407,9 @@ class Partition():
(extraopts, self.fsuuid, rootfs, rootfs_dir)
exec_native_cmd(erofs_cmd, native_sysroot, pseudo=pseudo)
+def prepare_empty_partition_none(self, rootfs, oe_builddir,
native_sysroot):
+pass
+
def prepare_empty_partition_ext(self, rootfs, oe_builddir,
native_sysroot):
"""
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176964):
https://lists.openembedded.org/g/openembedded-core/message/176964
Mute This Topic: https://lists.openembedded.org/mt/96858380/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] glibc: unify wordsize.h between arm and aarch64
thanks for finding and fixing it. It has happened with every upgrade
that this file goes out of sync due to copyright headers change.
its perhaps worth trying to use a symlink instead try this patch and
see if it works in your settings
https://uclibc.org/~kraj/0001-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
if it does then we should use this instead of the original patch
On Thu, Feb 9, 2023 at 2:00 AM Yi Zhao wrote:
>
> There is a redundant change in
> 0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch that
> causes wordsize.h to be different in arm and aarch64. This causes the
> build error when enable multilib:
>
> Error: Transaction test error:
> file /usr/include/bits/wordsize.h conflicts between attempted installs of
> lib32-libc6-dev-2.37-r0.armv7vet2hf_vfp and libc6-dev-2.37-r0.cortexa57
>
> Signed-off-by: Yi Zhao
> ---
> ...y-the-header-between-arm-and-aarch64.patch | 20 ++-
> 1 file changed, 6 insertions(+), 14 deletions(-)
>
> diff --git
> a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
>
> b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
> index 9ed89c93da..90a6cc2363 100644
> ---
> a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
> +++
> b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
> @@ -11,10 +11,10 @@ Upstream-Status: Inappropriate [ OE-Specific ]
>
> Signed-off-by: Khem Raj
> ---
> - sysdeps/aarch64/bits/wordsize.h | 8 ++--
> - sysdeps/{aarch64 => arm}/bits/wordsize.h | 10 +++---
> - 2 files changed, 13 insertions(+), 5 deletions(-)
> - copy sysdeps/{aarch64 => arm}/bits/wordsize.h (80%)
> + sysdeps/aarch64/bits/wordsize.h | 8 ++--
> + sysdeps/{aarch64 => arm}/bits/wordsize.h | 8 ++--
> + 2 files changed, 12 insertions(+), 4 deletions(-)
> + copy sysdeps/{aarch64 => arm}/bits/wordsize.h (85%)
>
> diff --git a/sysdeps/aarch64/bits/wordsize.h
> b/sysdeps/aarch64/bits/wordsize.h
> index 04d4be9519..63876a7830 100644
> @@ -40,20 +40,12 @@ index 04d4be9519..63876a7830 100644
>
> #define __WORDSIZE_TIME64_COMPAT320
> diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
> -similarity index 80%
> +similarity index 85%
> copy from sysdeps/aarch64/bits/wordsize.h
> copy to sysdeps/arm/bits/wordsize.h
> -index 04d4be9519..5ef0ed21f3 100644
> +index 04d4be9519..63876a7830 100644
> --- a/sysdeps/aarch64/bits/wordsize.h
> +++ b/sysdeps/arm/bits/wordsize.h
> -@@ -1,6 +1,6 @@
> - /* Determine the wordsize from the preprocessor defines.
> -
> -- Copyright (C) 2016-2023 Free Software Foundation, Inc.
> -+ Copyright (C) 2016-2022 Free Software Foundation, Inc.
> -This file is part of the GNU C Library.
> -
> -The GNU C Library is free software; you can redistribute it and/or
> @@ -17,12 +17,16 @@
> License along with the GNU C Library; if not, see
>
[OE-core] [PATCH 1/1] curl: fix dependencies when building with ldap/ldaps
openldap is added as a dependency so the build will not fail, as otherwise ldap headers are not found during configure phase Note: due to upstream bug (now fixed) building LDAP/LDAPS support with minimal configurations can sometimes not work, see details at: https://github.com/curl/curl/pull/10445 Signed-off-by: Federico Pellegrin --- meta/recipes-support/curl/curl_7.87.0.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/curl/curl_7.87.0.bb b/meta/recipes-support/curl/curl_7.87.0.bb index 9956a284228..0b4d649f54a 100644 --- a/meta/recipes-support/curl/curl_7.87.0.bb +++ b/meta/recipes-support/curl/curl_7.87.0.bb @@ -40,8 +40,8 @@ PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap" +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap" PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176962): https://lists.openembedded.org/g/openembedded-core/message/176962 Mute This Topic: https://lists.openembedded.org/mt/96856057/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] xserver-xorg: 21.1.6 -> 21.1.7
From: Kai Kang
According to the ANNOUNCE of xorg-server 21.1.7[1]:
This release contains the fix for CVE-2023-0494 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-February/003320.html
It also fixes a second possible OOB access during EnqueueEvent and a
crasher caused by ResourceClientBits not correctly honouring the
MaxClients value in the configuration file.
Finally, a bunch of Xquartz updates including the ability to correctly detect
ssh-tunneled clients as remote.
[1]: https://lists.x.org/archives/xorg-announce/2023-February/003321.html
Signed-off-by: Kai Kang
---
.../{xserver-xorg_21.1.6.bb => xserver-xorg_21.1.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.6.bb =>
xserver-xorg_21.1.7.bb} (92%)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.6.bb
b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
similarity index 92%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.6.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
index 256903ce5f..212c7d39c2 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.6.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
@@ -3,7 +3,7 @@ require xserver-xorg.inc
SRC_URI +=
"file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
"
-SRC_URI[sha256sum] =
"1eb86ed674d042b6c8b1f9135e59395cbbca35ed551b122f73a7d8bb3bb22484"
+SRC_URI[sha256sum] =
"d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb"
# These extensions are now integrated into the server, so declare the migration
# path for in-place upgrades.
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176961):
https://lists.openembedded.org/g/openembedded-core/message/176961
Mute This Topic: https://lists.openembedded.org/mt/96854672/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH 2/2] classes/create-sdpx-2.2: Remove image SPDX and index from deploydir
Per feedback from users, remove the top level image SPDX file and the
JSON index file from DEPLOYDIR. Having these files here is confusing to
end users because these files are not very useful by themselves, and
having them in DEPLOYDIR makes it unclear which they should be using.
Signed-off-by: Joshua Watt
---
meta/classes/create-spdx-2.2.bbclass | 20
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/meta/classes/create-spdx-2.2.bbclass
b/meta/classes/create-spdx-2.2.bbclass
index f0513af083b..9aede86870c 100644
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -14,6 +14,8 @@ CVE_VERSION ??= "${PV}"
SPDXDIR ??= "${WORKDIR}/spdx"
SPDXDEPLOY = "${SPDXDIR}/deploy"
SPDXWORK = "${SPDXDIR}/work"
+SPDXIMAGEWORK = "${SPDXDIR}/image-work"
+SPDXSDKWORK = "${SPDXDIR}/sdk-work"
SPDX_TOOL_NAME ??= "oe-spdx-creator"
SPDX_TOOL_VERSION ??= "1.0"
@@ -821,10 +823,12 @@ def spdx_get_src(d):
d.setVar("WORKDIR", workdir)
do_rootfs[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
+do_rootfs[cleandirs] += "${SPDXIMAGEWORK}"
ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
do_populate_sdk[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
+do_populate_sdk[cleandirs] += "${SPDXSDKWORK}"
POPULATE_SDK_POST_HOST_COMMAND:append:task-populate-sdk = "
sdk_host_combine_spdx; "
POPULATE_SDK_POST_TARGET_COMMAND:append:task-populate-sdk = "
sdk_target_combine_spdx; "
@@ -840,7 +844,7 @@ python image_combine_spdx() {
img_spdxid = oe.sbom.get_image_spdxid(image_name)
packages = image_list_installed_packages(d)
-combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages)
+combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages,
Path(d.getVar("SPDXIMAGEWORK")))
def make_image_link(target_path, suffix):
if image_link_name:
@@ -848,12 +852,8 @@ python image_combine_spdx() {
if link != target_path:
link.symlink_to(os.path.relpath(target_path, link.parent))
-image_spdx_path = imgdeploydir / (image_name + ".spdx.json")
-make_image_link(image_spdx_path, ".spdx.json")
spdx_tar_path = imgdeploydir / (image_name + ".spdx.tar.zst")
make_image_link(spdx_tar_path, ".spdx.tar.zst")
-spdx_index_path = imgdeploydir / (image_name + ".spdx.index.json")
-make_image_link(spdx_index_path, ".spdx.index.json")
}
python sdk_host_combine_spdx() {
@@ -873,9 +873,9 @@ def sdk_combine_spdx(d, sdk_type):
sdk_deploydir = Path(d.getVar("SDKDEPLOYDIR"))
sdk_spdxid = oe.sbom.get_sdk_spdxid(sdk_name)
sdk_packages = sdk_list_installed_packages(d, sdk_type == "target")
-combine_spdx(d, sdk_name, sdk_deploydir, sdk_spdxid, sdk_packages)
+combine_spdx(d, sdk_name, sdk_deploydir, sdk_spdxid, sdk_packages,
Path(d.getVar('SPDXSDKWORK')))
-def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):
+def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages,
spdx_workdir):
import os
import oe.spdx
import oe.sbom
@@ -944,7 +944,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir,
rootfs_spdxid, packages):
comment="Runtime dependencies for %s" % name
)
-image_spdx_path = rootfs_deploydir / (rootfs_name + ".spdx.json")
+image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json")
with image_spdx_path.open("wb") as f:
doc.to_json(f, sort_keys=True, indent=get_json_indent(d))
@@ -1020,7 +1020,3 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir,
rootfs_spdxid, packages):
info.gname = "root"
tar.addfile(info, fileobj=index_str)
-
-spdx_index_path = rootfs_deploydir / (rootfs_name + ".spdx.index.json")
-with spdx_index_path.open("w") as f:
-json.dump(index, f, sort_keys=True, indent=get_json_indent(d))
--
2.33.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176960):
https://lists.openembedded.org/g/openembedded-core/message/176960
Mute This Topic: https://lists.openembedded.org/mt/96854661/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH 1/2] classes/populate_sdk_base: Append cleandirs
Append to cleandirs in do_populate_sdk so that other classes
(specifically, create-spdx-2.2) can add additional directories
Signed-off-by: Joshua Watt
---
meta/classes-recipe/populate_sdk_base.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/populate_sdk_base.bbclass
b/meta/classes-recipe/populate_sdk_base.bbclass
index 7cc9535356f..1c619ef3cf1 100644
--- a/meta/classes-recipe/populate_sdk_base.bbclass
+++ b/meta/classes-recipe/populate_sdk_base.bbclass
@@ -208,7 +208,7 @@ fakeroot python do_populate_sdk() {
}
SSTATETASKS += "do_populate_sdk"
SSTATE_SKIP_CREATION:task-populate-sdk = '1'
-do_populate_sdk[cleandirs] = "${SDKDEPLOYDIR}"
+do_populate_sdk[cleandirs] += "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-inputdirs] = "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-outputdirs] = "${SDK_DEPLOY}"
do_populate_sdk[stamp-extra-info] = "${MACHINE_ARCH}${SDKMACHINE}"
--
2.33.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176959):
https://lists.openembedded.org/g/openembedded-core/message/176959
Mute This Topic: https://lists.openembedded.org/mt/96854660/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH 0/2] Remove unnecessary SPDX files from deploydir
Per feedback from users, remove the top level image SPDX file and the JSON index file from DEPLOYDIR. Having these files here is confusing to end users because these files are not very useful by themselves, and having them in DEPLOYDIR makes it unclear which they should be using. Joshua Watt (2): classes/populate_sdk_base: Append cleandirs classes/create-sdpx-2.2: Remove image SPDX and index from deploydir meta/classes-recipe/populate_sdk_base.bbclass | 2 +- meta/classes/create-spdx-2.2.bbclass | 20 --- 2 files changed, 9 insertions(+), 13 deletions(-) -- 2.33.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176958): https://lists.openembedded.org/g/openembedded-core/message/176958 Mute This Topic: https://lists.openembedded.org/mt/96854658/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [[master][PATCH]] Upgrade OpenSSL 3.0.7 -> 3.0.8
Hi Luca, Thank-you for your feedback. Yes, the patch was a mistake. I have rectified it and submitted version-2 for the same. However, i am looking into how to change the name which unfortunately i am not able to do currently even though my git credentials are in sync. By the next patch submission, i hope to solve it. Regards, Siddharth -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176957): https://lists.openembedded.org/g/openembedded-core/message/176957 Mute This Topic: https://lists.openembedded.org/mt/96850870/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH-v2] Upgrade OpenSSL 3.0.7 -> 3.0.8
