diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2024-07-12 18:58:04 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2024-07-12 19:41:04 +0300 |
| commit | c5cbd62a943a317c1b4575c5f3a92df40c042c97 (patch) | |
| tree | 47db1af3c6ff2943edab349fbff251d2029052f0 | |
| parent | 7363086d8a6f87f6c162a314937f1c2e3c063b42 (diff) | |
| download | openbmc-nanbield.tar.xz | |
subtree updatesnanbield
meta-arm: 9a4ae38e84..150169d01f:
Jon Mason (1):
arm/linux-yocto: backport patch to fix 6.5.13 networking issues
meta-raspberrypi: fde68b24f0..fd79e74cbc:
Khem Raj (2):
linux-raspberrypi_6.1.bb: Upgrade to 6.1.74
linux-raspberrypi: Upgrade to 6.1.77
Martin Jansa (1):
u-boot: backport one commit from v2024.01 to fix booting from uSD
poky: 1a5c00f00c..7b8aa378d0:
Alex Kiernan (1):
wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23
Alexander Kanavin (3):
linux-firmware: upgrade 20231211 -> 20240220
sdk-manual: correctly describe separate build-sysroots tasks in direct sdk workflows
dev-manual: improve descriptions of 'bitbake -S printdiff'
BELOUARGA Mohamed (1):
ref-manual: add documentation of the variable SPDX_NAMESPACE_PREFIX
Bruce Ashfield (2):
linux-yocto/6.1: update to v6.1.78
linux-yocto/6.1: update CVE exclusions
Claus Stovgaard (1):
wpa-supplicant: Fix CVE-2023-52160
Dhairya Nagodra (2):
glibc: Remove duplicate entry for CVE-2023-4527
xwayland: upgrade 23.2.3 -> 23.2.4
Geoff Parker (1):
ref-manual: variables: adding multiple groups in GROUPADD_PARAM
Johan Bezem (1):
ref-manual: variables: correct sdk installation default path
Khem Raj (1):
core-image-ptest: Increase disk size to 1.5G for strace ptest image
Lee Chee Yang (3):
libxml2: upgrade to 2.11.7
openssl: upgrade to 3.1.5
migration-guides: add release notes for 4.0.17
Luca Ceresoli (2):
ref-manual: tasks: do_cleanall: recommend using '-f' instead
ref-manual: tasks: do_cleansstate: recommend using '-f' instead for a shared sstate
Martin Jansa (1):
contributor-guide: be more specific about meta-* trees
Michael Halstead (1):
yocto-uninative: Update to 4.4 for glibc 2.39
Michael Opdenacker (13):
ref-manual: system-requirements: update packages to build docs
ref-manual: release-process: grammar fix
manuals: suppress excess use of "following" word
dev-manual: packages: clarify shared PR service constraint
dev-manual: packages: need enough free space
dev-manual: packages: fix capitalization
manuals: document VIRTUAL-RUNTIME variables
manuals: add initial stylechecks with Vale
profile-manual: usage.rst: formatting fixes
manuals: use "manual page(s)"
profile-manual: usage.rst: fix reference to bug report
documentation: Makefile: remove releases.rst in "make clean"
profile-manual: usage.rst: further style improvements
Munehisa Kamata (1):
kernel.bbclass: Set pkg-config variables for building modules
Pavel Zhukov (1):
mdadm: Disable ptests
Priyal Doshi (1):
tzdata : Upgrade to 2024a
Ross Burton (4):
curl: improve run-ptest
curl: increase test timeouts
openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions
gstreamer1.0: skip a test that is known to be flaky
Simone Weiß (4):
dev-manual: Rephrase spdx creation
gnutls: Upgrade 3.8.2 -> 3.8.3
contributor-guide: add notes for tests
cve-check: Log if CVE_STATUS set but not reported for component
Soumya Sambu (1):
bind: Upgrade 9.18.21 -> 9.18.24
Steve Sakoman (3):
poky.conf: bump version for 4.3.4 release
build-appliance-image: Update to nanbield head revision
build-appliance-image: Update to nanbield head revision
Tim Orling (1):
vim: upgrade v9.0.2130 -> v9.0.2190
Wang Mingyu (3):
python3-jinja2: upgrade 3.1.2 -> 3.1.3
bind: upgrade 9.18.20 -> 9.18.21
gnutls: upgrade 3.8.1 -> 3.8.2
Yoann Congal (6):
cve-update-nvd2-native: Fix typo in comment
cve-update-nvd2-native: Add an age threshold for incremental update
cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
cve-update-nvd2-native: nvd_request_next: Improve comment
cve-update-nvd2-native: Fix CVE configuration update
cve-update-nvd2-native: Remove rejected CVE from database
Change-Id: I041c2504ee3a1b3275770a6949606db7f6e22ee0
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
90 files changed, 1641 insertions, 623 deletions
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/0001-neighbour-Fix-__randomize_layout-crash-in-struct-nei.patch b/meta-arm/meta-arm/recipes-kernel/linux/files/0001-neighbour-Fix-__randomize_layout-crash-in-struct-nei.patch new file mode 100644 index 0000000000..d622cbc6e4 --- /dev/null +++ b/meta-arm/meta-arm/recipes-kernel/linux/files/0001-neighbour-Fix-__randomize_layout-crash-in-struct-nei.patch @@ -0,0 +1,46 @@ +From 45b3fae4675dc1d4ee2d7aefa19d85ee4f891377 Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" <gustavoars@kernel.org> +Date: Sat, 25 Nov 2023 15:33:58 -0600 +Subject: [PATCH] neighbour: Fix __randomize_layout crash in struct neighbour + +Previously, one-element and zero-length arrays were treated as true +flexible arrays, even though they are actually "fake" flex arrays. +The __randomize_layout would leave them untouched at the end of the +struct, similarly to proper C99 flex-array members. + +However, this approach changed with commit 1ee60356c2dc ("gcc-plugins: +randstruct: Only warn about true flexible arrays"). Now, only C99 +flexible-array members will remain untouched at the end of the struct, +while one-element and zero-length arrays will be subject to randomization. + +Fix a `__randomize_layout` crash in `struct neighbour` by transforming +zero-length array `primary_key` into a proper C99 flexible-array member. + +Fixes: 1ee60356c2dc ("gcc-plugins: randstruct: Only warn about true flexible arrays") +Closes: https://lore.kernel.org/linux-hardening/20231124102458.GB1503258@e124191.cambridge.arm.com/ +Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> +Reviewed-by: Kees Cook <keescook@chromium.org> +Tested-by: Joey Gouly <joey.gouly@arm.com> +Link: https://lore.kernel.org/r/ZWJoRsJGnCPdJ3+2@work +Signed-off-by: Paolo Abeni <pabeni@redhat.com> + +Upstream-Status: Backport +Signed-off-by: Jon Mason <jon.mason@arm.com> + +--- + include/net/neighbour.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/net/neighbour.h b/include/net/neighbour.h +index 07022bb0d44d..0d28172193fa 100644 +--- a/include/net/neighbour.h ++++ b/include/net/neighbour.h +@@ -162,7 +162,7 @@ struct neighbour { + struct rcu_head rcu; + struct net_device *dev; + netdevice_tracker dev_tracker; +- u8 primary_key[0]; ++ u8 primary_key[]; + } __randomize_layout; + + struct neigh_ops { diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend index c4e351bb39..76b6f4cf40 100644 --- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend @@ -1,5 +1,8 @@ ARMFILESPATHS := "${THISDIR}/files:" +FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}" +SRC_URI:append:aarch64 = " file://0001-neighbour-Fix-__randomize_layout-crash-in-struct-nei.patch" + COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64" FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}" SRC_URI:append:generic-arm64 = " \ diff --git a/meta-raspberrypi/recipes-bsp/u-boot/u-boot/0001-bootstd-Scan-all-bootdevs-in-a-boot_targets-entry.patch b/meta-raspberrypi/recipes-bsp/u-boot/u-boot/0001-bootstd-Scan-all-bootdevs-in-a-boot_targets-entry.patch new file mode 100644 index 0000000000..9d5786d0a6 --- /dev/null +++ b/meta-raspberrypi/recipes-bsp/u-boot/u-boot/0001-bootstd-Scan-all-bootdevs-in-a-boot_targets-entry.patch @@ -0,0 +1,107 @@ +From e824d0d0c219bc6da767f13f90c5b00eefe929f0 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Sat, 23 Sep 2023 14:50:15 -0600 +Subject: [PATCH] bootstd: Scan all bootdevs in a boot_targets entry +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When the boot_targets environment variable is used with the distro-boot +scripts, each device is included individually. For example, if there +are three mmc devices, then we will have something like: + + boot_targets="mmc0 mmc1 mmc2" + +In contrast, standard boot supports specifying just the uclass, i.e.: + + boot_targets="mmc" + +The intention is that this should scan all MMC devices, but in fact it +currently only scans the first. + +Update the logic to handle this case, without required BOOTSTD_FULL to +be enabled. + +I believe at least three people reported this, but I found two. