If a remote patch is compressed we need to have run the unpack task for
the file to exist locally. Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.
Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.
(From OE-Core rev: cefc8741438c91f74264da6b59dece2e31f9e5a5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adding a dependency on ourselves in this function doesn't make sense, the hash
may change after hash equivalence is applied. Other code using BB_TASKDEPDATA does
handle the self reference correctly (which is there for a reason), update this
code to do likewise.
(From OE-Core rev: d98b06c9c6f480de1e5167bfe8392e39300fc02c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
busybox also installs findfs but into base_sbindir which works out to be
ok when sbindir != base_sbindir but with usrmerge distro feature enabled
this starts to cause trouble because busybox's postinst is trying to
create a symlink for findfs applet in base_sbindir which is same as
sbindir now and there already is binary from util-linux and image fails
to build
do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
The real reason is burried in do_rootfs logs
update-alternatives: Error: not linking /mnt/b/yoe/master/build/tmp/work/beaglebone-yoe-linux-gnueabi/yoe-sdk-image/1.0-r0/rootfs/usr/sbin/findfs to /usr/bin/busybox.suid since /mnt/b/yoe/master/build/tmp/work/beaglebone-yoe-linux-gnueabi/yoe-sdk-image/1.0-r0/rootfs/usr/sbin/findfs exists and is not a link
Creating proper u-a for findfs in util-linux fixes the issue
(From OE-Core rev: 211ae2db1ab8fec1ed678170f9d8cbca2cc27ef3)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In order to build erofs filesystems, wic must have the erofs-utils
package installed into its sysroot.
Fixes: 30375ce97 ("Add support for erofs filesystems")
(From OE-Core rev: 68e364340c439a1341d37c3f7a2b0e6aad8e1e56)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The tarball (neard-0.16.tar.xz) fetched by the recipe is incomplete.
Few plugins (e.g. tizen) and tests scripts (e.g. Test-channel, test-see,
neard-ui.py, ndef-agent etc) are missing.
Since neard did not release latest tarballs, so as per community
recommendation switching the recipe SRC_URI to git repo.
Community Discussion:
https://lists.openembedded.org/g/openembedded-core/topic/90058043#163681
(From OE-Core rev: b563f40ebf4461d9c35df72bd7599ea11e97da9c)
Signed-off-by: Rahul Kumar <rahul.kumar_3@philips.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This prevented variables from being substituted through the
code in yocto-vars.py, at least in the files included this way.
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
(From yocto-docs rev: b7375ea4380e716a02c736e4231aaf7c1d868c6b)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove the reference to the GPL license, unnecessary
in this part of the manual and pointing to a wrong
link (LGPL instead of GPL).
Anyway, we have no authority to say that the MIT license
is compatible with the GPL.
Also provide details about the MIT license through Wikipedia,
instead of just the raw license text with no explanations
through opensource.org.
(From yocto-docs rev: a09fcd9d850d2b52f40d953b11412c9568a77db7)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The path has been encoded by urllib.parse.quote(), so decode it back for ssh.
Fixed when fetch from PREMIRRORS via ssh:
$ bitbake bonnie++ libsigc++-2.0 -cfetch
scp: /path/to/downloads/libsigc%2B%2B-2.10.7.tar.xz: No such file or directory
(Bitbake rev: c1c8fc678eb4783cea3974328a5fa8d1b79f1266)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This probably means the osc fetcher isn't being used but fix the missing
parameter.
(Bitbake rev: a23c201cb6efc5c0abf763c26f905442f0eebb68)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recent git releases containing [1] have an ownership check when opening
repositories, and refuse to open a repository if it is owned by a
different user.
This breaks any use of git in do_install, as that is executed by the
(fake) root user. Whilst not common, this does happen.
Setting the git configuration safe.directories=* disables this check, so
that git is usable in fakeroot tasks. This can be set globally via the
internal environment variable GIT_CONFIG_PARAMETERS, we can't use
GIT_CONFIG_*_KEY/VALUE as that isn't present in all the releases which
have the ownership check.
We already set GIT_CEILING_DIRECTORIES to ensure that git doesn't
recurse up out of the work directory, so this isn't a security issue.
[1] 8959555cee
(From OE-Core rev: 8bed8e6993e7297bdcd68940aa0d47ef47120117)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're going to use the environment approach for solving this issue.
(From OE-Core rev: 0982977dc052ad4e65608f6853f930121d08837a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Post release add langdale to the series names.
(From OE-Core rev: dc3b319a5fc47372bc111da5bc26d7dda1b17598)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Now suggesting to run 'runqemu qemux86-64',
aligning with conf-notes.txt in openembedded-core
'runqemu qemux86' doesn't work any more.
The "Quick Build" documentation has already been updated
but not this message that we get when sourcing "oe-init-build-env"
(From meta-yocto rev: d0d39a9057b3da3de339b8fa81545be9800478e8)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need to disable the use the default configuration file. This is
to ensure that user settings do not mess things up when building go
recipes.
For example, if I set 'GOBIN=./relative/path' in $HOME/.config/go/env,
then go-runtime fails to build with error like below:
cannot install, GOBIN must be an absolute path
According to `go help environment',
"""
Setting GOENV=off in the environment disables the use of the default
configuration file.
"""
We can explicitly disable the configuration file by setting GOENV to off.
