We need the system tar to be GNU tar, as we reply on --xattrs. Some
distributions may be using libarchive's tar binary, which is definitely
not as featureful, so check for this and abort early with a clear
message instead of later with mysterious errors.
(From OE-Core rev: 7dd2b1cd1bb10e67485dab8600c0787df6c2eee7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'Release' type follows standard practice elsewhere in core, particularly rust-llvm as well.
(From OE-Core rev: 20adf74207b8c3eac7871e27da2df1aa26fca3b6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[v2 hopefully fixes the From: mangling by the ML, no functional changes]
Trying to build cmake-native on a host system where curl was built with cmake
(resulting in CURLConfig.cmake and friends, which do not use the same naming
schemes expected by cmake-native's build process, being installed to a system
wide cmake directory like /usr/lib64/cmake/CURL) results in undefined
references to all libcurl symbols.
The problem is that cmake-native sees and uses the system wide
/usr/lib64/cmake/CURL/CURLConfig.cmake, which defines CURL::libcurl and
CURL::curl as opposed to setting ${CURL_LIBRARIES} as expected by
cmake-native.
find_package(CURL) (cmake-native's CMakeLists.txt, line 478) succeeds, but
incorrectly uses the system wide CURLConfig.cmake, resulting
CMAKE_CURL_LIBRARIES to be set to an empty string (cmake-native's
CMakeLists.txt, line 484), causing the cmake-native build to miss -lcurl.
The simplest fix is to let cmake know the right value for
CURL_LIBRARIES. Making it -lcurl should always work with libcurl-native
in recipe-sysroot-native.
[YOCTO #14951]
(From OE-Core rev: 2659c735a464c956b4fca0894a5aed27a0fe7e37)
Signed-off-by: Bernhard Rosenkränzer <bero@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace instances of "Build Directory" and "build directory"
(when applicable) by :term:`Build Directory` as already
done in most places.
Doing this, fix the indentation of the paragraphs with
this term.
(From yocto-docs rev: dce50679242d39f133e0cde5c8483b5e69f3eb54)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Doing this, fix the odd identation of the corresponding paragraphs
(From yocto-docs rev: e319b3bf4eb6420949372e699d60c7383945e513)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add sub section to how Poky and OE-Core handle CVE security issues. This
is a generic intro chapter. Also add note that this is a process which
needs quite a bit of review and iteration to keep products and SW stack
secure, a process not a product.
Then change "Vulnerabilites in images" chapter to
"Vulnerability check at build time" since the process applies to
anything compiled with bitbake, not just images.
Explain details of how to work with cve-check.bbclass, especially
the states Patched, Unpatched and Ignored in the generated reports.
Rename recipe chapter to "Fixing CVE product name and version mappings"
since CVE check has some default which works for all recipes
but generated reports may be completely broken. Fixes are then done with
CVE_PRODUCT and CVE_VERSION.
Give some hints how to analyze "Unpatched" CVEs by checking what happens
in other Linux distros etc.
(From yocto-docs rev: 77a9c1a9fe651bf11f1d5a723b0741dd1764b2c8)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Regular security scans and updates to fix issues and updates from
upstream maintainers are best practices.
(From yocto-docs rev: 24d3337b6cbb38297877f6ce6ec78896ce93e8b2)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is a quite important tool for maintaining yocto based products
so documentation should include the best practices.
(From yocto-docs rev: 3f7d09fc3c96f29ab80a2cb893c9b4b19a75a769)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE number in the patch is a typo. CVE-2022-2053 is not related to
libtiff. So fix it.
(From OE-Core rev: c9f76ef859b0b4edb83ac098816b625f52c78173)
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building a FIT image with device trees, each device tree lands in a
FIT section and is referenced by a FIT configuration node.
FIT images however also allow referencing the same device tree from
multiple configurations. This can be useful to reduce FIT image size
while staying compatible with existing bootloaders. Allow
kernel-fitimage.bbclass users to take advantage of this by mapping
each symlink to a regular device tree included in the FIT to a
configuration that references a common device tree section.
(From OE-Core rev: 21e240da63239826f3ef50ceef40c9519e9030d8)
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This introduces no functional change, but will come in handy in a later
commit where a file lookup will have us using the device tree name. If
we keep it like it's now, we will lose the information whether an
underscore is an original underscore or a mangled slash.
(From OE-Core rev: 8bea426ca59d17715a3b32f7e3caf3e4b6db5ce9)
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changhyeok Bae
Michael Opdenacker
ciarancourtney
Ross Burton
Alexander Kanavin
Bernhard Rosenkränzer
Mikko Rapeli
Paul Eggleton
Adrian Freihofer
Qiu, Zheng
Etienne Cordonnier
Andrew Geissler
Ahmad Fatoum
wangmy