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Date Huang <tjjh89017@hotmail.com> +Reported-by: Vincent Stehlé <vincent.stehle@arm.com> +--- +Upstream-Status: Backport [v2024.01 e824d0d0c219bc6da767f13f90c5b00eefe929f0] + + boot/bootdev-uclass.c | 3 ++- + boot/bootflow.c | 21 +++++++++++++++++++-- + test/boot/bootdev.c | 10 ++++++++++ + 3 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/boot/bootdev-uclass.c b/boot/bootdev-uclass.c +index 974ddee5d2..44ae98a926 100644 +--- a/boot/bootdev-uclass.c ++++ b/boot/bootdev-uclass.c +@@ -469,10 +469,11 @@ int bootdev_find_by_label(const char *label, struct udevice **devp, + * if no sequence number was provided, we must scan all + * bootdevs for this media uclass + */ +- if (IS_ENABLED(CONFIG_BOOTSTD_FULL) && seq == -1) ++ if (seq == -1) + method_flags |= BOOTFLOW_METHF_SINGLE_UCLASS; + if (method_flagsp) + *method_flagsp = method_flags; ++ log_debug("method flags %x\n", method_flags); + return 0; + } + log_debug("- no device in %s\n", media->name); +diff --git a/boot/bootflow.c b/boot/bootflow.c +index 6ef62e1d18..e03932e65a 100644 +--- a/boot/bootflow.c ++++ b/boot/bootflow.c +@@ -260,8 +260,25 @@ static int iter_incr(struct bootflow_iter *iter) + } else { + log_debug("labels %p\n", iter->labels); + if (iter->labels) { +- ret = bootdev_next_label(iter, &dev, +- &method_flags); ++ /* ++ * when the label is "mmc" we want to scan all ++ * mmc bootdevs, not just the first. See ++ * bootdev_find_by_label() where this flag is ++ * set up ++ */ ++ if (iter->method_flags & BOOTFLOW_METHF_SINGLE_UCLASS) { ++ uclass_next_device(&dev); ++ log_debug("looking for next device %s: %s\n", ++ iter->dev->name, ++ dev ? dev->name : "<none>"); ++ } else { ++ dev = NULL; ++ } ++ if (!dev) { ++ log_debug("looking at next label\n"); ++ ret = bootdev_next_label(iter, &dev, ++ &method_flags); ++ } + } else { + ret = bootdev_next_prio(iter, &dev); + method_flags = 0; +diff --git a/test/boot/bootdev.c b/test/boot/bootdev.c +index 6b29213416..c5f14a7a13 100644 +--- a/test/boot/bootdev.c ++++ b/test/boot/bootdev.c +@@ -221,6 +221,16 @@ static int bootdev_test_order(struct unit_test_state *uts) + ut_asserteq_str("mmc2.bootdev", iter.dev_used[1]->name); + bootflow_iter_uninit(&iter); + ++ /* Make sure it scans a bootdevs in each target */ ++ ut_assertok(env_set("boot_targets", "mmc spi")); ++ ut_asserteq(0, bootflow_scan_first(NULL, NULL, &iter, 0, &bflow)); ++ ut_asserteq(-ENODEV, bootflow_scan_next(&iter, &bflow)); ++ ut_asserteq(3, iter.num_devs); ++ ut_asserteq_str("mmc2.bootdev", iter.dev_used[0]->name); ++ ut_asserteq_str("mmc1.bootdev", iter.dev_used[1]->name); ++ ut_asserteq_str("mmc0.bootdev", iter.dev_used[2]->name); ++ bootflow_iter_uninit(&iter); ++ + return 0; + } + BOOTSTD_TEST(bootdev_test_order, UT_TESTF_DM | UT_TESTF_SCAN_FDT); diff --git a/meta-raspberrypi/recipes-bsp/u-boot/u-boot_2023.10.bbappend b/meta-raspberrypi/recipes-bsp/u-boot/u-boot_2023.10.bbappend new file mode 100644 index 0000000000..150412268a --- /dev/null +++ b/meta-raspberrypi/recipes-bsp/u-boot/u-boot_2023.10.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:" + +SRC_URI:append:rpi = " file://0001-bootstd-Scan-all-bootdevs-in-a-boot_targets-entry.patch" diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb index 0a838ae7f6..5731a816db 100644 --- a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb +++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb @@ -1,9 +1,9 @@ -LINUX_VERSION ?= "6.1.61" +LINUX_VERSION ?= "6.1.77" LINUX_RPI_BRANCH ?= "rpi-6.1.y" LINUX_RPI_KMETA_BRANCH ?= "yocto-6.1" -SRCREV_machine = "f364e0eb8f973e1aa24a3c451d18e84247a8efcd" -SRCREV_meta = "29ec3dc6f4f59b731badcc864b212767023cc40c" +SRCREV_machine = "77fc1fbcb5c013329af9583307dd1ff3cd4752aa" +SRCREV_meta = "43d1723dbe0ce7b341cf32feeb35ecbe6b0ce29a" KMETA = "kernel-meta" diff --git a/poky/documentation/.gitignore b/poky/documentation/.gitignore index 494b4f4de5..b23d598054 100644 --- a/poky/documentation/.gitignore +++ b/poky/documentation/.gitignore @@ -7,3 +7,5 @@ releases.rst .vscode/ */svg/*.png */svg/*.pdf +styles/* +!styles/config diff --git a/poky/documentation/.vale.ini b/poky/documentation/.vale.ini new file mode 100644 index 0000000000..02042bb632 --- /dev/null +++ b/poky/documentation/.vale.ini @@ -0,0 +1,7 @@ +StylesPath = styles +MinAlertLevel = suggestion +Packages = RedHat, proselint, write-good, alex, Readability, Joblint +Vocab = Yocto, OpenSource +[*.rst] +BasedOnStyles = Vale, RedHat, proselint, write-good, alex, Readability, Joblint + diff --git a/poky/documentation/Makefile b/poky/documentation/Makefile index 9fb6814c8f..c930d2d280 100644 --- a/poky/documentation/Makefile +++ b/poky/documentation/Makefile @@ -5,6 +5,9 @@ # from the environment for the first two. SPHINXOPTS ?= -W --keep-going -j auto SPHINXBUILD ?= sphinx-build +# Release notes are excluded because they contain contributor names and commit messages which can't be modified +VALEOPTS ?= --no-wrap --glob '!migration-guides/release-notes-*.rst' +VALEDOCS ?= . SOURCEDIR = . IMAGEDIRS = */svg BUILDDIR = _build @@ -20,7 +23,7 @@ endif help: @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) -.PHONY: all help Makefile clean publish epub latexpdf +.PHONY: all help Makefile clean stylecheck publish epub latexpdf publish: Makefile html singlehtml rm -rf $(BUILDDIR)/$(DESTDIR)/ @@ -44,7 +47,15 @@ PNGs := $(foreach dir, $(IMAGEDIRS), $(patsubst %.svg,%.png,$(wildcard $(SOURCED $(SVG2PNG) --export-filename=$@ $< clean: - @rm -rf $(BUILDDIR) $(PNGs) $(PDFs) poky.yaml sphinx-static/switchers.js + @rm -rf $(BUILDDIR) $(PNGs) $(PDFs) poky.yaml sphinx-static/switchers.js releases.rst + +stylecheck: + vale sync + vale $(VALEOPTS) $(VALEDOCS) + +stylecheck: + vale sync + vale $(VALEOPTS) $(VALEDOCS) epub: $(PNGs) $(SOURCEDIR)/set_versions.py diff --git a/poky/documentation/README b/poky/documentation/README index 4d31036e69..8035418cac 100644 --- a/poky/documentation/README +++ b/poky/documentation/README @@ -151,6 +151,20 @@ dependencies in a virtual environment: $ pipenv install $ pipenv run make html +Style checking the Yocto Project documentation +============================================== + +The project is starting to use Vale (https://vale.sh/) +to validate the text style. + +To install Vale: + + $ pip install vale + +To run Vale: + + $ make stylecheck + Sphinx theme and CSS customization ================================== diff --git a/poky/documentation/bsp-guide/bsp.rst b/poky/documentation/bsp-guide/bsp.rst index f92b1177b7..5348d084dc 100644 --- a/poky/documentation/bsp-guide/bsp.rst +++ b/poky/documentation/bsp-guide/bsp.rst @@ -851,8 +851,7 @@ Before looking at BSP requirements, you should consider the following: dictating that a specific kernel or kernel version be used in a given BSP. -Following are the requirements for a released BSP that conform to the -Yocto Project: +The requirements for a released BSP that conform to the Yocto Project are: - *Layer Name:* The BSP must have a layer name that follows the Yocto Project standards. For information on BSP layer names, see the @@ -956,7 +955,7 @@ Yocto Project: Released BSP Recommendations ---------------------------- -Following are recommendations for released BSPs that conform to the +Here are recommendations for released BSPs that conform to the Yocto Project: - *Bootable Images:* Released BSPs can contain one or more bootable @@ -1018,7 +1017,7 @@ the following: that additional hierarchy and the files would obviously not be able to reside in a machine-specific directory. -Following is a specific example to help you better understand the +Here is a specific example to help you better understand the process. This example customizes a recipe by adding a BSP-specific configuration file named ``interfaces`` to the ``init-ifupdown_1.0.bb`` recipe for machine "xyz" where the BSP layer @@ -1448,7 +1447,7 @@ metadata used to build the kernel. In this case, a kernel append file kernel recipe (i.e. ``linux-yocto_6.1.bb``), which is located in :yocto_git:`/poky/tree/meta/recipes-kernel/linux`. -Following is the contents of the append file:: +The contents of the append file are:: KBRANCH:genericx86 = "v6.1/standard/base" KBRANCH:genericx86-64 = "v6.1/standard/base" diff --git a/poky/documentation/contributor-guide/submit-changes.rst b/poky/documentation/contributor-guide/submit-changes.rst index 61f3157d60..dfeb0305c3 100644 --- a/poky/documentation/contributor-guide/submit-changes.rst +++ b/poky/documentation/contributor-guide/submit-changes.rst @@ -221,6 +221,38 @@ to add the upgraded version. <https://www.kernel.org/doc/html/latest/process/submitting-patches.html#using-reported-by-tested-by-reviewed-by-suggested-by-and-fixes>`__ in the Linux kernel documentation. +Test your changes +----------------- + +For each contributions you make, you should test your changes as well. +For this the Yocto Project offers several types of tests. Those tests cover +different areas and it depends on your changes which are feasible. For example run: + + - For changes that affect the build environment: + + - ``bitbake-selftest``: for changes within BitBake + + - ``oe-selftest``: to test combinations of BitBake runs + + - ``oe-build-perf-test``: to test the performance of common build scenarios + + - For changes in a recipe: + + - ``ptest``: run package specific tests, if they exist + + - ``testimage``: build an image, boot it and run testcases on it + + - If applicable, ensure also the ``native`` and ``nativesdk`` variants