Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present
Also quit if the length of the array after splitting is less than 6
(From OE-Core rev: 650eaa56b83b5698ad7b95337607959e018ff6c0)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00ce2796d97de2bc376b038d0ea7969088791d34)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes some security vulnerabilities such as CVE-2021-3421 and
CVE-2021-20271.
Rebase 0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
to avoid fuzz warnings.
(From OE-Core rev: 532698a83261e3ce53f03d5b063a6978a7592bd1)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit 25fe972c4aa6ea640b1cdcd1624108f70e539586)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need to cleanup snapshot files if we make a copy of them to ensure
the tmpfs doesn't run out of space. There is already NFS code needing
this so make it a generic code path.
(From OE-Core rev: 63f3c44f51cf36d3ac550ebb2292eb8e08d1b8d4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a3e0eec5a4785a0c4859455eb10b43aa832e606d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If not postinstall applied, some nativesdk command could not be found
in sdk due to update-alternatives in postinst not be executed, such as chroot:
$ which chroot
/sbin/chroot
$ which chroot.coreutils
path-to-sdk/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/chroot.coreutils
After applying the fix
$ which chroot
path-to-sdk/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/chroot
$ which chroot.coreutils
path-to-sdk/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/chroot.coreutils
(From OE-Core rev: 07aaa526c60c6d545ca856fc3d51606b669f641c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a9bf19502766baa4087456649d5471483d04f6a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Further to 50ff9afb39, only detect code changes in submodules that are
subdirectories of the EXTERNALSRC directory.
The (undocumented) git submodule--helper returns a path
for each submodule relative to the top of the repo.
Don't add submodules that are not within our source subtree.
[YOCTO #14333]
(From OE-Core rev: d233735891872b73e66cb3ce9f73b9af4d32a186)
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c18225d3ef94a41fc073ae87c163b68e6d46571)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit 4525310d49d115a37705f04ac5c03d639e5e8f8c.
Further to 50ff9afb39, only detect code changes in submodules that are
subdirectories of the EXTERNALSRC directory.
The (undocumented) git submodule--helper returns a path
for each submodule relative to the top of the repo.
Don't add submodules that are not within our EXTERNALSRC subtree.
If we unpack one git repo inside another, like this:
SRC_URI = "git://${GIT_SERVER}/repo1;name=repo1;destsuffix=repo1 \
git://${GIT_SERVER}/repo2;name=repo2;destsuffix=repo1/repo2 \
"
Git status reports, for repo1:
Untracked files:
(use "git add <file>..." to include in what will be committed)
repo2/
If we run `devtool modify` on this recipe, do_patch runs with:
PATCHTOOL = "git"
PATCH_COMMIT_FUNCTIONS = "1"
The `patch_task_postfunc` (patch.bbclass, line 82) runs a `git add .` on the
top-level repo1, leaving the checkout in an invalid state. The following git
warning does not appear in the log:
$ git add .
warning: adding embedded git repository: repo2
hint: You've added another git repository inside your current repository.
hint: Clones of the outer repository will not contain the contents of
hint: the embedded repository and will not know how to obtain it.
hint: If you meant to add a submodule, use:
hint:
hint: git submodule add <url> repo2
hint:
hint: If you added this path by mistake, you can remove it from the
hint: index with:
hint:
hint: git rm --cached repo2
hint:
hint: See "git help submodule" for more information.
$ git submodule status
fatal: no submodule mapping found in .gitmodules for path 'repo2'
No further git submodule commands can be run on the checkout.
We could enhance the `patch_task_postfunc` to look for any embedded git
checkouts and add them as submodules, but this seems unnecessary complexity for
an obscure edge-case. Although the git repo is left in an invalid state with
respect to the submodules, it still serves the purpose required by devtool:
To take further commits, and generate patch files from them.
We are still able to run these commands to examine any submodules,
where git submodule--helper reports paths relative to the top of the checkout:
$ git ls-files --stage | grep ^160000
160000 5feee12d6e974dd8c0614cf5b593380b046439a5 0 repo2
$ git submodule--helper list
160000 5feee12d6e974dd8c0614cf5b593380b046439a5 0 repo2
When a recipe sets EXTERNALSRC to a subdirectory of the git checkout, we test
for the existence of the reported submodule paths within the EXTERNALSRC
directory.
The latest versions of git submodule--helper accept a path to a subdirectory and
correctly report no submodules within that subdirectory. Regrettably, we still
support git versions that don't accept a path to a subdirectory.
[YOCTO #14333]
(From OE-Core rev: 4d961d6b794b389f8a2d062d5e7c0ae1ddc49e36)
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2055718fdd19f925e236d67823017323bbd92a4b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently the headers are not installed and the ltp-dev package is
empty.
This patch adds an include-install make target in the do_install step to
install them in sysroot which ends up as a working ltp-dev package.