(From OE-Core rev: 711b41744ab08ee62c71cdccca335a7828ec0ba1)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building FreeRTOS this dependency generates an error because
bitbake cannot find any provider for "virtual/kernel".
>From a dependency analysis the task is executed independently from
this so it can be safely removed.
This patch has been discussed in this ML thread:
https://lists.openembedded.org/g/openembedded-core/topic/90602531
(From OE-Core rev: 1c02b768a71ec88bfe1cc0c4443683de8b66056e)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This will allow the autobuilder-helper run-docs-build script to obtain
the latest release name.
(From yocto-docs rev: 733b7f301e44010579e1315f19eff737628d635e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This package will provide a limited set of localedata for musl based
systems. It will fill in into images when IMAGE_LINGUAS variable is set
however the choice is limited to the given 13 locales as of now.
e.g.
IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
would work fine
Default locale can be set by exporting LANG=<locale> in /etc/profile or some
such file e.g.
export LANG=de_DE.UTF-8
This will also help in ptest coverage with musl where some test packages
expect locales e.g. pango to name one.
Do not empty out IMAGE_LINGUAS forcibly for musl anymore
(From OE-Core rev: 5643f9722db250ac9eb4f955b02500420cb29556)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise it will fail if using OE_TERMINAL = "xterm" with the not so
helpful error:
xterm: Xt error: Can't open display: localhost:0.0
(From OE-Core rev: ba53fc3bcecfe32401471dc1008c7ead96504150)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In bitbake commit 1ecc1d94 (process: Do not mix stderr with stdout),
bb.process.Popen() was changed to no longer combine stdout and stderr by
default. However, the Terminal class was not updated to reflect this and
subsequently only output stdout in case of failures.
(From OE-Core rev: 116d0bb07ba044cf8847bf3d5c3996ad7e58b7ae)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2015-20107 describes an arbitrary command execution in the mailcap
module, but this is by design in mailcap and needs to be worked around
by the calling application.
Upstream Python will be documenting this flaw in the library reference,
and it is likely that the mailcap module will be deprecated and removed
in the future.
(From OE-Core rev: 85fac8408baf92d8b71946f5bfea92952b7eab01)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This release is primarily to fix two CVEs:
- CVE-2021-28544
- CVE-2022-24070
It also rewrites the macOS autoconf macros to be cross-compile friendly,
so we don't need to delete them anymore.
(From OE-Core rev: ecfbc2ef45a76ab96d215954ca0a109545e6ff02)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This symlink is not valid when using usrmerge and ptest packaging would fail
Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' -> '/mnt/b/yoe/master/build/tmp/work/ppc64p9le-yoe-linux-musl/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
(From OE-Core rev: 238fd30689054c7b44176dce7180fb6dac4e1b6f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some recipes are marked machine specific which need qemu usermode during
build eg. if they use meson build system, which means they wont get
right -cpu settings to run qemu-ppc/qemu-ppc64 and build fails, this
ensures that we set the right options when PACKAGE_ARCH is set to
MACHINE_ARCH on ppc/ppc64 qemu
(From OE-Core rev: 9f71bbe65a458f08cd8ede6522c8b988603202a0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes
NOTE: Multiple providers are available for virtual/crypt (libxcrypt, musl)
Consider defining a PREFERRED_PROVIDER entry to match virtual/crypt
(From OE-Core rev: 4417dbf6fcb1f067705c8bd2220f4093ba899cc1)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If I am not mistaken, the only kernel recipe to have a new PACKAGECONFIG
option is linux-yocto-dev, in commit 1bac831fba
"linux-yocto-dev: introduce dt-validation PACKAGECONFIG".
Therefore, let's replace (kernel) by the one kernel recipe that has this
change.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: 1882954924cef9f17caad0f83973afe08f4db764)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Plaintext/clear passwords are not supported anymore but hashed passwords
still are. Mention that in the migration guide and point to the
appropriate location of documentation.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: f8b9697ec7bcc188db5ce9e5067bc82c023b79d9)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
extlinks captions support using %s substitution but only from sphinx 4.0
onwards.
c.f. https://www.sphinx-doc.org/en/master/usage/extensions/extlinks.html#confval-extlinks
Weirdly enough, on older sphinx versions, the caption is just a prefix
to the actual text passed to the extlink. Therefore, in that specific
case, CVE- or CVE-%s are identical in meaning for sphinx >=4.0 and since
only CVE- caption works on sphinx <4.0, let's go with CVE- caption
prefix.
Fixes: b311070d866cf "manuals: add 3.4 and 3.4.1 release notes after migration information"
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: c9922076f5c1285d9cfd6aff8ce5b6635d88222f)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
XZ_THREADS and XZ_MEMLIMIT were introduced in dunfell.
[RP improved an original patch from Paul]
(From yocto-docs rev: 96defb66b775093b5270bd1ebad0461c2bba1e5b)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Generated from commits in the kirkstone branch, as well as a few entries
from the migration guide.
(Note that the "Repositories / Downloads" section still needs to be
filled in.)
(From yocto-docs rev: 0c66638e61d3e16ac8d4b7ebc4ec6fb35625bf4f)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Make some corrections to preliminary set of entries
* Move out entries that were more appropriate for the release notes
(i.e. that are more additions rather than changes that require the
user to make changes)
* Add new entries based on commits in the kirkstone branch
(From yocto-docs rev: bea2da80e7c5338dc5abefe95ce27b80ed4ee98a)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