builds + + - For changes relating to the SDK: + + - ``testsdk``: to build, install and run tests against a SDK + + - ``testsdk_ext``: to build, install and run tests against an extended SDK + +Note that this list just gives suggestions and is not exhaustive. More details can +be found here: :ref:`test-manual/intro:Yocto Project Tests --- Types of Testing Overview`. + Creating Patches ================ @@ -285,8 +317,9 @@ Validating Patches with Patchtest ``patchtest`` is available in ``openembedded-core`` as a tool for making sure that your patches are well-formatted and contain important info for maintenance purposes, such as ``Signed-off-by`` and ``Upstream-Status`` -tags. Currently, it only supports testing patches for -``openembedded-core`` branches. To setup, perform the following:: +tags. Note that no functional testing of the changes will be performed by ``patchtest``. +Currently, it only supports testing patches for ``openembedded-core`` branches. +To setup, perform the following:: pip install -r meta/lib/patchtest/requirements.txt source oe-init-build-env @@ -399,7 +432,7 @@ varies by component: :oe_lists:`bitbake-devel </g/bitbake-devel>` mailing list. -- *"meta-\*" trees:* These trees contain Metadata. Use the +- *meta-poky* and *meta-yocto-bsp* trees: These trees contain Metadata. Use the :yocto_lists:`poky </g/poky>` mailing list. - *Documentation*: For changes to the Yocto Project documentation, use the diff --git a/poky/documentation/dev-manual/building.rst b/poky/documentation/dev-manual/building.rst index e964bd1aee..fe502690dd 100644 --- a/poky/documentation/dev-manual/building.rst +++ b/poky/documentation/dev-manual/building.rst @@ -160,7 +160,7 @@ Follow these steps to set up and execute multiple configuration builds: The location for these multiconfig configuration files is specific. They must reside in the current :term:`Build Directory` in a sub-directory of ``conf`` named ``multiconfig`` or within a layer's ``conf`` directory - under a directory named ``multiconfig``. Following is an example that defines + under a directory named ``multiconfig``. Here is an example that defines two configuration files for the "x86" and "arm" multiconfigs: .. image:: figures/multiconfig_files.png @@ -775,10 +775,9 @@ your tunings to best consider build times and package feed maintenance. in the script for information on how to use the tool. - *BitBake's "-S printdiff" Option:* Using this option causes - BitBake to try to establish the closest signature match it can - (e.g. in the shared state cache) and then run ``bitbake-diffsigs`` - over the matches to determine the stamps and delta where these two - stamp trees diverge. + BitBake to try to establish the most recent signature match + (e.g. in the shared state cache) and then compare matched signatures + to determine the stamps and delta where these two stamp trees diverge. Building Software from an External Source ========================================= diff --git a/poky/documentation/dev-manual/debugging.rst b/poky/documentation/dev-manual/debugging.rst index bd1e716b0b..74f5772554 100644 --- a/poky/documentation/dev-manual/debugging.rst +++ b/poky/documentation/dev-manual/debugging.rst @@ -170,7 +170,7 @@ You can use the ``oe-pkgdata-util`` command-line utility to query various package-related information. When you use the utility, you must use it to view information on packages that have already been built. -Following are a few of the available ``oe-pkgdata-util`` subcommands. +Here are a few of the available ``oe-pkgdata-util`` subcommands. .. note:: @@ -339,7 +339,10 @@ BitBake has determined by doing the following: :term:`BB_BASEHASH_IGNORE_VARS` information. -There is also a ``bitbake-diffsigs`` command for comparing two +Debugging signature construction and unexpected task executions +=============================================================== + +There is a ``bitbake-diffsigs`` command for comparing two ``siginfo`` or ``sigdata`` files. This command can be helpful when trying to figure out what changed between two versions of a task. If you call ``bitbake-diffsigs`` with just one file, the command behaves like @@ -356,8 +359,12 @@ BitBake command-line options:: .. note:: Two common values for `SIGNATURE_HANDLER` are "none" and "printdiff", which - dump only the signature or compare the dumped signature with the cached one, - respectively. + dump only the signature or compare the dumped signature with the most recent one, + respectively. "printdiff" will try to establish the most recent + signature match (e.g. in the sstate cache) and then + compare the matched signatures to determine the stamps and delta + where these two stamp trees diverge. This can be used to determine why + tasks need to be re-run in situations where that is not expected. Using BitBake with either of these options causes BitBake to dump out ``sigdata`` files in the ``stamps`` directory for every task it would @@ -608,7 +615,7 @@ logs, keep in mind the goal is to have informative logs while keeping the console as "silent" as possible. Also, if you want status messages in the log, use the "debug" loglevel. -Following is an example written in Python. The code handles logging for +Here is an example written in Python. The code handles logging for a function that determines the number of tasks needed to be run. See the ":ref:`ref-tasks-listtasks`" section for additional information:: @@ -636,7 +643,7 @@ logs, you have the same goals --- informative with minimal console output. The syntax you use for recipes written in Bash is similar to that of recipes written in Python described in the previous section. -Following is an example written in Bash. The code logs the progress of +Here is an example written in Bash. The code logs the progress of the ``do_my_function`` function:: do_my_function() { @@ -1221,7 +1228,7 @@ Here are some other tips that you might find useful: "$@" } - Following are some usage examples:: + Here are some usage examples:: $ g FOO # Search recursively for "FOO" $ g -i foo # Search recursively for "foo", ignoring case diff --git a/poky/documentation/dev-manual/development-shell.rst b/poky/documentation/dev-manual/development-shell.rst index a18d792150..be26bcffc7 100644 --- a/poky/documentation/dev-manual/development-shell.rst +++ b/poky/documentation/dev-manual/development-shell.rst @@ -16,7 +16,7 @@ OpenEmbedded build system were executing them. Consequently, working this way can be helpful when debugging a build or preparing software to be used with the OpenEmbedded build system. -Following is an example that uses ``devshell`` on a target named +Here is an example that uses ``devshell`` on a target named ``matchbox-desktop``:: $ bitbake matchbox-desktop -c devshell diff --git a/poky/documentation/dev-manual/device-manager.rst b/poky/documentation/dev-manual/device-manager.rst index 0343d19b9c..49fc785fec 100644 --- a/poky/documentation/dev-manual/device-manager.rst +++ b/poky/documentation/dev-manual/device-manager.rst @@ -60,10 +60,10 @@ kernel. All devices created by ``devtmpfs`` will be owned by ``root`` and have permissions ``0600``. -To have more control over the device nodes, you can use a device manager -like ``udev`` or ``busybox-mdev``. You choose the device manager by -defining the ``VIRTUAL-RUNTIME_dev_manager`` variable in your machine or -distro configuration file. Alternatively, you can set this variable in +To have more control over the device nodes, you can use a device manager like +``udev`` or ``busybox-mdev``. You choose the device manager by defining the +:term:`VIRTUAL-RUNTIME_dev_manager <VIRTUAL-RUNTIME>` variable in your machine +or distro configuration file. Alternatively, you can set this variable in your ``local.conf`` configuration file:: VIRTUAL-RUNTIME_dev_manager = "udev" diff --git a/poky/documentation/dev-manual/layers.rst b/poky/documentation/dev-manual/layers.rst index b3ccf633df..f7929e630e 100644 --- a/poky/documentation/dev-manual/layers.rst +++ b/poky/documentation/dev-manual/layers.rst @@ -82,7 +82,7 @@ Follow these general steps to create your layer without using tools: LAYERVERSION_yoctobsp = "4" LAYERSERIES_COMPAT_yoctobsp = "dunfell" - Following is an explanation of the layer configuration file: + Here is an explanation of the layer configuration file: - :term:`BBPATH`: Adds the layer's root directory to BitBake's search path. Through the use of the @@ -191,7 +191,7 @@ following list: - *Structure Your Layers:* Proper use of overrides within append files and placement of machine-specific files within your layer can ensure that a build is not using the wrong Metadata and negatively impacting - a build for a different machine. Following are some examples: + a build for a different machine. Here are some examples: - *Modify Variables to Support a Different Machine:* Suppose you have a layer named ``meta-one`` that adds