From: Siddharth Doshi
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2022-3996.patch | 43 ---
.../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 3 +-
2 files changed, 1 insertion(+), 45 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
openssl_3.0.8.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
deleted file mode 100644
index 6d70b323d1..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy
-Reviewed-by: Tomas Mraz
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
-
-Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
-CVE: CVE-2022-3996
-Signed-off-by: Vivek Kumbhar
- crypto/x509/pcy_map.c | 4
- 1 file changed, 4 deletions(-)
-
-diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
-index 05406c6493..60dfd1e320 100644
a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS
*maps)
-
- ret = 1;
- bad_mapping:
--if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
--x->ex_flags |= EXFLAG_INVALID_POLICY;
--CRYPTO_THREAD_unlock(x->lock);
--}
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
---
-2.30.2
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 5156586661..75f9e44748 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -12,14 +12,13 @@ SRC_URI =
"http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://CVE-2022-3996.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] =
"6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176956):
https://lists.openembedded.org/g/openembedded-core/message/176956
Mute This Topic: https://lists.openembedded.org/mt/96853907/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [langdale][PATCH-v2] Upgrade OpenSSL 3.0.7 -> 3.0.8
From: Siddharth Doshi
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2022-3996.patch | 43 ---
.../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 3 +-
2 files changed, 1 insertion(+), 45 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
openssl_3.0.8.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
deleted file mode 100644
index 6d70b323d1..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy
-Reviewed-by: Tomas Mraz
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
-
-Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
-CVE: CVE-2022-3996
-Signed-off-by: Vivek Kumbhar
- crypto/x509/pcy_map.c | 4
- 1 file changed, 4 deletions(-)
-
-diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
-index 05406c6493..60dfd1e320 100644
a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS
*maps)
-
- ret = 1;
- bad_mapping:
--if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
--x->ex_flags |= EXFLAG_INVALID_POLICY;
--CRYPTO_THREAD_unlock(x->lock);
--}
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
---
-2.30.2
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 1842148592..8771884dda 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -12,14 +12,13 @@ SRC_URI =
"http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://CVE-2022-3996.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] =
"6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176955):
https://lists.openembedded.org/g/openembedded-core/message/176955
Mute This Topic: https://lists.openembedded.org/mt/96853888/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [master][PATCH-v2] Upgrade OpenSSL 3.0.7 -> 3.0.8
From: Siddharth Doshi
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2022-3996.patch | 43 ---
.../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 3 +-
2 files changed, 1 insertion(+), 45 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
openssl_3.0.8.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
deleted file mode 100644
index 6d70b323d1..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy
-Reviewed-by: Tomas Mraz
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
-
-Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
-CVE: CVE-2022-3996
-Signed-off-by: Vivek Kumbhar
- crypto/x509/pcy_map.c | 4
- 1 file changed, 4 deletions(-)
-
-diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
-index 05406c6493..60dfd1e320 100644
a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS
*maps)
-
- ret = 1;
- bad_mapping:
--if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
--x->ex_flags |= EXFLAG_INVALID_POLICY;
--CRYPTO_THREAD_unlock(x->lock);
--}
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
---
-2.30.2
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 1842148592..8771884dda 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -12,14 +12,13 @@ SRC_URI =
"http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://CVE-2022-3996.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] =
"6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176954):
https://lists.openembedded.org/g/openembedded-core/message/176954
Mute This Topic: https://lists.openembedded.org/mt/96853677/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [patch][master][langdale] libgit2: upgrade to 1.5.1
From: Chee Yang Lee
This is a security release to address CVE-2023-22742: when compiled
using the optional, included libssh2 backend, libgit2 fails to verify
SSH keys by default.
When using an SSH remote with the optional, included libssh2 backend,
libgit2 does not perform certificate checking by default. Prior versions
of libgit2 require the caller to set the `certificate_check` field of
libgit2's `git_remote_callbacks` structure - if a certificate check
callback is not set, libgit2 does not perform any certificate checking.
This means that by default - without configuring a certificate check
callback, clients will not perform validation on the server SSH keys and
may be subject to a man-in-the-middle attack.
Signed-off-by: Chee Yang Lee
---
.../libgit2/{libgit2_1.5.0.bb => libgit2_1.5.1.bb}| 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/libgit2/{libgit2_1.5.0.bb => libgit2_1.5.1.bb}
(78%)
diff --git a/meta/recipes-support/libgit2/libgit2_1.5.0.bb
b/meta/recipes-support/libgit2/libgit2_1.5.1.bb
similarity index 78%
rename from meta/recipes-support/libgit2/libgit2_1.5.0.bb
rename to meta/recipes-support/libgit2/libgit2_1.5.1.bb
index ee4d79b11a..59866ce385 100644
--- a/meta/recipes-support/libgit2/libgit2_1.5.0.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.5.1.bb
@@ -5,8 +5,8 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=112e6bb421dea73cd41de09e777f2d2c"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main;protocol=https"
-SRCREV = "fbea439d4b6fc91c6b619d01b85ab3b7746e4c19"
+SRC_URI =
"git://github.com/libgit2/libgit2.git;branch=maint/v1.5;protocol=https"
+SRCREV = "42e5db98b963ae503229c63e44e06e439df50e56"
S = "${WORKDIR}/git"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176953):
https://lists.openembedded.org/g/openembedded-core/message/176953
Mute This Topic: https://lists.openembedded.org/mt/96852194/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [meta][dunfell][PATCH] sudo: Fix CVE-2023-22809
On Wed, 8 Feb 2023 at 12:49, Pawan Badganchi wrote: > +CVE: CVE-2023-22809 > +Upstream-Staus: Backport > [http://archive.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.8.31-1ubuntu1.4.debian.tar.xz] This is not a backport location. Please check if the fix is available in the upstream repository, and if so, take it from there, otherwise, please submit to them. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176952): https://lists.openembedded.org/g/openembedded-core/message/176952 Mute This Topic: https://lists.openembedded.org/mt/96828375/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [patch][master][langdale][kirkstone] tar: Fix CVE-2022-48303
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../tar/files/CVE-2022-48303.patch| 36 +++
meta/recipes-extended/tar/tar_1.34.bb | 4 ++-
2 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/tar/files/CVE-2022-48303.patch
diff --git a/meta/recipes-extended/tar/files/CVE-2022-48303.patch
b/meta/recipes-extended/tar/files/CVE-2022-48303.patch
new file mode 100644
index 00..a8e9f4ac7d
--- /dev/null
+++ b/meta/recipes-extended/tar/files/CVE-2022-48303.patch
@@ -0,0 +1,36 @@
+From 1d530107a24d71e798727d7f0afa0833473d1074 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Matej=20Mu=C5=BEila?=
+Date: Wed, 11 Jan 2023 08:55:58 +0100
+Subject: [PATCH] Fix savannah bug #62387
+
+* src/list.c (from_header): Check for the end of field after leading byte
+ (0x80 or 0xff) of base-256 encoded header value
+
+Upstream-Status: Backport
+[https://savannah.gnu.org/patch/download.php?file_id=54212]
+CVE: CVE-2022-48303
+Signed-off-by: Chee Yang Lee
+---
+ src/list.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/list.c b/src/list.c
+index 9fafc425..bf41b581 100644
+--- a/src/list.c
b/src/list.c
+@@ -895,6 +895,12 @@ from_header (char const *where0, size_t digs, char const
*type,
+ << (CHAR_BIT * sizeof (uintmax_t)
+ - LG_256 - (LG_256 - 2)));
+ value = (*where++ & ((1 << (LG_256 - 2)) - 1)) - signbit;
++ if (where == lim)
++{
++ if (type && !silent)
++ERROR ((0, 0, _("Archive base-256 value is invalid")));
++ return -1;
++}
+ for (;;)
+ {
+ value = (value << LG_256) + (unsigned char) *where++;
+--
+2.38.1
+
diff --git a/meta/recipes-extended/tar/tar_1.34.bb
b/meta/recipes-extended/tar/tar_1.34.bb
index 7307cd57a2..22c04ba70a 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,7 +6,9 @@ SECTION = "base"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
+ file://CVE-2022-48303.patch \
+ "
SRC_URI[sha256sum] =
"b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176951):
https://lists.openembedded.org/g/openembedded-core/message/176951
Mute This Topic: https://lists.openembedded.org/mt/96851916/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
Hi, On Thu, Feb 09, 2023 at 12:42:09PM +0100, Alexander Kanavin wrote: > On Thu, 9 Feb 2023 at 12:12, Mikko Rapeli wrote: > > select() returns with any data, even single character. Fancy readers > > will read larger chunks but will read more data than is available and thus > > block for ever. Plain read() will read the data which is available from > > select() and thus really small amounts like single characters if that's > > available over the socket. This is visible in the partial read output of > > do_testimage() task output log which becomes quite unreadable without > > change. > > Yes, but this does not explain why single characters happen to begin > with - RP offered a hypothesis, but the problem is that data arrives > that way, not the tight-loop manner in which we're reading it. Without the sleep(0.2) with ssh, the do_testimage task output can be like this (which isn't too bad, just annoying): DEBUG: [Running]$ ssh -l root -o ServerAliveCountMax=2 -o ServerAliveInterval=30 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR -p 127.0.0.1 export PATH=/usr/sbin:/sbin:/usr/bin:/bin; cat /etc/controllerimage DEBUG: Waiting for process output: time: 1675942983.6053402, endtime: 1675943283.6033137 DEBUG: Partial data from SSH call: cat: DEBUG: Waiting for process output: time: 1675942986.2085373, endtime: 1675943286.208536 DEBUG: Partial data from SSH call: /etc/controllerimage DEBUG: Waiting for process output: time: 1675942986.2111514, endtime: 1675943286.2111504 DEBUG: Partial data from SSH call: : No such file or directory DEBUG: Waiting for process output: time: 1675942986.2140906, endtime: 1675943286.2140894 DEBUG: Partial data from SSH call: DEBUG: Waiting for process output: time: 1675942986.216261, endtime: 1675943286.21626 DEBUG: [Command returned '1' after 2.64 seconds] I think qemu is just slower than what anyone expects, including the ssh protocol which does some buffer but then gives up. It may also be the kernel and image running under qemu which busy starting up, e.g. generating entropy or keys. With the sleep(0.2) output is: DEBUG: [Running]$ ssh -l root -o ServerAliveCountMax=2 -o ServerAliveInterval=30 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR -p 127.0.0.1 export PATH=/usr/sbin:/sbin:/usr/bin:/bin; cat /etc/controllerimage DEBUG: Waiting for process output: time: 1675945065.6815689, endtime: 1675945365.6790204 DEBUG: Partial data from SSH call: cat: /etc/controllerimage: No such file or directory DEBUG: Waiting for process output: time: 1675945068.308055, endtime: 1675945368.3080513 DEBUG: [Command returned '1' after 2.83 seconds] DEBUG: Command: cat /etc/controllerimage Status: 1 Output: cat: /etc/controllerimage: No such file or directory NOTE: ... ok Similar thing happens then over serial console which is even slower. I know debugging the data read and written to serial are not wanted but I had the changes in place and saw bootloader and kernel messages being read initally one character at a time and later on 5-10 characters at a time which made debugging problems really annoying. The small sleep does improve things, doesn't solve everything but also doesn't really harm. No data is lost and less time is used looping around the file descriptor. Cheers, -Mikko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176950): https://lists.openembedded.org/g/openembedded-core/message/176950 Mute This Topic: https://lists.openembedded.org/mt/96849157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] DNF5