(From OE-Core rev: c4419fb58b6ab5f4fbdcd65e5b6d2e7742c8d66f)
Signed-off-by: Jonas Höppner <jonas.hoeppner@garz-fricke.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6943da4444cd71053650be0c9212bc25ac53137)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Whilst pkg-config is fine with .pc files containing leading whitespace,
pkgconf is less forgiving.
(From OE-Core rev: bece9af0991776926004fc12c4d6ec542bc9957c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 14bfe5f15f78c1bc049868633fd6fa19feb5a70c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The run-ptest script got accidently dropped from the SRC_URI during
a past update and ptest patch.
(From OE-Core rev: 9786f7f41e034c60f61a7c0e47755d672353e07f)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4479f810c1a3ab2badf4f9610c309bc0e23e2a5f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I was encountering the following race condition on poky:
- automake-native does do_install.
- automake-native does do_populate_sysroot. This hardlinks config.guess
and config.sub into ${D}.
- kmod-native does do_configure. This runs `autoreconf`, which runs
`automake --add-missing` (symlinks config.guess/config.sub from
recipe-sysroot-native to build dir), then runs `gnu-configize` (copies
_its own_ config.guess/config.sub _on top_ of the already existing
ones). Since the destinations already had symlinks, the copy would
overwrite config.guess/config.sub in recipe-sysroot-native, which
would in turn overwrite the same in ${D} due to being hardlinked.
- automake-native does do_package. The outhash is thus calculated on the
clobbered config.guess/config.sub files.
With hash equivalency enabled, the different outhash produced a
different unihash, which kept me from reusing sstate between my laptop
and my build server. This race condition would happen only on the build
server (BB_NUMBER_THREADS = 32) but never on my laptop
(BB_NUMBER_THREADS = 6).
I didn't see the --install and --symlink flags being used by any other
recipe, so I removed them, and that fixed the issue.
(From OE-Core rev: fd12e5872813a4750ef2603a357170dd3f0f44e1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89d675efd633b495daa4a3a57420b9c309497035)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When use automake to generate Makefile.in from Makefile.am, there
comes below race:
| configure.ac:45: error: required file 'config-h.in' not found
It is because the file config-h.in in updating process by autoheader,
so make automake run after autoheader to avoid the above race.
(From OE-Core rev: 55372f0b2d8c57954a704a967178c75d19e0af89)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1fc0a4a98e65db7efba8bb5cb835101ea5dd865b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit ed69ef2016.
The console entry has already been added into /etc/inittab based
on the SERIAL_CONSOLES. So drop this redundant entry.
(From OE-Core rev: 5dbe969f4fdcf3005c0a69e97e8753819ab066a4)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 633f0c6b74e3caa2bae52ca60c61b811b7b2215d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The hvc tty driver doesn't populate a file like /proc/tty/driver/serial,
so the current implementation of start_getty doesn't work for the hvc
console. By checking the /sys/class/tty/ for the tty device existence,
it should support more console types and also make the codes more simple.
(From OE-Core rev: ab7a1f14191e882439715e82f1636d7713e1da03)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 670ceef0f6584ece5ce4176610255226a6148570)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix the following warning when boot with a core-image-minimal rootfs:
depmod: can't change directory to 'lib/modules/5.10.25-yocto-standard': No such file or directory
(From OE-Core rev: 1aa5d8231a7e4ee2f19afbe12aa49fc19c854062)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c34650400182a1104a5fbe03e54f5cea69eb1900)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It has been reported that '%' characters in build paths break with python
exceptions, probably due to confusion with python string escaping. Whilst it
is probably fixable, showing the user a human readable error is better given
it doesn't work.
[YOCTO #14282]
(From OE-Core rev: 000c12eeca6f6145ba9203c91ec1e67e4b5d8b6f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31a3cf78452270131a657be45e76569515cff7ef)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
grap2graph which converts a GRAP diagram into a cropped image fails
to run as below:
$ grap2graph
/usr/bin/grap2graph: line 89: convert: command not found
/usr/bin/grap2graph: warning: falling back to old '-crop 0x0' trim method
/usr/bin/grap2graph: line 104: convert: command not found
/usr/bin/grap2graph: line 103: grap: command not found
Considering we don't often need to convert a GRAP diagram into
a cropped image and the recipe ImageMagick which provides convert
command is in meta-oe layer, so don't ship the related files to
avoid the confusion about the above run time error.
(From OE-Core rev: b096417b9635c5a790616d20f0490bc15b9d7c0f)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 251be7279a475ee18c0c53fe9795bb37bffc2b45)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Messages are currently being printed as:
Test requires dropbear, oropenssh-sshd to be installed
but should be
Test requires dropbear, or openssh-sshd to be installed
Adding the space after the 'or' corrects this.
(From OE-Core rev: f85c993bc4535dc42b89e87050d43c018c100f58)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51596e0f8cebe1607ab64ffb018d51e815c0ee4b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We can disable floppy drive by BIOS on a hardware, but an empty floppy
drive is connected by default on qemu-system-x86. Linux usually detect
the device and modprode the matched floppy.ko at the boot stage. Due to
we don't specify a floppy deivce in qemu boot arguments, then the errors
about floppy reading comes out.