support for building @@ -513,7 +513,7 @@ In the main recipe, note the :term:`SRC_URI` variable, which tells the OpenEmbedded build system where to find files during the build. -Following is the append file, which is named ``formfactor_0.0.bbappend`` +Here is the append file, which is named ``formfactor_0.0.bbappend`` and is from the Raspberry Pi BSP Layer named ``meta-raspberrypi``. The file is in the layer at ``recipes-bsp/formfactor``:: @@ -588,7 +588,7 @@ Directory`. Here is the main ``xserver-xf86-config`` recipe, which is named fi } -Following is the append file, which is named ``xserver-xf86-config_%.bbappend`` +Here is the append file, which is named ``xserver-xf86-config_%.bbappend`` and is from the Raspberry Pi BSP Layer named ``meta-raspberrypi``. The file is in the layer at ``recipes-graphics/xorg-xserver``:: diff --git a/poky/documentation/dev-manual/libraries.rst b/poky/documentation/dev-manual/libraries.rst index ae4ca27209..521dbb9a7c 100644 --- a/poky/documentation/dev-manual/libraries.rst +++ b/poky/documentation/dev-manual/libraries.rst @@ -37,7 +37,7 @@ library files. Some previously released versions of the Yocto Project defined the static library files through ``${PN}-dev``. -Following is part of the BitBake configuration file, where you can see +Here is the part of the BitBake configuration file, where you can see how the static library files are defined:: PACKAGE_BEFORE_PN ?= "" @@ -177,7 +177,7 @@ Additional Implementation Details --------------------------------- There are generic implementation details as well as details that are specific to -package management systems. Following are implementation details +package management systems. Here are implementation details that exist regardless of the package management system: - The typical convention used for the class extension code as used by diff --git a/poky/documentation/dev-manual/licenses.rst b/poky/documentation/dev-manual/licenses.rst index 57713effa0..bffff3675f 100644 --- a/poky/documentation/dev-manual/licenses.rst +++ b/poky/documentation/dev-manual/licenses.rst @@ -27,7 +27,7 @@ Specifying the ``LIC_FILES_CHKSUM`` Variable -------------------------------------------- The :term:`LIC_FILES_CHKSUM` variable contains checksums of the license text -in the source code for the recipe. Following is an example of how to +in the source code for the recipe. Here is an example of how to specify :term:`LIC_FILES_CHKSUM`:: LIC_FILES_CHKSUM = "file://COPYING;md5=xxxx \ diff --git a/poky/documentation/dev-manual/new-machine.rst b/poky/documentation/dev-manual/new-machine.rst index 6b41d24db4..469b2d395a 100644 --- a/poky/documentation/dev-manual/new-machine.rst +++ b/poky/documentation/dev-manual/new-machine.rst @@ -104,7 +104,7 @@ contains directories for specific machines such as ``qemuarm`` and defaults, see the ``meta/recipes-bsp/formfactor/files/config`` file found in the same area. -Following is an example for "qemuarm" machine:: +Here is an example for "qemuarm" machine:: HAVE_TOUCHSCREEN=1 HAVE_KEYBOARD=1 diff --git a/poky/documentation/dev-manual/new-recipe.rst b/poky/documentation/dev-manual/new-recipe.rst index 2c1033eb35..61fc2eb122 100644 --- a/poky/documentation/dev-manual/new-recipe.rst +++ b/poky/documentation/dev-manual/new-recipe.rst @@ -100,7 +100,7 @@ command:: Running ``recipetool create -o OUTFILE`` creates the base recipe and locates it properly in the layer that contains your source files. -Following are some syntax examples: +Here are some syntax examples: - Use this syntax to generate a recipe based on source. Once generated, the recipe resides in the existing source code layer:: @@ -1232,7 +1232,7 @@ inherit the :ref:`ref-classes-autotools` class, which contains the definitions of all the steps needed to build an Autotool-based application. The result of the build is automatically packaged. And, if the application uses NLS for localization, packages with local information are generated (one package per -language). Following is one example: (``hello_2.3.bb``):: +language). Here is one example: (``hello_2.3.bb``):: SUMMARY = "GNU Helloworld application" SECTION = "examples" @@ -1285,7 +1285,7 @@ Splitting an Application into Multiple Packages You can use the variables :term:`PACKAGES` and :term:`FILES` to split an application into multiple packages. -Following is an example that uses the ``libxpm`` recipe. By default, +Here is an example that uses the ``libxpm`` recipe. By default, this recipe generates a single package that contains the library along with a few binaries. You can modify the recipe to split the binaries into separate packages:: @@ -1510,7 +1510,7 @@ in the BitBake User Manual. when you make the assignment, but this is not generally needed. - *Quote All Assignments ("value"):* Use double quotes around values in - all variable assignments (e.g. ``"value"``). Following is an example:: + all variable assignments (e.g. ``"value"``). Here is an example:: VAR1 = "${OTHERVAR}" VAR2 = "The version is ${PV}" diff --git a/poky/documentation/dev-manual/packages.rst b/poky/documentation/dev-manual/packages.rst index 79f21d9f34..e5028fffdc 100644 --- a/poky/documentation/dev-manual/packages.rst +++ b/poky/documentation/dev-manual/packages.rst @@ -205,9 +205,14 @@ history, see the The OpenEmbedded build system does not maintain :term:`PR` information as part of the shared state (sstate) packages. If you maintain an sstate feed, it's expected that either all your building systems that - contribute to the sstate feed use a shared PR Service, or you do not - run a PR Service on any of your building systems. Having some systems - use a PR Service while others do not leads to obvious problems. + contribute to the sstate feed use a shared PR service, or you do not + run a PR service on any of your building systems. + + That's because if you had multiple machines sharing a PR service but + not their sstate feed, you could end up with "diverging" hashes for + the same output artefacts. When presented to the share PR service, + each would be considered as new and would increase the revision + number, causing many unnecessary package upgrades. For more information on shared state, see the ":ref:`overview-manual/concepts:shared state cache`" @@ -365,7 +370,7 @@ For more examples that show how to use ``do_split_packages``, see the directory of the ``poky`` :ref:`source repository <overview-manual/development-environment:yocto project source repositories>`. You can also find examples in ``meta/classes-recipe/kernel.bbclass``. -Following is a reference that shows ``do_split_packages`` mandatory and +Here is a reference that shows ``do_split_packages`` mandatory and optional arguments:: Mandatory arguments @@ -607,6 +612,13 @@ subsequent sections are necessary to configure the target. You should set these variables before building the image in order to produce a correctly configured image. +.. note:: + + Your image will need enough free storage space to run package upgrades, + especially if many of them need to be downloaded at the same time. + You should make sure images are created with enough free space + by setting the :term:`IMAGE_ROOTFS_EXTRA_SPACE` variable. + When your build is complete, your packages reside in the ``${TMPDIR}/deploy/packageformat`` directory. For example, if ``${``\ :term:`TMPDIR`\ ``}`` is @@ -1123,7 +1135,7 @@ The ``devtool edit-recipe`` command lets you take a look at the recipe:: ... LICENSE:${PN}-vary = "MIT" -Here are three key points in the previous example: +Three key points in the previous example are: - :term:`SRC_URI` uses the NPM scheme so that the NPM fetcher is used. diff --git a/poky/documentation/dev-manual/prebuilt-libraries.rst b/poky/documentation/dev-manual/prebuilt-libraries.rst index b80a844e93..a05f39ca1e 100644 --- a/poky/documentation/dev-manual/prebuilt-libraries.rst +++ b/poky/documentation/dev-manual/prebuilt-libraries.rst @@ -148,8 +148,8 @@ recipe. By default, ``libfoo.so`` gets packaged into ``${PN}-dev``, which triggers a QA warning that a non-symlink library is in a ``-dev`` package, and binaries in the same recipe link to the library in ``${PN}-dev``, which triggers more QA warnings. To solve this problem, you need to package the -unversioned library into ``${PN}`` where it belongs. The following are the abridged -default :term:`FILES` variables in ``bitbake.conf``:: +unversioned library into ``${PN}`` where it belongs. The abridged +default :term:`FILES` variables in ``bitbake.conf`` are:: SOLIBS = ".so.