Hi, At FOSDEM there were was a session about DNF 5 and someone (sorry if you’re reading this, I can’t remember your name) came to the stand to ask if we’ve looked at it. I was aware of a DNF replacement but wasn’t aware that it had actually started making releases. I’ve just pushed a branch to poky-contrib:ross/dnf5 which adds recipes for DNF5 and any new dependencies (it also needs meta-oe right now, as some dependencies are there). It builds a dnf-native, but the blocker is that it doesn’t yet implement —repofrompath to add a repository without a corresponding configuration file, which is what we use at rootfs time. We can probably work around that by writing a temporary repo file, or just implement the feature upstream. If anyone is interested in helping the port to DNF5 then your help would be appreciated! Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176949): https://lists.openembedded.org/g/openembedded-core/message/176949 Mute This Topic: https://lists.openembedded.org/mt/96851390/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
On Thu, 9 Feb 2023 at 12:12, Mikko Rapeli wrote: > select() returns with any data, even single character. Fancy readers > will read larger chunks but will read more data than is available and thus > block for ever. Plain read() will read the data which is available from > select() and thus really small amounts like single characters if that's > available over the socket. This is visible in the partial read output of > do_testimage() task output log which becomes quite unreadable without change. Yes, but this does not explain why single characters happen to begin with - RP offered a hypothesis, but the problem is that data arrives that way, not the tight-loop manner in which we're reading it. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176948): https://lists.openembedded.org/g/openembedded-core/message/176948 Mute This Topic: https://lists.openembedded.org/mt/96849157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [[master][PATCH]] Upgrade OpenSSL 3.0.7 -> 3.0.8
Hi Siddharth,
thank you for our patch!
There are a couple issues you should fix though.
First, the subject line of your mail is non-standard as it has square
brackets around other square brackets: "[[master][PATCH]]". When
applying the patch with 'git am' this results in a commit message
starting with a closed square bracket: "] Upgrade OpenSSL 3.0.7 ->
3.0.8".
I recommend you to read the guidelines at
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
in order to prepare a good commit message and to send your patch
in a way that makes it more easily reviewed, applied and tested.
Before sending it again to the list I suggest you try to send it to
yourself and check whether it looks correct, or to send it to a
colleague or friend who can try to apply it on a local tree.
See below for another remark.
On Thu, 9 Feb 2023 16:46:05 +0530
"mv" wrote:
> From: Siddharth Doshi
>
> OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
> security vulnerability [1].
>
> Upgrade the recipe to point to 3.0.8.
>
> CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
> well.
>
> [1] https://www.openssl.org/news/vulnerabilities.html
>
> CVEs Fixed:
> https://www.openssl.org/news/secadv/20230207.txt
>
> Signed-off-by: Siddharth Doshi
Your name here is different from the one in the e-mail. I'm sure we
require the e-mail addresses to be identical (and they are), not sure
we do for the name as well, but it would be a good practice anyway.
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> deleted file mode 100644
> index 6d70b323d1..00
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> +++ /dev/null
> @@ -1,43 +0,0 @@
> -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> -From: Pauli
> -Date: Fri, 11 Nov 2022 09:40:19 +1100
> -Subject: [PATCH] x509: fix double locking problem
> -
> -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
> -redundant flag setting.
> -
> -Fixes #19643
> -
> -Fixes LOW CVE-2022-3996
> -
> -Reviewed-by: Dmitry Belyavskiy
> -Reviewed-by: Tomas Mraz
> -(Merged from https://github.com/openssl/openssl/pull/19652)
> -
> -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> -
> -Upstream-Status: Backport
> [https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
> -CVE: CVE-2022-3996
> -Signed-off-by: Vivek Kumbhar
>
> - crypto/x509/pcy_map.c | 4
> - 1 file changed, 4 deletions(-)
> -
> -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> -index 05406c6493..60dfd1e320 100644
> a/crypto/x509/pcy_map.c
> -+++ b/crypto/x509/pcy_map.c
> -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x,
> POLICY_MAPPINGS *maps)
> -
> - ret = 1;
> - bad_mapping:
> --if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> --x->ex_flags |= EXFLAG_INVALID_POLICY;
> --CRYPTO_THREAD_unlock(x->lock);
> --}
> - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> - return ret;
> -
> ---
> -2.30.2
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> similarity index 99%
> rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> index 1842148592..c80df7b2ae 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
> file://environment.d-openssl.sh \
> "
>
> -SRC_URI[sha256sum] =
> "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
> +SRC_URI[sha256sum] =
> "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
>
> inherit lib_package multilib_header multilib_script ptest perlnative
> MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
You removed a patch but you didn't delete it from SRC_URI. As a result,
bitbake will error out very early:
ERROR: .../openssl_3.0.8.bb: Unable to get checksum for nativesdk-openssl
SRC_URI entry CVE-2022-3996.patch: file could not be found
Assuming you have tested your changes, maybe you didn't commit them
entirely?
Once you have fixed your commit, don't forget to pass '-v2' to 'git
format-patch' to clarify that the next patch you send is the 2nd
version.
Best regards,
--
Luca Ceresoli, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176947):
https://lists.openembedded.org/g/openembedded-core/message/176947
Mute This Topic: https://lists.openembedded.org/mt/96850870/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe:
Re: [OE-core] [[langdale][PATCH]] Upgrade OpenSSL 3.0.7 -> 3.0.8
Have submitted the patch to master branch. Do you want me to re-submit to LTS branches ? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176946): https://lists.openembedded.org/g/openembedded-core/message/176946 Mute This Topic: https://lists.openembedded.org/mt/96849339/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [[master][PATCH]] Upgrade OpenSSL 3.0.7 -> 3.0.8
From: Siddharth Doshi
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2022-3996.patch | 43 ---
.../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 2 +-
2 files changed, 1 insertion(+), 44 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
openssl_3.0.8.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
deleted file mode 100644
index 6d70b323d1..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy
-Reviewed-by: Tomas Mraz
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
-
-Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
-CVE: CVE-2022-3996
-Signed-off-by: Vivek Kumbhar
- crypto/x509/pcy_map.c | 4
- 1 file changed, 4 deletions(-)
-
-diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
-index 05406c6493..60dfd1e320 100644
a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS
*maps)
-
- ret = 1;
- bad_mapping:
--if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
--x->ex_flags |= EXFLAG_INVALID_POLICY;
--CRYPTO_THREAD_unlock(x->lock);
--}
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
---
-2.30.2
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 1842148592..c80df7b2ae 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] =
"6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176945):
https://lists.openembedded.org/g/openembedded-core/message/176945
Mute This Topic: https://lists.openembedded.org/mt/96850870/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
Hi, On Thu, Feb 09, 2023 at 11:53:00AM +0100, Alexander Kanavin wrote: > On Thu, 9 Feb 2023 at 10:36, Mikko Rapeli wrote: > > I think sleep() is ok in this case to reduce busy looping over serial > > console and read() more data than what select() initially saw. Reading > > single character at a time is a bit silly and just wastes CPU time when > > we don't need ms level accuracy. > > Something doesn't compute here. The writer should be sending data in > chunks, and there are buffers all the way to the reader, so where does > the splitting into single characters happen? Sorry I mixed with the serial console patch, but the output was similar over ssh. select() returns with any data, even single character. Fancy readers will read larger chunks but will read more data than is available and thus block for ever. Plain read() will read the data which is available from select() and thus really small amounts like single characters if that's available over the socket. This is visible in the partial read output of do_testimage() task output log which becomes quite unreadable without change. Cheers, -Mikko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176944): https://lists.openembedded.org/g/openembedded-core/message/176944 Mute This Topic: https://lists.openembedded.org/mt/96849157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
On Thu, 2023-02-09 at 11:53 +0100, Alexander Kanavin wrote: > On Thu, 9 Feb 2023 at 10:36, Mikko Rapeli wrote: > > I think sleep() is ok in this case to reduce busy looping over serial > > console and read() more data than what select() initially saw. Reading > > single character at a time is a bit silly and just wastes CPU time when > > we don't need ms level accuracy. > > Something doesn't compute here. The writer should be sending data in > chunks, and there are buffers all the way to the reader, so where does > the splitting into single characters happen? Just guessing but in the case of the serial emulation in qemu, 115200bps is probably "slow" compared to the system speed so they arrive as bytes? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176943): https://lists.openembedded.org/g/openembedded-core/message/176943 Mute This Topic: https://lists.openembedded.org/mt/96849157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
On Thu, 9 Feb 2023 at 10:36, Mikko Rapeli wrote: > I think sleep() is ok in this case to reduce busy looping over serial > console and read() more data than what select() initially saw. Reading > single character at a time is a bit silly and just wastes CPU time when > we don't need ms level accuracy. Something doesn't compute here. The writer should be sending data in chunks, and there are buffers all the way to the reader, so where does the splitting into single characters happen? Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176942): https://lists.openembedded.org/g/openembedded-core/message/176942 Mute This Topic: https://lists.openembedded.org/mt/96849157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
On Thu, 2023-02-09 at 12:35 +0200, Mikko Rapeli wrote:
> Hi,
>
> On Thu, Feb 09, 2023 at 10:20:36AM +, Richard Purdie wrote:
> > On Thu, 2023-02-09 at 10:09 +0200, Mikko Rapeli wrote:
> > > When qemu machine hangs, the ssh commands done by tests
> > > are not timing out. do_testimage() task has last logs like this:
> > >
> > > DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
> > >
> > > The test process is stuck for hours, or for ever if the
> > > executing command or test case did not set a timeout correctly.