It is harmless and normal, so we could ignore this error message on
qemux86.
Seen if kernel-modules is included in the image which pulls in the
relavent kernel module.
https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg01402.html
(From OE-Core rev: 0e449143839f8de338b4a18fb27e8380d80e9b2f)
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3359f23ee9351c70997d5e0a17d17d1e47d59623)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The imp module has een deprecated by upstream python, drop its usage
(imp.get_tag) in favor of sys.implementation.cache_tag.
Avoid incorrectly getting dependencies for running script and
multiprocessing module.
Improve logging behavior of the create_manifest task:
- Use indentation.
- Logs on temp directory.
- Use a proper debug flag.
- Standarize syntax.
(From OE-Core rev: 003d73d74791e5d7dcdeb4f29fc7b05e35b345ea)
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a3ac339f5b8549a050308ba94c4ef9093f10e303)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously doing a stop/start worked, but using a disable/enable does
not work on a read-only rootfs. Add a --runtime flag to systemctl so
that systemd only modifies the current boot and does not attempt to
write to the filesystem.
This also keeps the test from making a permanent (one could argue
policy) change to the running system being tested. i.e. What if the
image being tested had intentionally disabled the timesyncd service in
preference to using chrony or ntpd? The test shouldn't assume that the
user wants the timesyncd service enabled.
(From OE-Core rev: 49a6632aa789fca8085a91b5b7c749aef3db4e0e)
Signed-off-by: Wes Lindauer <wesley.lindauer@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43dd83b6a325589368c980a3f17cab90935aaeb0)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With the previous timeout of 5 seconds, there would be
builds such as:
https://autobuilder.yocto.io/pub/non-release/20210417-13/
which produced 17 files with top output with top running 454 times
and that's a bit too much data to analyze for each run. By
increasing the timeout, we'll find the worse problems
first, fix them and then we can decrease the timeout if needed.
(From OE-Core rev: 4f9921db882ed06e0902d34ae06a0eabff4ba86e)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92b29a09b4c442597d212337b785afb76129ac7c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Particularly:
- nesting subprocess.run() inside subprocess.check_output() does not work at all.
How was this tested?
- -R and -U options can be combined; no need to separate the invocations based
on packaging format
- both exception handlers are unnecessary; we can simply print the hint if
invocation did not succeed
- to run debuginfod from its own sysroot, '-c addto_recipe_sysroot' for elfutils-native
must be executed
(From OE-Core rev: 77deac8501990ac8071eb11d4bec6aec4be948b7)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9e57bf636ec63e74d56f1ac48b5a27c5b80f1877)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With commit dc778c70449ee5401b5a24ad18b22b88338c47c5, dependency was
moved to openssl-bin which in itself was a fine change, but dropping
dependency on openssl too should have been kept along, dropping this
meant that openssl binary wont be able to validate secure connections as
the CApath files wont be installed, which infact are required for
openssl bins to work, following call e.g. fails
$ openssl s_client -connect google.com:443
....
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
....
The local issuer certs are not found in default location
/usr/lib/ssh-1.1/certs, this dir and its content is installed by openssl package
therefore re-add the dependency on openssl
(From OE-Core rev: 84afcdcb9d7ee24596bd3f8d808d30c9d558d918)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eaf377315efc73d6ffe361372a873918b3bb3bf5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A recent fix to the kern-tools promoted some previously unseen
issues to warnings. This commit fixes them by tagging some BT
options as non-hardware so they won't generate warnings if they
don't appear in the final .config. These are sub BT options and
shouldn't warn when/if their controlling option is disabled by
a fragment.
40a967b115f base: exclude some BT options as non-hardware
(From OE-Core rev: 70515be581fef634a96a72a892dcff3ec4f890c0)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fc7875ce3c68a253f8b8e5d8855c1814731b5a45)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A recent fix to the kern-tools promoted some previously unseen
issues to warnings. This commit fixes them by tagging some BT
options as non-hardware so they won't generate warnings if they
don't appear in the final .config. These are sub BT options and
shouldn't warn when/if their controlling option is disabled by
a fragment.
d7fd0213b75 base: exclude some BT options as non-hardware
(From OE-Core rev: 32495969b2b37c2cd4f334339c4a57066da23873)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a86c8251905baf5bf4714f3db01cdfae02383839)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj
Sakib Sajal
Konrad Weihmann
Mingli Yu
Richard Purdie
Changqing Li
Anders Wallin
Stefan Ghinea
hongxu
Douglas Royds
Ulrich Ölmann
Jonas Höppner
Ross Burton
wangmy
Saul Wold
Gavin Li
Kevin Hao
Anthony Bagwell
Jon Mason
Yanfei Xu
Alejandro Enedino Hernandez Samaniego
Wes Lindauer
Randy MacLeod
Alexander Kanavin
Trevor Gamblin
Bruce Ashfield