*" SOLIBSDEV = ".so" diff --git a/poky/documentation/dev-manual/python-development-shell.rst b/poky/documentation/dev-manual/python-development-shell.rst index 2dc6a3f138..81a5c43472 100644 --- a/poky/documentation/dev-manual/python-development-shell.rst +++ b/poky/documentation/dev-manual/python-development-shell.rst @@ -35,7 +35,7 @@ system were executing them. Consequently, working this way can be helpful when debugging a build or preparing software to be used with the OpenEmbedded build system. -Following is an example that uses ``pydevshell`` on a target named +Here is an example that uses ``pydevshell`` on a target named ``matchbox-desktop``:: $ bitbake matchbox-desktop -c pydevshell diff --git a/poky/documentation/dev-manual/qemu.rst b/poky/documentation/dev-manual/qemu.rst index d431ea4b99..19f3e40d63 100644 --- a/poky/documentation/dev-manual/qemu.rst +++ b/poky/documentation/dev-manual/qemu.rst @@ -311,7 +311,7 @@ timestamp when it needs to look for an image. Minimally, through the use of options, you must provide either a machine name, a virtual machine image (``*wic.vmdk``), or a kernel image (``*.bin``). -Following is the command-line help output for the ``runqemu`` command:: +Here is the command-line help output for the ``runqemu`` command:: $ runqemu --help @@ -353,7 +353,7 @@ Following is the command-line help output for the ``runqemu`` command:: ``runqemu`` Command-Line Options ================================ -Following is a description of ``runqemu`` options you can provide on the +Here is a description of ``runqemu`` options you can provide on the command line: .. note:: diff --git a/poky/documentation/dev-manual/runtime-testing.rst b/poky/documentation/dev-manual/runtime-testing.rst index 1a2e9ec4fe..7a2b42f25a 100644 --- a/poky/documentation/dev-manual/runtime-testing.rst +++ b/poky/documentation/dev-manual/runtime-testing.rst @@ -193,7 +193,7 @@ perform a one-time setup of your controller image by doing the following: "controller" image and you can customize the image recipe as you would any other recipe. - Here are the image recipe requirements: + Image recipe requirements are: - Inherits ``core-image`` so that kernel modules are installed. @@ -572,7 +572,7 @@ data: When set to "true", the package is not automatically installed into the DUT. -Following is an example JSON file that handles test "foo" installing +Here is an example JSON file that handles test "foo" installing package "bar" and test "foobar" installing packages "foo" and "bar". Once the test is complete, the packages are removed from the DUT:: diff --git a/poky/documentation/dev-manual/sbom.rst b/poky/documentation/dev-manual/sbom.rst index f51d08f84d..b72bad1554 100644 --- a/poky/documentation/dev-manual/sbom.rst +++ b/poky/documentation/dev-manual/sbom.rst @@ -30,22 +30,29 @@ To make this happen, you must inherit the INHERIT += "create-spdx" -You then get :term:`SPDX` output in JSON format as an -``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the -:term:`Build Directory`. +Upon building an image, you will then get: -This is a toplevel file accompanied by an ``IMAGE-MACHINE.spdx.index.json`` -containing an index of JSON :term:`SPDX` files for individual recipes, together -with an ``IMAGE-MACHINE.spdx.tar.zst`` compressed archive containing all such -files. +- :term:`SPDX` output in JSON format as an ``IMAGE-MACHINE.spdx.json`` file in + ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`. + +- This toplevel file is accompanied by an ``IMAGE-MACHINE.spdx.index.json`` + containing an index of JSON :term:`SPDX` files for individual recipes. + +- The compressed archive ``IMAGE-MACHINE.spdx.tar.zst`` contains the index + and the files for the single recipes. The :ref:`ref-classes-create-spdx` class offers options to include -more information in the output :term:`SPDX` data, such as making the generated -files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of -the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`), -adding a description of the source files used to generate host tools and target -packages (:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source -files themselves (:term:`SPDX_ARCHIVE_SOURCES`). +more information in the output :term:`SPDX` data: + +- Make the json files more human readable by setting (:term:`SPDX_PRETTY`). + +- Add compressed archives of the files in the generated target packages by + setting (:term:`SPDX_ARCHIVE_PACKAGED`). + +- Add a description of the source files used to generate host tools and target + packages (:term:`SPDX_INCLUDE_SOURCES`) + +- Add archives of these source files themselves (:term:`SPDX_ARCHIVE_SOURCES`). Though the toplevel :term:`SPDX` output is available in ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary @@ -65,11 +72,12 @@ generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as: See also the :term:`SPDX_CUSTOM_ANNOTATION_VARS` variable which allows to associate custom notes to a recipe. - See the `tools page <https://spdx.dev/resources/tools/>`__ on the :term:`SPDX` project website for a list of tools to consume and transform the :term:`SPDX` data generated by the OpenEmbedded build system. -See also Joshua Watt's +See also Joshua Watt's presentations `Automated SBoM generation with OpenEmbedded and the Yocto Project <https://youtu.be/Q5UQUM6zxVU>`__ -presentation at FOSDEM 2023. +at FOSDEM 2023 and +`SPDX in the Yocto Project <https://fosdem.org/2024/schedule/event/fosdem-2024-3318-spdx-in-the-yocto-project/>`__ +at FOSDEM 2024. diff --git a/poky/documentation/dev-manual/speeding-up-build.rst b/poky/documentation/dev-manual/speeding-up-build.rst index 31b6f75ab0..6e0d7873ac 100644 --- a/poky/documentation/dev-manual/speeding-up-build.rst +++ b/poky/documentation/dev-manual/speeding-up-build.rst @@ -33,7 +33,7 @@ auto-scaling ensures that the build system fundamentally takes advantage of potential parallel operations during the build based on the build machine's capabilities. -Following are additional factors that can affect build speed: +Additional factors that can affect build speed are: - File system type: The file system type that the build is being performed on can also influence performance. Using ``ext4`` is @@ -88,7 +88,7 @@ that can help you speed up the build: variable to "1". - Disable static library generation for recipes derived from - ``autoconf`` or ``libtool``: Following is an example showing how to + ``autoconf`` or ``libtool``: Here is an example showing how to disable static libraries and still provide an override to handle exceptions:: diff --git a/poky/documentation/dev-manual/start.rst b/poky/documentation/dev-manual/start.rst index b108337795..8539bc0889 100644 --- a/poky/documentation/dev-manual/start.rst +++ b/poky/documentation/dev-manual/start.rst @@ -36,7 +36,7 @@ particular working environment and set of practices. equipment together and set up your development environment's hardware topology. - Here are possible roles: + Possible roles are: - *Application Developer:* This type of developer does application level work on top of an existing software stack. @@ -99,7 +99,7 @@ particular working environment and set of practices. #. *Set up the Application Development Machines:* As mentioned earlier, application developers are creating applications on top of existing - software stacks. Following are some best practices for setting up + software stacks. Here are some best practices for setting up machines used for application development: - Use a pre-built toolchain that contains the software stack @@ -118,7 +118,7 @@ particular working environment and set of practices. #. *Set up the Core Development Machines:* As mentioned earlier, core developers work on the contents of the operating system itself. - Following are some best practices for setting up machines used for + Here are some best practices for setting up machines used for developing images: - Have the :term:`OpenEmbedded Build System` available on diff --git a/poky/documentation/kernel-dev/common.rst b/poky/documentation/kernel-dev/common.rst index 9b197bfccb..0cee503346 100644 --- a/poky/documentation/kernel-dev/common.rst +++ b/poky/documentation/kernel-dev/common.rst @@ -1295,7 +1295,7 @@ In order to run this task, you must have an existing ``.config`` file. See the ":ref:`kernel-dev/common:using \`\`menuconfig\`\``" section for information on how to create a configuration file. -Following is sample output from the :ref:`ref-tasks-kernel_configcheck` task: +Here is sample output from the :ref:`ref-tasks-kernel_configcheck` task: .. code-block:: none @@ -1726,7 +1726,7 @@ tree. Using Git is an efficient way to see what has changed in the tree. What Changed in a Kernel? ------------------------- -Following are a few examples that show how to use Git commands to +Here are a few examples that show how to use Git commands to examine changes. These examples are by no means the only way to see changes. diff --git a/poky/documentation/migration-guides/migration-1.5.rst b/poky/documentation/migration-guides/migration-1.5.rst index d82d33f91f..c8f3cbc165 100644 --- a/poky/documentation/migration-guides/migration-1.5.rst +++ b/poky/documentation/migration-guides/migration-1.5.rst @@ -256,7 +256,7 @@ section in the Yocto Project Development Tasks