> > > The default 300 second timeout is not working when target hangs.
> > > Note that timeout is really a "inactive timeout" since data returned
> > > by the process will reset the timeout.
> > >
> > > Make the process stdout non-blocking so read() will always return
> > > right away using os.set_blocking() available in python 3.5 and later.
> > >
> > > Then change from python codec reader to plain read() and make
> > > the ssh subprocess stdout non-blocking. Even with select()
> > > making sure the file had input to be read, the codec reader was
> > > trying to find more stuff and blocking for ever when process hangs.
> > >
> > > While at it, add a small timeout to read data in larger chunks if
> > > possible. This avoids reading data one or few characters at a time
> > > and makes the debug logs more readable.
> > >
> > > close() the stdout file in all cases after read loop is complete.
> > >
> > > Then make sure to wait or kill the ssh subprocess in all cases.
> > > Just reading the output stream and receiving EOF there does not mean
> > > that the process exited, and wait() needs a timeout if the process
> > > is hanging. In the end kill the process and return the return value
> > > and captured output utf-8 encoded, just like before these changes.
> > >
> > > This fixes ssh run() related deadlocks when a qemu target hangs
> > > completely.
> > >
> > > Signed-off-by: Mikko Rapeli
> > > ---
> > > meta/lib/oeqa/core/target/ssh.py | 33 +---
> > > 1 file changed, 26 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/meta/lib/oeqa/core/target/ssh.py
> > > b/meta/lib/oeqa/core/target/ssh.py
> > > index 13fd5b2a49..466a795eb4 100644
> > > --- a/meta/lib/oeqa/core/target/ssh.py
> > > +++ b/meta/lib/oeqa/core/target/ssh.py
> > > @@ -229,22 +229,28 @@ def SSHCall(command, logger, timeout=None, **opts):
> > > if timeout:
> > > endtime = starttime + timeout
> > > eof = False
> > > +os.set_blocking(process.stdout.fileno(), False)
> > > while time.time() < endtime and not eof:
> > > -logger.debug('time: %s, endtime: %s' % (time.time(),
> > > endtime))
> > > try:
> > > +logger.debug('Waiting for process output: time: %s,
> > > endtime: %s' % (time.time(), endtime))
> > > if select.select([process.stdout], [], [], 5)[0] !=
> > > []:
> > > -reader =
> > > codecs.getreader('utf-8')(process.stdout, 'ignore')
> > > -data = reader.read(1024, 4096)
> > > +# wait a bit for more data, tries to avoid
> > > reading single characters
> > > +time.sleep(0.2)
> > > +data = process.stdout.read()
> > > if not data:
> > > -process.stdout.close()
> > > eof = True
> > > else:
> > > -output += data
> > > -logger.debug('Partial data from SSH
> > > call:\n%s' % data)
> > > +# ignore errors to capture as much as
> > > possible
> > > +string = data.decode('utf-8',
> > > errors='ignore')
> >
> > I've been trying to remember why we have the reader here and I think
> > the issue was you can't call decode on partial data :(.
>
> I get this. Sadly readers read more than file has available and they don't
> have
> timeouts...
>
> > If it happens that there is a multi byte character on the stream
> > crossing the boundary then you'll get errors. "ignoring" them just
> > means you'll corrupt data. The case is rare but with long running
> > commands with utf8 data like some of the ptests, it can be an issue.
> >
> > That is why the code was written the way it was...
>
> For logging purposes errors are fine. Should the raw data be captured to
> output then? Or another conversion to utf-8 after all data has been
> read?
Converting at the end is one option.
The other option would be to feed the reader our own stream object
where it's read method would only return the data we have. I think you
can create dummy "file like" objects in python, it might be easiest
with io.BytesIO(). The codec reader could then interact with that as a
dummy stream.
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
Hi,
On Thu, Feb 09, 2023 at 10:20:36AM +, Richard Purdie wrote:
> On Thu, 2023-02-09 at 10:09 +0200, Mikko Rapeli wrote:
> > When qemu machine hangs, the ssh commands done by tests
> > are not timing out. do_testimage() task has last logs like this:
> >
> > DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
> >
> > The test process is stuck for hours, or for ever if the
> > executing command or test case did not set a timeout correctly.
> > The default 300 second timeout is not working when target hangs.
> > Note that timeout is really a "inactive timeout" since data returned
> > by the process will reset the timeout.
> >
> > Make the process stdout non-blocking so read() will always return
> > right away using os.set_blocking() available in python 3.5 and later.
> >
> > Then change from python codec reader to plain read() and make
> > the ssh subprocess stdout non-blocking. Even with select()
> > making sure the file had input to be read, the codec reader was
> > trying to find more stuff and blocking for ever when process hangs.
> >
> > While at it, add a small timeout to read data in larger chunks if
> > possible. This avoids reading data one or few characters at a time
> > and makes the debug logs more readable.
> >
> > close() the stdout file in all cases after read loop is complete.
> >
> > Then make sure to wait or kill the ssh subprocess in all cases.
> > Just reading the output stream and receiving EOF there does not mean
> > that the process exited, and wait() needs a timeout if the process
> > is hanging. In the end kill the process and return the return value
> > and captured output utf-8 encoded, just like before these changes.
> >
> > This fixes ssh run() related deadlocks when a qemu target hangs
> > completely.
> >
> > Signed-off-by: Mikko Rapeli
> > ---
> > meta/lib/oeqa/core/target/ssh.py | 33 +---
> > 1 file changed, 26 insertions(+), 7 deletions(-)
> >
> > diff --git a/meta/lib/oeqa/core/target/ssh.py
> > b/meta/lib/oeqa/core/target/ssh.py
> > index 13fd5b2a49..466a795eb4 100644
> > --- a/meta/lib/oeqa/core/target/ssh.py
> > +++ b/meta/lib/oeqa/core/target/ssh.py
> > @@ -229,22 +229,28 @@ def SSHCall(command, logger, timeout=None, **opts):
> > if timeout:
> > endtime = starttime + timeout
> > eof = False
> > +os.set_blocking(process.stdout.fileno(), False)
> > while time.time() < endtime and not eof:
> > -logger.debug('time: %s, endtime: %s' % (time.time(),
> > endtime))
> > try:
> > +logger.debug('Waiting for process output: time: %s,
> > endtime: %s' % (time.time(), endtime))
> > if select.select([process.stdout], [], [], 5)[0] != []:
> > -reader = codecs.getreader('utf-8')(process.stdout,
> > 'ignore')
> > -data = reader.read(1024, 4096)
> > +# wait a bit for more data, tries to avoid reading
> > single characters
> > +time.sleep(0.2)
> > +data = process.stdout.read()
> > if not data:
> > -process.stdout.close()
> > eof = True
> > else:
> > -output += data
> > -logger.debug('Partial data from SSH call:\n%s'
> > % data)
> > +# ignore errors to capture as much as possible
> > +string = data.decode('utf-8', errors='ignore')
>
> I've been trying to remember why we have the reader here and I think
> the issue was you can't call decode on partial data :(.
I get this. Sadly readers read more than file has available and they don't have
timeouts...
> If it happens that there is a multi byte character on the stream
> crossing the boundary then you'll get errors. "ignoring" them just
> means you'll corrupt data. The case is rare but with long running
> commands with utf8 data like some of the ptests, it can be an issue.
>
> That is why the code was written the way it was...
For logging purposes errors are fine. Should the raw data be captured to
output then? Or another conversion to utf-8 after all data has been
read?
Reading more than one character at a time for sure helps here but
granted there may be windows where we hit the in character bytes..
Cheers,
-Mikko
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176940):
https://lists.openembedded.org/g/openembedded-core/message/176940
Mute This Topic: https://lists.openembedded.org/mt/96849157/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
On Thu, 2023-02-09 at 10:09 +0200, Mikko Rapeli wrote:
> When qemu machine hangs, the ssh commands done by tests
> are not timing out. do_testimage() task has last logs like this:
>
> DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
>
> The test process is stuck for hours, or for ever if the
> executing command or test case did not set a timeout correctly.
> The default 300 second timeout is not working when target hangs.
> Note that timeout is really a "inactive timeout" since data returned
> by the process will reset the timeout.
>
> Make the process stdout non-blocking so read() will always return
> right away using os.set_blocking() available in python 3.5 and later.
>
> Then change from python codec reader to plain read() and make
> the ssh subprocess stdout non-blocking. Even with select()
> making sure the file had input to be read, the codec reader was
> trying to find more stuff and blocking for ever when process hangs.
>
> While at it, add a small timeout to read data in larger chunks if
> possible. This avoids reading data one or few characters at a time
> and makes the debug logs more readable.
>
> close() the stdout file in all cases after read loop is complete.
>
> Then make sure to wait or kill the ssh subprocess in all cases.
> Just reading the output stream and receiving EOF there does not mean
> that the process exited, and wait() needs a timeout if the process
> is hanging. In the end kill the process and return the return value
> and captured output utf-8 encoded, just like before these changes.
>
> This fixes ssh run() related deadlocks when a qemu target hangs
> completely.
>
> Signed-off-by: Mikko Rapeli
> ---
> meta/lib/oeqa/core/target/ssh.py | 33 +---
> 1 file changed, 26 insertions(+), 7 deletions(-)
>
> diff --git a/meta/lib/oeqa/core/target/ssh.py
> b/meta/lib/oeqa/core/target/ssh.py
> index 13fd5b2a49..466a795eb4 100644
> --- a/meta/lib/oeqa/core/target/ssh.py
> +++ b/meta/lib/oeqa/core/target/ssh.py
> @@ -229,22 +229,28 @@ def SSHCall(command, logger, timeout=None, **opts):
> if timeout:
> endtime = starttime + timeout
> eof = False
> +os.set_blocking(process.stdout.fileno(), False)
> while time.time() < endtime and not eof:
> -logger.debug('time: %s, endtime: %s' % (time.time(),
> endtime))
> try:
> +logger.debug('Waiting for process output: time: %s,
> endtime: %s' % (time.time(), endtime))
> if select.select([process.stdout], [], [], 5)[0] != []:
> -reader = codecs.getreader('utf-8')(process.stdout,
> 'ignore')
> -data = reader.read(1024, 4096)
> +# wait a bit for more data, tries to avoid reading
> single characters
> +time.sleep(0.2)
> +data = process.stdout.read()
> if not data:
> -process.stdout.close()
> eof = True
> else:
> -output += data
> -logger.debug('Partial data from SSH call:\n%s' %
> data)
> +# ignore errors to capture as much as possible
> +string = data.decode('utf-8', errors='ignore')
I've been trying to remember why we have the reader here and I think
the issue was you can't call decode on partial data :(.
If it happens that there is a multi byte character on the stream
crossing the boundary then you'll get errors. "ignoring" them just
means you'll corrupt data. The case is rare but with long running
commands with utf8 data like some of the ptests, it can be an issue.
That is why the code was written the way it was...
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176939):
https://lists.openembedded.org/g/openembedded-core/message/176939
Mute This Topic: https://lists.openembedded.org/mt/96849157/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 7/8] oeqa qemurunner.py: kill qemu if it hangs
On Thu, 9 Feb 2023 at 10:56, Mikko Rapeli wrote: > It doesn't currently. Should the sigterm_handler() also use SIGKILL if > it has to? Yes please. Let's not duplicate functionality. And please do try to avoid adding hard sleep(), there are usually ways to do things synchronously. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176938): https://lists.openembedded.org/g/openembedded-core/message/176938 Mute This Topic: https://lists.openembedded.org/mt/96849162/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] glibc: unify wordsize.h between arm and aarch64
There is a redundant change in
0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch that
causes wordsize.h to be different in arm and aarch64. This causes the
build error when enable multilib:
Error: Transaction test error:
file /usr/include/bits/wordsize.h conflicts between attempted installs of
lib32-libc6-dev-2.37-r0.armv7vet2hf_vfp and libc6-dev-2.37-r0.cortexa57
Signed-off-by: Yi Zhao
---
...y-the-header-between-arm-and-aarch64.patch | 20 ++-
1 file changed, 6 insertions(+), 14 deletions(-)
diff --git
a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
index 9ed89c93da..90a6cc2363 100644
---
a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
+++
b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
@@ -11,10 +11,10 @@ Upstream-Status: Inappropriate [ OE-Specific ]
Signed-off-by: Khem Raj
---
- sysdeps/aarch64/bits/wordsize.h | 8 ++--
- sysdeps/{aarch64 => arm}/bits/wordsize.h | 10 +++---
- 2 files changed, 13 insertions(+), 5 deletions(-)
- copy sysdeps/{aarch64 => arm}/bits/wordsize.h (80%)
+ sysdeps/aarch64/bits/wordsize.h | 8 ++--
+ sysdeps/{aarch64 => arm}/bits/wordsize.h | 8 ++--
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+ copy sysdeps/{aarch64 => arm}/bits/wordsize.h (85%)
diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h
index 04d4be9519..63876a7830 100644
@@ -40,20 +40,12 @@ index 04d4be9519..63876a7830 100644
#define __WORDSIZE_TIME64_COMPAT320
diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
-similarity index 80%
+similarity index 85%
copy from sysdeps/aarch64/bits/wordsize.h
copy to sysdeps/arm/bits/wordsize.h
-index 04d4be9519..5ef0ed21f3 100644
+index 04d4be9519..63876a7830 100644
--- a/sysdeps/aarch64/bits/wordsize.h
+++ b/sysdeps/arm/bits/wordsize.h
-@@ -1,6 +1,6 @@
- /* Determine the wordsize from the preprocessor defines.
-
-- Copyright (C) 2016-2023 Free Software Foundation, Inc.
-+ Copyright (C) 2016-2022 Free Software Foundation, Inc.
-This file is part of the GNU C Library.
-
-The GNU C Library is free software; you can redistribute it and/or
@@ -17,12 +17,16 @@
License along with the GNU C Library; if not, see
Re: [OE-core] [PATCH v2 7/8] oeqa qemurunner.py: kill qemu if it hangs
Hi,
On Thu, Feb 09, 2023 at 10:45:36AM +0100, Alexander Kanavin wrote:
> Isn't the code waiting 5 seconds and then sending SIGKILL, regardless
> of whether SIGTERM was successful or not here?
Yes. Not nice but better than leaking the process completely.
> I would actually remove this function altogether. qemu process is
> started by runqemu and it's the job of that to clean up the actual
> qemu process properly.
It doesn't currently. Should the sigterm_handler() also use SIGKILL if
it has to?
Cheers,
-Mikko
> Alex
>
> On Thu, 9 Feb 2023 at 09:10, Mikko Rapeli wrote:
> >
> > qemu doesn't always behave well and can hang too.
> > kill it with force if was still alive.
> >
> > Signed-off-by: Mikko Rapeli
> > ---
> > meta/lib/oeqa/utils/qemurunner.py | 7 +++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/meta/lib/oeqa/utils/qemurunner.py
> > b/meta/lib/oeqa/utils/qemurunner.py
> > index bce00c696a..8e3484385d 100644
> > --- a/meta/lib/oeqa/utils/qemurunner.py
> > +++ b/meta/lib/oeqa/utils/qemurunner.py
> > @@ -589,6 +589,13 @@ class QemuRunner:
> > os.kill(self.qemupid, signal.SIGTERM)
> > except ProcessLookupError as e:
> > self.logger.warning('qemu-system ended unexpectedly')
> > +time.sleep(5)
> > +try:
> > +# qemu-system did not behave well
> > +os.kill(self.qemupid, signal.SIGKILL)
> > +except ProcessLookupError as e:
> > +# already dead
> > +pass
> >
> > def stop_thread(self):
> > if self.thread and self.thread.is_alive():
> > --
> > 2.34.1
> >
> >
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176936):
https://lists.openembedded.org/g/openembedded-core/message/176936
Mute This Topic: https://lists.openembedded.org/mt/96849162/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 7/8] oeqa qemurunner.py: kill qemu if it hangs
Isn't the code waiting 5 seconds and then sending SIGKILL, regardless
of whether SIGTERM was successful or not here?
I would actually remove this function altogether. qemu process is
started by runqemu and it's the job of that to clean up the actual
qemu process properly.
Alex
On Thu, 9 Feb 2023 at 09:10, Mikko Rapeli wrote:
>
> qemu doesn't always behave well and can hang too.
> kill it with force if was still alive.
>
> Signed-off-by: Mikko Rapeli
> ---
> meta/lib/oeqa/utils/qemurunner.py | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/meta/lib/oeqa/utils/qemurunner.py
> b/meta/lib/oeqa/utils/qemurunner.py
> index bce00c696a..8e3484385d 100644
> --- a/meta/lib/oeqa/utils/qemurunner.py
> +++ b/meta/lib/oeqa/utils/qemurunner.py
> @@ -589,6 +589,13 @@ class QemuRunner:
> os.kill(self.qemupid, signal.SIGTERM)
> except ProcessLookupError as e:
> self.logger.warning('qemu-system ended unexpectedly')
> +time.sleep(5)
> +try:
> +# qemu-system did not behave well
> +os.kill(self.qemupid, signal.SIGKILL)
> +except ProcessLookupError as e:
> +# already dead
> +pass
>
> def stop_thread(self):
> if self.thread and self.thread.is_alive():
> --
> 2.34.1
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176935):
https://lists.openembedded.org/g/openembedded-core/message/176935
Mute This Topic: https://lists.openembedded.org/mt/96849162/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] sstatesig: Improve output hash calculation
> -Original Message- > From: openembedded-core@lists.openembedded.org > On Behalf Of Mateusz Marciniec > Sent: den 9 februari 2023 00:50 > To: openembedded-core@lists.openembedded.org > Cc: Mateusz Marciniec ; Tomasz Dziendzielski > > Subject: [OE-core][PATCH] sstatesig: Improve output hash calculation > > From: Mateusz Marciniec > > Symbolic links to the files are included during the output hash > calculation but symlinks to the directories are missed. > So if the new symlink to a directory was the only change made, > then the output hash won't change, > and the Hash Equivalence server may change unihash. > In the next run bitbake may use an older package from sstate-cache. > > To fix this followlinks=True flag could be set for os.walk > but it can lead to infinite recursion if link points > to a parent directory of itself. > Also, all files from a directory to which symlink points > would be included in depsig file. > Therefore another solution was applied, I added code that will loop > through directories and process those that are symlinks. > > Signed-off-by: Mateusz Marciniec > Signed-off-by: Tomasz Dziendzielski > --- > meta/lib/oe/sstatesig.py | 5 + > 1 file changed, 5 insertions(+) > > diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py > index f0224454c9..a5bc030f58 100644 > --- a/meta/lib/oe/sstatesig.py > +++ b/meta/lib/oe/sstatesig.py > @@ -652,6 +652,11 @@ def OEOuthashBasic(path, sigfile, task, d): > if f == 'fixmepath': > continue > process(os.path.join(root, f)) > + > +for d in dirs: Don't use `d` as a local variable for the directory, it is universally used as reference to the datastore (also in this function as the function declaration above indicates). Use `dir` instead. > +if not os.path.islink(os.path.join(root, d)): > +continue > +process(os.path.join(root, d)) > finally: > os.chdir(prev_dir) > > -- > 2.39.1 //Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176934): https://lists.openembedded.org/g/openembedded-core/message/176934 Mute This Topic: https://lists.openembedded.org/mt/96843095/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
Hi,
On Thu, Feb 09, 2023 at 09:15:10AM +, Richard Purdie wrote:
> On Thu, 2023-02-09 at 10:09 +0200, Mikko Rapeli wrote:
> > When qemu machine hangs, the ssh commands done by tests
> > are not timing out. do_testimage() task has last logs like this:
> >
> > DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
> >
> > The test process is stuck for hours, or for ever if the
> > executing command or test case did not set a timeout correctly.