Manual. Build History ------------- -Following are changes to Build History: +The changes to Build History are: - Installed package sizes: ``installed-package-sizes.txt`` for an image now records the size of the files installed by each package instead @@ -279,7 +279,7 @@ section in the Yocto Project Development Tasks Manual. ``udev`` -------- -Following are changes to ``udev``: +The changes to ``udev`` are: - ``udev`` no longer brings in ``udev-extraconf`` automatically through :term:`RRECOMMENDS`, since this was originally @@ -323,7 +323,7 @@ Removed and Renamed Recipes Other Changes ------------- -Following is a list of short entries describing other changes: +Here is a list of short entries describing other changes: - ``run-postinsts``: Make this generic. diff --git a/poky/documentation/migration-guides/migration-2.2.rst b/poky/documentation/migration-guides/migration-2.2.rst index 3932792c78..9d50dc6202 100644 --- a/poky/documentation/migration-guides/migration-2.2.rst +++ b/poky/documentation/migration-guides/migration-2.2.rst @@ -73,8 +73,8 @@ Metadata Must Now Use Python 3 Syntax The metadata is now required to use Python 3 syntax. For help preparing metadata, see any of the many Python 3 porting guides available. Alternatively, you can reference the conversion commits for BitBake and -you can use :term:`OpenEmbedded-Core (OE-Core)` as a guide for changes. Following are -particular areas of interest: +you can use :term:`OpenEmbedded-Core (OE-Core)` as a guide for changes. +Particular areas of interest are: - subprocess command-line pipes needing locale decoding @@ -182,7 +182,7 @@ root filesystem, provides an image, and uses the ``nographic`` option:: $ runqemu qemux86-64 tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.ext4 tmp/deploy/images/qemux86-64/bzImage nographic -Following is a list of variables that can be set in configuration files +Here is a list of variables that can be set in configuration files such as ``bsp.conf`` to enable the BSP to be booted by ``runqemu``:: QB_SYSTEM_NAME: QEMU name (e.g. "qemu-system-i386") diff --git a/poky/documentation/migration-guides/migration-2.4.rst b/poky/documentation/migration-guides/migration-2.4.rst index abad43acc3..5d5d601988 100644 --- a/poky/documentation/migration-guides/migration-2.4.rst +++ b/poky/documentation/migration-guides/migration-2.4.rst @@ -91,8 +91,6 @@ occurred: Removed Recipes --------------- -The following recipes have been removed: - - ``acpitests``: This recipe is not maintained. - ``autogen-native``: No longer required by Grub, oe-core, or @@ -213,8 +211,6 @@ recipes you might have. This will avoid breakage in post 2.4 releases. Package QA Changes ------------------ -The following package QA changes took place: - - The "unsafe-references-in-scripts" QA check has been removed. - If you refer to ``${COREBASE}/LICENSE`` within @@ -229,8 +225,6 @@ The following package QA changes took place: ``README`` File Changes ----------------------- -The following are changes to ``README`` files: - - The main Poky ``README`` file has been moved to the ``meta-poky`` layer and has been renamed ``README.poky``. A symlink has been created so that references to the old location work. @@ -246,8 +240,6 @@ The following are changes to ``README`` files: Miscellaneous Changes --------------------- -The following are additional changes: - - The ``ROOTFS_PKGMANAGE_BOOTSTRAP`` variable and any references to it have been removed. You should remove this variable from any custom recipes. diff --git a/poky/documentation/migration-guides/migration-2.5.rst b/poky/documentation/migration-guides/migration-2.5.rst index 9f089bb93b..facf5110b7 100644 --- a/poky/documentation/migration-guides/migration-2.5.rst +++ b/poky/documentation/migration-guides/migration-2.5.rst @@ -87,8 +87,6 @@ The following recipes have been removed: Scripts and Tools Changes ------------------------- -The following are changes to scripts and tools: - - ``yocto-bsp``, ``yocto-kernel``, and ``yocto-layer``: The ``yocto-bsp``, ``yocto-kernel``, and ``yocto-layer`` scripts previously shipped with poky but not in OpenEmbedded-Core have been @@ -119,8 +117,6 @@ The following are changes to scripts and tools: BitBake Changes --------------- -The following are BitBake changes: - - The ``--runall`` option has changed. There are two different behaviors people might want: @@ -153,7 +149,7 @@ The following are BitBake changes: Python and Python 3 Changes --------------------------- -The following are auto-packaging changes to Python and Python 3: +Here are auto-packaging changes to Python and Python 3: The script-managed ``python-*-manifest.inc`` files that were previously used to generate Python and Python 3 packages have been replaced with a @@ -187,8 +183,6 @@ change please see :yocto_git:`this commit Miscellaneous Changes --------------------- -The following are additional changes: - - The :ref:`ref-classes-kernel` class supports building packages for multiple kernels. If your kernel recipe or ``.bbappend`` file mentions packaging at all, you should replace references to the kernel in package names diff --git a/poky/documentation/migration-guides/migration-4.0.rst b/poky/documentation/migration-guides/migration-4.0.rst index 2aa9145ef8..b5bd57c312 100644 --- a/poky/documentation/migration-guides/migration-4.0.rst +++ b/poky/documentation/migration-guides/migration-4.0.rst @@ -142,7 +142,7 @@ Python changes classes should be updated to inherit ``setuptools*`` equivalents instead. - The Python package build process is now based on `wheels <https://pythonwheels.com/>`__. - Here are the new Python packaging classes that should be used: + The new Python packaging classes that should be used are :ref:`ref-classes-python_flit_core`, :ref:`ref-classes-python_setuptools_build_meta` and :ref:`ref-classes-python_poetry_core`. diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst index dfe5e186e5..685799e268 100644 --- a/poky/documentation/migration-guides/release-4.0.rst +++ b/poky/documentation/migration-guides/release-4.0.rst @@ -23,3 +23,4 @@ Release 4.0 (kirkstone) release-notes-4.0.14 release-notes-4.0.15 release-notes-4.0.16 + release-notes-4.0.17 diff --git a/poky/documentation/migration-guides/release-notes-4.0.17.rst b/poky/documentation/migration-guides/release-notes-4.0.17.rst new file mode 100644 index 0000000000..1dfd10ce20 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.17.rst @@ -0,0 +1,238 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +Release notes for Yocto-4.0.17 (Kirkstone) +------------------------------------------ + +Security Fixes in Yocto-4.0.17 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- bind: Fix :cve:`2023-4408`, :cve:`2023-50387`, :cve:`2023-50868`, :cve:`2023-5517` and :cve:`2023-5679` +- binutils: Fix :cve:`2023-39129` and :cve:`2023-39130` +- curl: Fix :cve:`2023-46219` +- curl: Ignore :cve:`2023-42915` +- gcc: Ignore :cve:`2023-4039` +- gdb: Fix :cve:`2023-39129` and :cve:`2023-39130` +- glibc: Ignore :cve:`2023-0687` +- go: Fix :cve:`2023-29406`, :cve:`2023-45285`, :cve:`2023-45287`, :cve:`2023-45289`, :cve:`2023-45290`, :cve:`2024-24784` and :cve:`2024-24785` +- less: Fix :cve:`2022-48624` +- libgit2: Fix :cve:`2024-24575` and :cve:`2024-24577` +- libuv: fix :cve:`2024-24806` +- libxml2: Fix for :cve:`2024-25062` +- linux-yocto/5.15: Fix :cve:`2022-36402`, :cve:`2022-40982`, :cve:`2022-47940`, :cve:`2023-1193`, :cve:`2023-1194`, :cve:`2023-20569`, :cve:`2023-20588`, :cve:`2023-25775`, :cve:`2023-31085`, :cve:`2023-32247`, :cve:`2023-32250`, :cve:`2023-32252`, :cve:`2023-32254`, :cve:`2023-32257`, :cve:`2023-32258`, :cve:`2023-34324`, :cve:`2023-35827`, :cve:`2023-3772`, :cve:`2023-38427`, :cve:`2023-38430`, :cve:`2023-38431`, :cve_mitre:`2023-3867`, :cve:`2023-39189`, :cve:`2023-39192`, :cve:`2023-39193`, :cve:`2023-39194`, :cve:`2023-39198`, :cve:`2023-40283`, :cve:`2023-4128`, :cve:`2023-4206`, :cve:`2023-4207`, :cve:`2023-4208`, :cve:`2023-4244`, :cve:`2023-4273`, :cve:`2023-42752`, :cve:`2023-42753`, :cve:`2023-42754`, :cve:`2023-42755`, :cve:`2023-4563`, :cve:`2023-4569`, :cve:`2023-45871`, :cve:`2023-4623`, :cve:`2023-46343`, :cve:`2023-46813`, :cve:`2023-46838`, :cve:`2023-46862`, :cve:`2023-4881`, :cve:`2023-4921`, :cve:`2023-51042`, :cve:`2023-5158`, :cve:`2023-51779`, :cve_mitre:`2023-52340`, :cve:`2023-52429`, :cve:`2023-52435`, :cve:`2023-52436`, :cve:`2023-52438`, :cve:`2023-52439`, :cve:`2023-52441`, :cve:`2023-52442`, :cve:`2023-52443`, :cve:`2023-52444`, :cve:`2023-52445`, :cve:`2023-52448`, :cve:`2023-52449`, :cve:`2023-52451`, :cve:`2023-52454`, :cve:`2023-52456`, :cve:`2023-52457`, :cve:`2023-52458`, :cve:`2023-52463`, :cve:`2023-52464`, :cve:`2023-5717`, :cve:`2023-6040`, :cve:`2023-6121`, :cve:`2023-6176`, :cve:`2023-6546`, :cve:`2023-6606`, :cve:`2023-6622`, :cve:`2023-6817`, :cve:`2023-6915`, :cve:`2023-6931`, :cve:`2023-6932`, :cve:`2024-0340`, :cve:`2024-0584`, :cve:`2024-0607`, :cve:`2024-0641`, :cve:`2024-0646`, :cve:`2024-1085`, :cve:`2024-1086`, :cve:`2024-1151`, :cve:`2024-22705`, :cve:`2024-23849`, :cve:`2024-23850`, :cve:`2024-23851`, :cve:`2024-24860`, :cve:`2024-26586`, :cve:`2024-26589`, :cve:`2024-26591`, :cve:`2024-26592`, :cve:`2024-26593`, :cve:`2024-26594`, :cve:`2024-26597` and :cve:`2024-26598` +- linux-yocto/5.15: Ignore :cve:`2020-27418`, :cve:`2020-36766`, :cve:`2021-33630`, :cve:`2021-33631`, :cve:`2022-48619`, :cve:`2023-2430`, :cve:`2023-40791`, :cve:`2023-42756`, :cve:`2023-44466`, :cve:`2023-45862`, :cve:`2023-45863`, :cve:`2023-45898`, :cve:`2023-4610`, :cve:`2023-4732`, :cve:`2023-5090`, :cve:`2023-51043`, :cve:`2023-5178`, :cve:`2023-51780`, :cve:`2023-51781`, :cve:`2023-51782`, :cve:`2023-5197`, :cve:`2023-52433`, :cve:`2023-52440`, :cve:`2023-52446`, :cve:`2023-52450`, :cve:`2023-52453`, :cve:`2023-52455`, :cve:`2023-52459`, :cve:`2023-52460`, :cve:`2023-52461`, :cve:`2023-52462`, :cve:`2023-5345`, :cve:`2023-5633`, :cve:`2023-5972`, :cve:`2023-6111`, :cve:`2023-6200`, :cve:`2023-6531`, :cve:`2023-6679`, :cve:`2023-7192`, :cve:`2024-0193`, :cve:`2024-0443`, :cve:`2024-0562`, :cve:`2024-0582`, :cve:`2024-0639`, :cve:`2024-0775`, :cve:`2024-26581`, :cve:`2024-26582`, :cve:`2024-26590`, :cve:`2024-26596` and :cve:`2024-26599` +- linux-yocto/5.10: Fix :cve:`2023-39198`, :cve:`2023-46838`, :cve:`2023-51779`, :cve:`2023-51780`, :cve:`2023-51781`, :cve:`2023-51782`, :cve_mitre:`2023-52340`, :cve:`2023-6040`, :cve:`2023-6121`, :cve:`2023-6606`, :cve:`2023-6817`, :cve:`2023-6915`, :cve:`2023-6931`, :cve:`2023-6932`, :cve:`2024-0584` and :cve:`2024-0646` +- linux-yocto/5.10: Ignore :cve:`2021-33630`, :cve:`2021-33631`, :cve:`2022-1508`, :cve:`2022-36402`, :cve:`2022-48619`, :cve:`2023-2430`, :cve:`2023-4610`, :cve:`2023-46343`, :cve:`2023-51042`, :cve:`2023-51043`, :cve:`2023-5972`, :cve:`2023-6039`, :cve:`2023-6200`, :cve:`2023-6531`, :cve:`2023-6546`, :cve:`2023-6622`, :cve:`2023-6679`, :cve:`2023-7192`, :cve:`2024-0193`, :cve:`2024-0443`, :cve:`2024-0562`, :cve:`2024-0582`, :cve:`2024-0639`, :cve:`2024-0641`, :cve:`2024-0775`, :cve:`2024-1085` and :cve:`2024-22705` +- openssl: Fix :cve:`2024-0727` +- python3-pycryptodome: Fix :cve:`2023-52323` +- qemu: Fix :cve:`2023-42467`, :cve:`2023-6693` and :cve:`2024-24474` +- vim: Fix :cve:`2024-22667` +- xwayland: Fix :cve:`2023-6377` and :cve:`2023-6478` + + +Fixes in Yocto-4.0.17 +~~~~~~~~~~~~~~~~~~~~~ + +- bind: Upgrade to 9.18.24 +- bitbake: bitbake/codeparser.py: address ast module deprecations in py 3.12 +- bitbake: bitbake/lib/bs4/tests/test_tree.py: python 3.12 regex +- bitbake: codeparser: replace deprecated ast.Str and 's' +- bitbake: fetch2: Ensure that git LFS objects are available +- bitbake: tests/fetch: Add real git lfs tests and decorator +- bitbake: tests/fetch: git-lfs restore _find_git_lfs +- bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer +- build-appliance-image: Update to kirkstone head revision +- cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES +- contributor-guide: fix lore URL +- curl: don't enable debug builds +- cve_check: cleanup logging +- dbus: Add missing :term:`CVE_PRODUCT` +- dev-manual: sbom: Rephrase spdx creation +- dev-manual: runtime-testing: gen-tapdevs need iptables installed +- dev-manual: packages: clarify shared :term:`PR` service constraint +- dev-manual: packages: need enough free space +- dev-manual: start: remove idle line +- feature-microblaze-versions.inc: python 3.12 regex +- ghostscript: correct :term:`LICENSE` with AGPLv3 +- image-live.bbclass: LIVE_ROOTFS_TYPE support compression +- kernel.bbclass: Set pkg-config variables for building modules +- kernel.bbclass: introduce KERNEL_LOCALVERSION +- kernel: fix localversion in v6.3+ +- kernel: make LOCALVERSION consistent between recipes +- ldconfig-native: Fix to point correctly on the DT_NEEDED entries in an ELF file +- librsvg: Fix do_package_qa error for librsvg +- linux-firmware: upgrade to 20231211 +- linux-yocto/5.10: update to v5.10.210 +- linux-yocto/5.15: update to v5.15.150 +- manuals: add minimum RAM requirements +- manuals: suppress excess use of "following" word +- manuals: update disk space requirements +- manuals: update references to buildtools +- manuals: updates for building on Windows (WSL 2) +- meta/lib/oeqa: python 3.12 regex +- meta/recipes: python 3.12 regex +- migration-guide: add release notes for 4.0.16 +- oeqa/selftest/oelib/buildhistory: git default branch +- oeqa/selftest/recipetool: downgrade meson version to not use pyproject.toml +- oeqa/selftest/recipetool: expect meson.bb +- oeqa/selftest/recipetool: fix for python 3.12 +- oeqa/selftest/runtime_test: only run the virgl tests on qemux86-64 +- oeqa: replace deprecated assertEquals +- openssl: Upgrade to 3.0.13 +- poky.conf: bump version for 4.0.17 +- populate_sdk_ext: use ConfigParser instead of SafeConfigParser +- python3-jinja2: upgrade to 3.1.3 +- recipetool/create_buildsys_python: use importlib instead of imp +- ref-manual: system-requirements: recommend buildtools for not supported distros +- ref-manual: system-requirements: add info on buildtools-make-tarball +- ref-manual: release-process: grammar fix +- ref-manual: system-requirements: fix AlmaLinux variable name +- ref-manual: system-requirements: modify anchor +- ref-manual: system-requirements: remove outdated note +- ref-manual: system-requirements: simplify supported distro requirements +- ref-manual: system-requirements: update packages to build docs +- scripts/runqemu: add qmp socket support +- scripts/runqemu: direct mesa to use its own drivers, rather than ones provided by host distro +- scripts/runqemu: fix regex escape sequences +- scripts: python 3.12 regex +- selftest: skip virgl gtk/sdl test on ubuntu 18.04 +- systemd: Only add myhostname to nsswitch.conf if in :term:`PACKAGECONFIG` +- tzdata : Upgrade to 2024a +- u-boot: Move UBOOT_INITIAL_ENV back to u-boot.inc +- useradd-example: do not use unsupported clear text password +- vim: upgrade to v9.0.2190 +- yocto-bsp: update to v5.15.150 + + +Known Issues in Yocto-4.0.17 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.17 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Adrian Freihofer +- Alassane Yattara +- Alexander Kanavin +- Alexander Sverdlin +- Archana Polampalli +- Baruch Siach +- Bruce Ashfield +- Chen Qi +- Chris Laplante +- Deepthi Hemraj +- Dhairya Nagodra +- Fabien Mahot +- Fabio Estevam +- Hitendra Prajapati +- Hugo SIMELIERE +- Jermain Horsman +- Kai Kang +- Lee Chee Yang +- Ludovic Jozeau +- Michael Opdenacker +- Ming Liu +- Munehisa Kamata +- Narpat Mali +- Nikhil R +- Paul Eggleton +- Paulo Neves +- Peter Marko +- Philip Lorenz +- Poonam Jadhav +- Priyal Doshi +- Ross Burton +- Simone Weiß +- Soumya Sambu +- Steve Sakoman +- Tim Orling +- Trevor Gamblin +- Vijay Anusuri +- Vivek Kumbhar +- Wang Mingyu +- Zahir Hussain + + +Repositories / Downloads for Yocto-4.0.17 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: :yocto_git:`/poky` +- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.17 </poky/log/?h=yocto-4.0.17>` +- Git Revision: :yocto_git:`6d1a878bbf24c66f7186b270f823fcdf82e35383 </poky/commit/?id=6d1a878bbf24c66f7186b270f823fcdf82e35383>` +- Release Artefact: poky-6d1a878bbf24c66f7186b270f823fcdf82e35383 +- sha: 3bc3010340b674f7b0dd0a7997f0167b2240b794fbd4aa28c0c4217bddd15e30 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/poky-6d1a878bbf24c66f7186b270f823fcdf82e35383.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/poky-6d1a878bbf24c66f7186b270f823fcdf82e35383.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>` +- Tag: :oe_git:`yocto-4.0.17 </openembedded-core/log/?h=yocto-4.0.17>` +- Git Revision: :oe_git:`2501534c9581c6c3439f525d630be11554a57d24 </openembedded-core/commit/?id=2501534c9581c6c3439f525d630be11554a57d24>` +- Release Artefact: oecore-2501534c9581c6c3439f525d630be11554a57d24 +- sha: 52cc6cce9e920bdce078584b89136e81cc01e0c55616fab5fca6c3e04264c88e +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/oecore-2501534c9581c6c3439f525d630be11554a57d24.