> > The default 300 second timeout is not working when target hangs.
> > Note that timeout is really a "inactive timeout" since data returned
> > by the process will reset the timeout.
> >
> > Make the process stdout non-blocking so read() will always return
> > right away using os.set_blocking() available in python 3.5 and later.
> >
> > Then change from python codec reader to plain read() and make
> > the ssh subprocess stdout non-blocking. Even with select()
> > making sure the file had input to be read, the codec reader was
> > trying to find more stuff and blocking for ever when process hangs.
> >
> > While at it, add a small timeout to read data in larger chunks if
> > possible. This avoids reading data one or few characters at a time
> > and makes the debug logs more readable.
> >
> > close() the stdout file in all cases after read loop is complete.
> >
> > Then make sure to wait or kill the ssh subprocess in all cases.
> > Just reading the output stream and receiving EOF there does not mean
> > that the process exited, and wait() needs a timeout if the process
> > is hanging. In the end kill the process and return the return value
> > and captured output utf-8 encoded, just like before these changes.
> >
> > This fixes ssh run() related deadlocks when a qemu target hangs
> > completely.
> >
> > Signed-off-by: Mikko Rapeli
> > ---
> > meta/lib/oeqa/core/target/ssh.py | 33 +---
> > 1 file changed, 26 insertions(+), 7 deletions(-)
> >
> > diff --git a/meta/lib/oeqa/core/target/ssh.py
> > b/meta/lib/oeqa/core/target/ssh.py
> > index 13fd5b2a49..466a795eb4 100644
> > --- a/meta/lib/oeqa/core/target/ssh.py
> > +++ b/meta/lib/oeqa/core/target/ssh.py
> > @@ -229,22 +229,28 @@ def SSHCall(command, logger, timeout=None, **opts):
> > if timeout:
> > endtime = starttime + timeout
> > eof = False
> > +os.set_blocking(process.stdout.fileno(), False)
> > while time.time() < endtime and not eof:
> > -logger.debug('time: %s, endtime: %s' % (time.time(),
> > endtime))
> > try:
> > +logger.debug('Waiting for process output: time: %s,
> > endtime: %s' % (time.time(), endtime))
> > if select.select([process.stdout], [], [], 5)[0] != []:
> > -reader = codecs.getreader('utf-8')(process.stdout,
> > 'ignore')
> > -data = reader.read(1024, 4096)
> > +# wait a bit for more data, tries to avoid reading
> > single characters
> > +time.sleep(0.2)
> > +data = process.stdout.read()
> > if not data:
> > -process.stdout.close()
> > eof = True
>
> I'm not sure I understand the use of eof now. If stdout is non-
> blocking, it would be perfectly normal for it to return with no data
> but that doesn't mean we're at eof, it just means there is no data
> ready?
The select() makes sure that there must be data available for read(), or eof
when the
file descriptor is closed. But closed file descriptor does not mean that
the subprocess is dead. For that we must wait() with a timeout and
possibly after that kill().
> I suspect the code might be ok but we should stop calling it eof since
> it no longer is?
>
> I also tend to dislike sleep() codepaths as it usually means the code
> is sub optimal. I was going to make further suggestions but I stepped
> back and looked at the bigger picture of the code.
I think sleep() is ok in this case to reduce busy looping over serial
console and read() more data than what select() initially saw. Reading
single character at a time is a bit silly and just wastes CPU time when
we don't need ms level accuracy.
> The code is basically doing:
>
> if timeout:
>
> else:
> output = process.communicate()
>
>
> Python 3.3 added a timeout parameter to subprocess.communicate(). Can
> we just use that instead? Or is there something special about our needs
> which means we can't?
The current code uses timeout as "inactivity timeout" and thus code
reads output using select() and read() until the end or if there is no
output until timeout.
Code could use communicate() with a timeout but would still need to use
select() and read() loop to check if there was any output. I did not see
a simple way to rewrite this in a more pythonic way. The reader
Re: [OE-core] [[langdale][PATCH]] Upgrade OpenSSL 3.0.7 -> 3.0.8
Thank you, but please submit for master first, and only then for LTS branches.
Alex
On Thu, 9 Feb 2023 at 09:26, mv wrote:
>
> From: Siddharth Doshi
>
> OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
> security vulnerability [1].
>
> Upgrade the recipe to point to 3.0.8.
>
> CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
> well.
>
> [1] https://www.openssl.org/news/vulnerabilities.html
>
> CVEs Fixed:
> https://www.openssl.org/news/secadv/20230207.txt
>
> Signed-off-by: Siddharth Doshi
> ---
> .../openssl/openssl/CVE-2022-3996.patch | 43 ---
> .../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 2 +-
> 2 files changed, 1 insertion(+), 44 deletions(-)
> delete mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
> openssl_3.0.8.bb} (99%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> deleted file mode 100644
> index 6d70b323d1..00
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> +++ /dev/null
> @@ -1,43 +0,0 @@
> -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> -From: Pauli
> -Date: Fri, 11 Nov 2022 09:40:19 +1100
> -Subject: [PATCH] x509: fix double locking problem
> -
> -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
> -redundant flag setting.
> -
> -Fixes #19643
> -
> -Fixes LOW CVE-2022-3996
> -
> -Reviewed-by: Dmitry Belyavskiy
> -Reviewed-by: Tomas Mraz
> -(Merged from https://github.com/openssl/openssl/pull/19652)
> -
> -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> -
> -Upstream-Status: Backport
> [https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
> -CVE: CVE-2022-3996
> -Signed-off-by: Vivek Kumbhar
>
> - crypto/x509/pcy_map.c | 4
> - 1 file changed, 4 deletions(-)
> -
> -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> -index 05406c6493..60dfd1e320 100644
> a/crypto/x509/pcy_map.c
> -+++ b/crypto/x509/pcy_map.c
> -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x,
> POLICY_MAPPINGS *maps)
> -
> - ret = 1;
> - bad_mapping:
> --if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> --x->ex_flags |= EXFLAG_INVALID_POLICY;
> --CRYPTO_THREAD_unlock(x->lock);
> --}
> - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> - return ret;
> -
> ---
> -2.30.2
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> similarity index 99%
> rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> index 1842148592..c80df7b2ae 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
> file://environment.d-openssl.sh \
> "
>
> -SRC_URI[sha256sum] =
> "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
> +SRC_URI[sha256sum] =
> "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
>
> inherit lib_package multilib_header multilib_script ptest perlnative
> MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
> --
> 2.25.1
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176932):
https://lists.openembedded.org/g/openembedded-core/message/176932
Mute This Topic: https://lists.openembedded.org/mt/96849339/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] Qemu doesn't respond while logging in for the Rust Oe-Selftest implementation.
On Thu, 9 Feb 2023 at 09:58, Richard Purdie wrote: > This failure could have many causes. To try and help narrow it down, > does another oe-selftest that uses runqemu work ok? That would tell us > if this is specific to the rust test or a more general issue since the > other tests are known to work for others. > > I assume you're just running "oe-selftest -r rust" with no other tests > active? > > It is unlikely to be debug-tweaks related since the connection is > refused, which means it never gets as far as trying to authenticate and > therefore likely isn't user/privilege related. I would also suggest that you look at the steps that the test performs, and replicate them on the command line. That way you could work towards narrowing the failure down to the specific point where it occurs. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176931): https://lists.openembedded.org/g/openembedded-core/message/176931 Mute This Topic: https://lists.openembedded.org/mt/96848446/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
On Thu, 2023-02-09 at 10:09 +0200, Mikko Rapeli wrote:
> When qemu machine hangs, the ssh commands done by tests
> are not timing out. do_testimage() task has last logs like this:
>
> DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
>
> The test process is stuck for hours, or for ever if the
> executing command or test case did not set a timeout correctly.
> The default 300 second timeout is not working when target hangs.
> Note that timeout is really a "inactive timeout" since data returned
> by the process will reset the timeout.
>
> Make the process stdout non-blocking so read() will always return
> right away using os.set_blocking() available in python 3.5 and later.
>
> Then change from python codec reader to plain read() and make
> the ssh subprocess stdout non-blocking. Even with select()
> making sure the file had input to be read, the codec reader was
> trying to find more stuff and blocking for ever when process hangs.
>
> While at it, add a small timeout to read data in larger chunks if
> possible. This avoids reading data one or few characters at a time
> and makes the debug logs more readable.
>
> close() the stdout file in all cases after read loop is complete.
>
> Then make sure to wait or kill the ssh subprocess in all cases.
> Just reading the output stream and receiving EOF there does not mean
> that the process exited, and wait() needs a timeout if the process
> is hanging. In the end kill the process and return the return value
> and captured output utf-8 encoded, just like before these changes.
>
> This fixes ssh run() related deadlocks when a qemu target hangs
> completely.
>
> Signed-off-by: Mikko Rapeli
> ---
> meta/lib/oeqa/core/target/ssh.py | 33 +---
> 1 file changed, 26 insertions(+), 7 deletions(-)
>
> diff --git a/meta/lib/oeqa/core/target/ssh.py
> b/meta/lib/oeqa/core/target/ssh.py
> index 13fd5b2a49..466a795eb4 100644
> --- a/meta/lib/oeqa/core/target/ssh.py
> +++ b/meta/lib/oeqa/core/target/ssh.py
> @@ -229,22 +229,28 @@ def SSHCall(command, logger, timeout=None, **opts):
> if timeout:
> endtime = starttime + timeout
> eof = False
> +os.set_blocking(process.stdout.fileno(), False)
> while time.time() < endtime and not eof:
> -logger.debug('time: %s, endtime: %s' % (time.time(),
> endtime))
> try:
> +logger.debug('Waiting for process output: time: %s,
> endtime: %s' % (time.time(), endtime))
> if select.select([process.stdout], [], [], 5)[0] != []:
> -reader = codecs.getreader('utf-8')(process.stdout,
> 'ignore')
> -data = reader.read(1024, 4096)
> +# wait a bit for more data, tries to avoid reading
> single characters
> +time.sleep(0.2)
> +data = process.stdout.read()
> if not data:
> -process.stdout.close()
> eof = True
I'm not sure I understand the use of eof now. If stdout is non-
blocking, it would be perfectly normal for it to return with no data
but that doesn't mean we're at eof, it just means there is no data
ready?
I suspect the code might be ok but we should stop calling it eof since
it no longer is?
I also tend to dislike sleep() codepaths as it usually means the code
is sub optimal. I was going to make further suggestions but I stepped
back and looked at the bigger picture of the code.
The code is basically doing:
if timeout:
else:
output = process.communicate()
Python 3.3 added a timeout parameter to subprocess.communicate(). Can
we just use that instead? Or is there something special about our needs
which means we can't?
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176930):
https://lists.openembedded.org/g/openembedded-core/message/176930
Mute This Topic: https://lists.openembedded.org/mt/96849157/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] Qemu doesn't respond while logging in for the Rust Oe-Selftest implementation.
On Thu, 2023-02-09 at 06:38 +, Shinde, Yash wrote:
> I got the following error while logging in to qemu for Rust Oe-
> Selftest forx86 target:
>
> 2023-02-07 04:09:21,688 - oe-selftest - INFO - Traceback (most recent
> call last):
>
> File "/ala-lpggp31/yshinde/rust-
> oe/poky/meta/lib/oeqa/selftest/cases/rust.py", line 29, in test_rust
> ssh.copy_to(builddir + "/" + "build/x86_64-unknown-linux-
> gnu/stage1-tools-bin/remote-test-server","~/")
> File "/ala-lpggp31/yshinde/rust-
> oe/poky/meta/lib/oeqa/utils/sshcontrol.py", line 156, in copy_to
> return self._internal_run(command, ignore_status=False)
> File "/ala-lpggp31/yshinde/rust-
> oe/poky/meta/lib/oeqa/utils/sshcontrol.py", line 132, in
> _internal_run
> raise AssertionError("Command '%s' returned non-zero exit status
> %d:\n%s" % (command, status, output))
> AssertionError: Command '['scp', '-o',
> 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-
> o', 'LogLevel=ERROR', '/ala-lpggp31/yshinde/rust-oe/poky/build-
> st/tmp/work/core2-32-poky-linux/rust/1.67.0-r0/rustc-1.67.0-
> src/build/x86_64-unknown-linux-gnu/stage1-tools-bin/remote-test-
> server', 'root@192.168.7.2:~/']' returned non-zero exit status 1:
> b'ssh: connect to host 192.168.7.2 port 22: Connection
> refused\r\nlost connection'
>
> runqemu - INFO - Host uptime: 4269209.76
>
> Waiting at most 1000 seconds for login banner (02/07/23 04:06:35)
> Connection from 127.0.0.1:55320
> Reached login banner in 46.25083827972412 seconds (02/07/23 04:07:21,
> 1675771641.4426777)
> Couldn't login into serial console as root using blank password
>
> The output:
> Poky (Yocto Project Reference Distro) 4.1+snapshot-
> edb60ef6fd49764174d140ccae04fca65db131e0 qemux86 /dev/ttyS1
> qemux86 login: <<< run_serial(): command timed out after 120 seconds
> without output >>>
>
>
> The Rust Oe-selftest terminates after this and it happens only with
> the x86 target. Any particular reason for this behaviour? I have
> attachedoe-selftest-results (complete log file) of the Rust oe-
> selftest.
> While analysing, I found a topic related to this in oe-core-
> https://lists.openembedded.org/g/openembedded-core/topic/82536316
> What is the final conclusion or fix here? (I am a bit confused here.)
>
> The patch for Rust Oe-Selftest implementation can be found here:
> https://lists.openembedded.org/g/openembedded-core/topic/93454351
>
> Let me know if I am missing anything.
This failure could have many causes. To try and help narrow it down,
does another oe-selftest that uses runqemu work ok? That would tell us
if this is specific to the rust test or a more general issue since the
other tests are known to work for others.
I assume you're just running "oe-selftest -r rust" with no other tests
active?
It is unlikely to be debug-tweaks related since the connection is
refused, which means it never gets as far as trying to authenticate and
therefore likely isn't user/privilege related.
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176929):
https://lists.openembedded.org/g/openembedded-core/message/176929
Mute This Topic: https://lists.openembedded.org/mt/96848446/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [[langdale][PATCH]] Upgrade OpenSSL 3.0.7 -> 3.0.8
From: Siddharth Doshi
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2022-3996.patch | 43 ---
.../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 2 +-
2 files changed, 1 insertion(+), 44 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
openssl_3.0.8.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
deleted file mode 100644
index 6d70b323d1..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy
-Reviewed-by: Tomas Mraz
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
-
-Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
-CVE: CVE-2022-3996
-Signed-off-by: Vivek Kumbhar
- crypto/x509/pcy_map.c | 4
- 1 file changed, 4 deletions(-)
-
-diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
-index 05406c6493..60dfd1e320 100644
a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS
*maps)
-
- ret = 1;
- bad_mapping:
--if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
--x->ex_flags |= EXFLAG_INVALID_POLICY;
--CRYPTO_THREAD_unlock(x->lock);
--}
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
---
-2.30.2
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 1842148592..c80df7b2ae 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] =
"6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176928):
https://lists.openembedded.org/g/openembedded-core/message/176928
Mute This Topic: https://lists.openembedded.org/mt/96849339/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 6/8] oeqa qemurunner.py: add timeout to QMP calls
When a qemu machine hangs, the QMP calls can hang for ever
too, and when this happens any failing test commands from ssh
runner may be followed by dump_monitor() calls which
then also hang. Hangs followed by hangs.
Use runqemutime at setup and run_monitor() specific timeout
for later calls.
Signed-off-by: Mikko Rapeli
---
meta/lib/oeqa/utils/qemurunner.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/lib/oeqa/utils/qemurunner.py
b/meta/lib/oeqa/utils/qemurunner.py
index 2e054447fc..bce00c696a 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -350,6 +350,8 @@ class QemuRunner:
return False
try:
+# set timeout value for all QMP calls
+self.qmp.settimeout(self.runqemutime)
self.qmp.connect()
connect_time = time.time()
self.logger.info("QMP connected to QEMU at %s and took %s
seconds" %
@@ -628,6 +630,7 @@ class QemuRunner:
def run_monitor(self, command, args=None, timeout=60):
if hasattr(self, 'qmp') and self.qmp:
+self.qmp.settimeout(timeout)
if args is not None:
return self.qmp.cmd(command, args)
else:
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176925):
https://lists.openembedded.org/g/openembedded-core/message/176925
Mute This Topic: https://lists.openembedded.org/mt/96849161/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 7/8] oeqa qemurunner.py: kill qemu if it hangs
qemu doesn't always behave well and can hang too.
kill it with force if was still alive.
Signed-off-by: Mikko Rapeli
---
meta/lib/oeqa/utils/qemurunner.py | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/lib/oeqa/utils/qemurunner.py
b/meta/lib/oeqa/utils/qemurunner.py
index bce00c696a..8e3484385d 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -589,6 +589,13 @@ class QemuRunner:
os.kill(self.qemupid, signal.SIGTERM)
except ProcessLookupError as e:
self.logger.warning('qemu-system ended unexpectedly')
+time.sleep(5)
+try:
+# qemu-system did not behave well
+os.kill(self.qemupid, signal.SIGKILL)
+except ProcessLookupError as e:
+# already dead
+pass
def stop_thread(self):
if self.thread and self.thread.is_alive():
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176926):
https://lists.openembedded.org/g/openembedded-core/message/176926
Mute This Topic: https://lists.openembedded.org/mt/96849162/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 8/8] oeqa qemurunner.py: try to avoid reading one character at a time
Read from serial console with a small delay to bundle data to e.g.
full lines. Reading one character at a time is not needed and causes
busy looping.
Signed-off-by: Mikko Rapeli
---
meta/lib/oeqa/utils/qemurunner.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/oeqa/utils/qemurunner.py
b/meta/lib/oeqa/utils/qemurunner.py
index 8e3484385d..0f4157d318 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -665,6 +665,8 @@ class QemuRunner:
except InterruptedError:
continue
if sread:
+# try to avoid reading single character at a time
+time.sleep(0.1)
answer = self.server_socket.recv(1024)
if answer:
data += answer.decode('utf-8')
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176927):
https://lists.openembedded.org/g/openembedded-core/message/176927
Mute This Topic: https://lists.openembedded.org/mt/96849163/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 4/8] oeqa dump.py: add error counter and stop after 5 failures
If test target qemu machine hangs completely, dump_target() calls
over serial console are taking a long time to time out, possibly
for every failing ssh command execution and a lot of test cases,
and same with dump_monitor().
Instead of trying for ever, count errors and after 5 stop trying
to dump_target() and dump_monitor() completely.
These help to end testing earlier when a test target is completely
deadlocked and all ssh, serial and QMP communication with it are
failing.
Signed-off-by: Mikko Rapeli
---
meta/lib/oeqa/utils/dump.py | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/utils/dump.py b/meta/lib/oeqa/utils/dump.py
index bcee03b576..d420b497f9 100644
--- a/meta/lib/oeqa/utils/dump.py
+++ b/meta/lib/oeqa/utils/dump.py
@@ -93,37 +93,55 @@ class HostDumper(BaseDumper):
self._write_dump(cmd.split()[0], result.output)
class TargetDumper(BaseDumper):
-""" Class to get dumps from target, it only works with QemuRunner """
+""" Class to get dumps from target, it only works with QemuRunner.
+Will give up permanently after 5 errors from running commands over
+serial console. This helps to end testing when target is really dead,
hanging
+or unresponsive.
+"""
def __init__(self, cmds, parent_dir, runner):
super(TargetDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+self.errors = 0
def dump_target(self, dump_dir=""):
+if self.errors >= 5:
+print("Too many errors when dumping data from target, assuming
it is dead! Will not dump data anymore!")
+return
if dump_dir:
self.dump_dir = dump_dir
for cmd in self.cmds:
# We can continue with the testing if serial commands fail
try:
(status, output) = self.runner.run_serial(cmd)
+if status == 0:
+self.errors = self.errors + 1
self._write_dump(cmd.split()[0], output)
except:
+self.errors = self.errors + 1
print("Tried to dump info from target but "
"serial console failed")
print("Failed CMD: %s" % (cmd))
class MonitorDumper(BaseDumper):
-""" Class to get dumps via the Qemu Monitor, it only works with QemuRunner
"""
+""" Class to get dumps via the Qemu Monitor, it only works with QemuRunner
+Will stop completely if there are more than 5 errors when dumping
monitor data.
+This helps to end testing when target is really dead, hanging or
unresponsive.
+"""
def __init__(self, cmds, parent_dir, runner):
super(MonitorDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+self.errors = 0
def dump_monitor(self, dump_dir=""):
if self.runner is None:
return
if dump_dir:
self.dump_dir = dump_dir
+if self.errors >= 5:
+print("Too many errors when dumping data from qemu monitor,
assuming it is dead! Will not dump data anymore!")
+return
for cmd in self.cmds:
cmd_name = cmd.split()[0]
try:
@@ -137,4 +155,5 @@ class MonitorDumper(BaseDumper):
output = self.runner.run_monitor(cmd_name)
self._write_dump(cmd_name, output)
except Exception as e:
+self.errors = self.errors + 1
print("Failed to dump QMP CMD: %s with\nException: %s" %
(cmd_name, e))
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176923):
https://lists.openembedded.org/g/openembedded-core/message/176923
Mute This Topic: https://lists.openembedded.org/mt/96849159/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 5/8] oeqa qemurunner: read more data at a time from serial
Use a short sleep to bundle serial console reads so that
we are not reading one character at a time which reduces busy
looping.
Signed-off-by: Mikko Rapeli
---
meta/lib/oeqa/utils/qemurunner.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/utils/qemurunner.py
b/meta/lib/oeqa/utils/qemurunner.py
index 8b893601d4..2e054447fc 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -202,7 +202,7 @@ class QemuRunner:
qmp_file = "." + next(tempfile._get_candidate_names())
qmp_param = ' -S -qmp unix:./%s,server,wait' % (qmp_file)
qmp_port = self.tmpdir + "/" + qmp_file
-# Create a second socket connection for debugging use,
+# Create a second socket connection for debugging use,
# note this will NOT cause qemu to block waiting for the connection
qmp_file2 = "." + next(tempfile._get_candidate_names())
qmp_param += ' -qmp unix:./%s,server,nowait' % (qmp_file2)
@@ -468,6 +468,8 @@ class QemuRunner:
socklist.remove(self.server_socket)
self.logger.debug("Connection from %s:%s" % addr)
else:
+# try to avoid reading only a single character at a time
+time.sleep(0.1)
data = data + sock.recv(1024)
if data:
bootlog += data
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176924):
https://lists.openembedded.org/g/openembedded-core/message/176924
Mute This Topic: https://lists.openembedded.org/mt/96849160/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 3/8] oeqa ssh.py: add connection keep alive options to ssh client
Configure ssh client to test that connection with server is up. If the server does not respond within a minute then the connection, target machine or sshd daemon are stuck and it's better to exit the command execution with errors. Some tests can execute a long time without returning stdout/stderror data and it's difficult to adjust timers for those cases if connection to target machine or the target machine itself hangs and output is not expected in minutes or even hours. Signed-off-by: Mikko Rapeli --- meta/lib/oeqa/core/target/ssh.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py index 466a795eb4..bb3f2e3dc3 100644 --- a/meta/lib/oeqa/core/target/ssh.py +++ b/meta/lib/oeqa/core/target/ssh.py @@ -34,6 +34,8 @@ class OESSHTarget(OETarget): self.timeout = timeout self.user = user ssh_options = [ +'-o', 'ServerAliveCountMax=2', +'-o', 'ServerAliveInterval=30', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-o', 'LogLevel=ERROR' -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176922): https://lists.openembedded.org/g/openembedded-core/message/176922 Mute This Topic: https://lists.openembedded.org/mt/96849158/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 0/8] fix oeqa runtime test framework when qemu hangs
I get a qemu hang on kirkstone, swtpm and optee. One of the optee-test/xtest hangs the qemu machine in some kind of deadlock. While this needs to be debugged and fixed, the oeqa runtime tests also hanged and never returned. Thus this patch set. With these changes qemu deadlock is detected and do_testimage() task eventually exits with all correct tests failing and the hangin qemu system gets killed. Tested on kirkstone and cherry-picked to master. If something blows up I'll do more testing on master branch based setup. v2: removed all debug prints v1: https://lists.openembedded.org/g/openembedded-core/message/176192 Mikko Rapeli (8): oeqa ssh.py: move output prints to new line oeqa ssh.py: fix hangs in run() oeqa ssh.py: add connection keep alive options to ssh client oeqa dump.py: add error counter and stop after 5 failures oeqa qemurunner: read more data at a time from serial oeqa qemurunner.py: add timeout to QMP calls oeqa qemurunner.py: kill qemu if it hangs oeqa qemurunner.py: try to avoid reading one character at a time meta/lib/oeqa/core/target/ssh.py | 39 --- meta/lib/oeqa/utils/dump.py | 23 -- meta/lib/oeqa/utils/qemurunner.py | 16 - 3 files changed, 66 insertions(+), 12 deletions(-) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176919): https://lists.openembedded.org/g/openembedded-core/message/176919 Mute This Topic: https://lists.openembedded.org/mt/96849155/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 1/8] oeqa ssh.py: move output prints to new line
The output from is garbled otherwise and it's not
easy to remove debug output form real command output on target.
Signed-off-by: Mikko Rapeli
---
meta/lib/oeqa/core/target/ssh.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 7a10ba9763..13fd5b2a49 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -240,7 +240,7 @@ def SSHCall(command, logger, timeout=None, **opts):
eof = True
else:
output += data
-logger.debug('Partial data from SSH call: %s' %
data)
+logger.debug('Partial data from SSH call:\n%s' %
data)
endtime = time.time() + timeout
except InterruptedError:
continue
@@ -256,12 +256,12 @@ def SSHCall(command, logger, timeout=None, **opts):
endtime = time.time() - starttime
lastline = ("\nProcess killed - no output for %d seconds.
Total"
" running time: %d seconds." % (timeout, endtime))
-logger.debug('Received data from SSH call %s ' % lastline)
+logger.debug('Received data from SSH call:\n%s ' % lastline)
output += lastline
else:
output = process.communicate()[0].decode('utf-8', errors='ignore')
-logger.debug('Data from SSH call: %s' % output.rstrip())
+logger.debug('Data from SSH call:\n%s' % output.rstrip())
options = {
"stdout": subprocess.PIPE,
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176920):
https://lists.openembedded.org/g/openembedded-core/message/176920
Mute This Topic: https://lists.openembedded.org/mt/96849156/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 2/8] oeqa ssh.py: fix hangs in run()
When qemu machine hangs, the ssh commands done by tests
are not timing out. do_testimage() task has last logs like this:
DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
The test process is stuck for hours, or for ever if the
executing command or test case did not set a timeout correctly.
The default 300 second timeout is not working when target hangs.
Note that timeout is really a "inactive timeout" since data returned
by the process will reset the timeout.
Make the process stdout non-blocking so read() will always return
right away using os.set_blocking() available in python 3.5 and later.
Then change from python codec reader to plain read() and make
the ssh subprocess stdout non-blocking. Even with select()
making sure the file had input to be read, the codec reader was
trying to find more stuff and blocking for ever when process hangs.
While at it, add a small timeout to read data in larger chunks if
possible. This avoids reading data one or few characters at a time
and makes the debug logs more readable.
close() the stdout file in all cases after read loop is complete.
Then make sure to wait or kill the ssh subprocess in all cases.
Just reading the output stream and receiving EOF there does not mean
that the process exited, and wait() needs a timeout if the process
is hanging. In the end kill the process and return the return value
and captured output utf-8 encoded, just like before these changes.
This fixes ssh run() related deadlocks when a qemu target hangs
completely.
Signed-off-by: Mikko Rapeli
---
meta/lib/oeqa/core/target/ssh.py | 33 +---
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 13fd5b2a49..466a795eb4 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -229,22 +229,28 @@ def SSHCall(command, logger, timeout=None, **opts):
if timeout:
endtime = starttime + timeout
eof = False
+os.set_blocking(process.stdout.fileno(), False)
while time.time() < endtime and not eof:
-logger.debug('time: %s, endtime: %s' % (time.time(), endtime))
try:
+logger.debug('Waiting for process output: time: %s,
endtime: %s' % (time.time(), endtime))
if select.select([process.stdout], [], [], 5)[0] != []:
-reader = codecs.getreader('utf-8')(process.stdout,
'ignore')
-data = reader.read(1024, 4096)
+# wait a bit for more data, tries to avoid reading
single characters
+time.sleep(0.2)
+data = process.stdout.read()
if not data:
-process.stdout.close()
eof = True
else:
-output += data
-logger.debug('Partial data from SSH call:\n%s' %
data)
+# ignore errors to capture as much as possible
+string = data.decode('utf-8', errors='ignore')
+output += string
+logger.debug('Partial data from SSH call:\n%s' %
string)
endtime = time.time() + timeout
except InterruptedError:
+logger.debug('InterruptedError')
continue
+process.stdout.close()
+
# process hasn't returned yet
if not eof:
process.terminate()
@@ -252,6 +258,7 @@ def SSHCall(command, logger, timeout=None, **opts):
try:
process.kill()
except OSError:
+logger.debug('OSError when killing process')
pass
endtime = time.time() - starttime
lastline = ("\nProcess killed - no output for %d seconds.
Total"
@@ -263,6 +270,17 @@ def SSHCall(command, logger, timeout=None, **opts):
output = process.communicate()[0].decode('utf-8', errors='ignore')
logger.debug('Data from SSH call:\n%s' % output.rstrip())
+# timout or not, make sure process exits and is not hanging
+if process.returncode == None:
+try:
+process.wait(timeout=5)
+except TimeoutExpired:
+try:
+process.kill()
+except OSError:
+logger.debug('OSError')
+pass
+
options = {
"stdout": subprocess.PIPE,
"stderr": subprocess.STDOUT,
@@ -290,4 +308,5 @@ def SSHCall(command, logger, timeout=None, **opts):
process.kill()
logger.debug('Something went wrong, killing SSH process')
raise
-return (process.wait(), output.rstrip())
+
+return
[OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8
From: Siddharth Doshi
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.html
CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2022-3996.patch | 43 ---
.../{openssl_3.0.7.bb => openssl_3.0.8.bb}| 2 +-
2 files changed, 1 insertion(+), 44 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
openssl_3.0.8.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
deleted file mode 100644
index 6d70b323d1..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy
-Reviewed-by: Tomas Mraz
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
-
-Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
-CVE: CVE-2022-3996
-Signed-off-by: Vivek Kumbhar
- crypto/x509/pcy_map.c | 4
- 1 file changed, 4 deletions(-)
-
-diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
-index 05406c6493..60dfd1e320 100644
a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS
*maps)
-
- ret = 1;
- bad_mapping:
--if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
--x->ex_flags |= EXFLAG_INVALID_POLICY;
--CRYPTO_THREAD_unlock(x->lock);
--}
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
---
-2.30.2
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 1842148592..c80df7b2ae 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] =
"6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176918):
https://lists.openembedded.org/g/openembedded-core/message/176918
Mute This Topic: https://lists.openembedded.org/mt/96849077/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