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/oecore-2501534c9581c6c3439f525d630be11554a57d24.tar.bz2 + +meta-mingw + +- Repository Location: :yocto_git:`/meta-mingw` +- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.17 </meta-mingw/log/?h=yocto-4.0.17>` +- Git Revision: :yocto_git:`f6b38ce3c90e1600d41c2ebb41e152936a0357d7 </meta-mingw/commit/?id=f6b38ce3c90e1600d41c2ebb41e152936a0357d7>` +- Release Artefact: meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7 +- sha: 7d57167c19077f4ab95623d55a24c2267a3a3fb5ed83688659b4c03586373b25 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/meta-mingw-f6b38ce3c90e1600d41c2ebb41e152936a0357d7.tar.bz2 + +meta-gplv2 + +- Repository Location: :yocto_git:`/meta-gplv2` +- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.17 </meta-gplv2/log/?h=yocto-4.0.17>` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +meta-clang + +- Repository Location: :yocto_git:`/meta-clang` +- Branch: :yocto_git:`kirkstone </meta-clang/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.17 </meta-clang/log/?h=yocto-4.0.17>` +- Git Revision: :yocto_git:`eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52 </meta-clang/commit/?id=eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52>` +- Release Artefact: meta-clang-eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52 +- sha: 3299e96e069a22c0971e903fbc191f2427efffc83d910ac51bf0237caad01d17 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/meta-clang-eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/meta-clang-eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>` +- Tag: :oe_git:`yocto-4.0.17 </bitbake/log/?h=yocto-4.0.17>` +- Git Revision: :oe_git:`40fd5f4eef7460ca67f32cfce8e229e67e1ff607 </bitbake/commit/?id=40fd5f4eef7460ca67f32cfce8e229e67e1ff607>` +- Release Artefact: bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607 +- sha: 5d20a0e4c5d0fce44bd84778168714a261a30a4b83f67c88df3b8a7e7115e444 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.17/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.17/bitbake-40fd5f4eef7460ca67f32cfce8e229e67e1ff607.tar.bz2 + +yocto-docs + +- Repository Location: :yocto_git:`/yocto-docs` +- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>` +- Tag: :yocto_git:`yocto-4.0.17 </yocto-docs/log/?h=yocto-4.0.17>` +- Git Revision: :yocto_git:`08ce7db2aa3a38deb8f5aa59bafc78542986babb </yocto-docs/commit/?id=08ce7db2aa3a38deb8f5aa59bafc78542986babb>` + diff --git a/poky/documentation/overview-manual/concepts.rst b/poky/documentation/overview-manual/concepts.rst index d335c2fcdd..62f2327a7e 100644 --- a/poky/documentation/overview-manual/concepts.rst +++ b/poky/documentation/overview-manual/concepts.rst @@ -37,7 +37,7 @@ to each data source as a layer. For information on layers, see the ":ref:`dev-manual/layers:understanding and creating layers`" section of the Yocto Project Development Tasks Manual. -Following are some brief details on these core components. For +Here are some brief details on these core components. For additional information on how these components interact during a build, see the ":ref:`overview-manual/concepts:openembedded build system concepts`" @@ -1321,7 +1321,7 @@ can initialize the environment before using the tools. All the output files for an SDK are written to the ``deploy/sdk`` folder inside the :term:`Build Directory` as shown in the previous figure. Depending on the type of SDK, there are several variables to configure these files. -Here are the variables associated with an extensible SDK: +The variables associated with an extensible SDK are: - :term:`DEPLOY_DIR`: Points to the ``deploy`` directory. @@ -1375,7 +1375,7 @@ This next list, shows the variables associated with a standard SDK: Lists packages that make up the target part of the SDK (i.e. the part built for the target hardware). -- :term:`SDKPATH`: Defines the +- :term:`SDKPATHINSTALL`: Defines the default SDK installation path offered by the installation script. - :term:`SDK_HOST_MANIFEST`: @@ -2238,7 +2238,7 @@ which is integrating ``sayhello`` in our root file system: #. Add ``sayhello`` to :term:`IMAGE_INSTALL` to integrate it into the root file system -The following are the contents of ``libhello/Makefile``:: +The contents of ``libhello/Makefile`` are:: LIB=libhello.so @@ -2266,7 +2266,7 @@ The following are the contents of ``libhello/Makefile``:: and ``CFLAGS`` as BitBake will set them as environment variables according to your build configuration. -The following are the contents of ``libhello/hellolib.h``:: +The contents of ``libhello/hellolib.h`` are:: #ifndef HELLOLIB_H #define HELLOLIB_H @@ -2275,7 +2275,7 @@ The following are the contents of ``libhello/hellolib.h``:: #endif -The following are the contents of ``libhello/hellolib.c``:: +The contents of ``libhello/hellolib.c`` are:: #include <stdio.h> @@ -2283,7 +2283,7 @@ The following are the contents of ``libhello/hellolib.c``:: puts("Hello from a Yocto demo \n"); } -The following are the contents of ``sayhello/Makefile``:: +The contents of ``sayhello/Makefile`` are:: EXEC=sayhello LDFLAGS += -lhello @@ -2296,7 +2296,7 @@ The following are the contents of ``sayhello/Makefile``:: clean: rm -rf $(EXEC) *.o -The following are the contents of ``sayhello/sayhello.c``:: +The contents of ``sayhello/sayhello.c`` are:: #include <hellolib.h> @@ -2305,7 +2305,7 @@ The following are the contents of ``sayhello/sayhello.c``:: return 0; } -The following are the contents of ``libhello_0.1.bb``:: +The contents of ``libhello_0.1.bb`` are:: SUMMARY = "Hello demo library" DESCRIPTION = "Hello shared library used in Yocto demo" @@ -2328,7 +2328,7 @@ The following are the contents of ``libhello_0.1.bb``:: oe_soinstall ${PN}.so.${PV} ${D}${libdir} } -The following are the contents of ``sayhello_0.1.bb``:: +The contents of ``sayhello_0.1.bb`` are:: SUMMARY = "SayHello demo" DESCRIPTION = "SayHello project used in Yocto demo" diff --git a/poky/documentation/overview-manual/yp-intro.rst b/poky/documentation/overview-manual/yp-intro.rst index 1e6820c14e..4a27e12e01 100644 --- a/poky/documentation/overview-manual/yp-intro.rst +++ b/poky/documentation/overview-manual/yp-intro.rst @@ -737,7 +737,7 @@ workflow: .. image:: figures/YP-flow-diagram.png :width: 100% -Following is a brief summary of the "workflow": +Here is a brief summary of the "workflow": #. Developers specify architecture, policies, patches and configuration details. diff --git a/poky/documentation/profile-manual/usage.rst b/poky/documentation/profile-manual/usage.rst index 6f0b0418e7..2f82137538 100644 --- a/poky/documentation/profile-manual/usage.rst +++ b/poky/documentation/profile-manual/usage.rst @@ -13,7 +13,7 @@ tools. perf ==== -The 'perf' tool is the profiling and tracing tool that comes bundled +The perf tool is the profiling and tracing tool that comes bundled with the Linux kernel. Don't let the fact that it's part of the kernel fool you into thinking @@ -26,22 +26,22 @@ of what's going on. In many ways, perf aims to be a superset of all the tracing and profiling tools available in Linux today, including all the other tools -covered in this HOWTO. The past couple of years have seen perf subsume a +covered in this How-to. The past couple of years have seen perf subsume a lot of the functionality of those other tools and, at the same time, those other tools have removed large portions of their previous functionality and replaced it with calls to the equivalent functionality now implemented by the perf subsystem. Extrapolation suggests that at -some point those other tools will simply become completely redundant and +some point those other tools will become completely redundant and go away; until then, we'll cover those other tools in these pages and in many cases show how the same things can be accomplished in perf and the other tools when it seems useful to do so. The coverage below details some of the most common ways you'll likely want to apply the tool; full documentation can be found either within -the tool itself or in the man pages at +the tool itself or in the manual pages at `perf(1) <https://linux.die.net/man/1/perf>`__. -Perf Setup +perf Setup ---------- For this section, we'll assume you've already performed the basic setup @@ -54,14 +54,14 @@ image built with the following in your ``local.conf`` file:: perf runs on the target system for the most part. You can archive profile data and copy it to the host for analysis, but for the rest of -this document we assume you've ssh'ed to the host and will be running -the perf commands on the target. +this document we assume you're connected to the host through SSH and will be +running the perf commands on the target. -Basic Perf Usage +Basic perf Usage ---------------- The perf tool is pretty much self-documenting. To remind yourself of the -available commands, simply type 'perf', which will show you basic usage +available commands, just type ``perf``, which will show you basic usage along with the available perf subcommands:: root@crownbay:~# perf @@ -97,19 +97,19 @@ along with the available perf subcommands:: Using perf to do Basic Profiling ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -As a simple test case, we'll profile the 'wget' of a fairly large file, +As a simple test case, we'll profile the ``wget`` of a fairly large file, which is a minimally interesting case because it has both file and network I/O aspects, and at least in the case of standard Yocto images, it's implemented as part of BusyBox, so the methods we use to analyze it -can be used in a very similar way to the whole host of supported BusyBox -applets in Yocto. :: +can be used in a similar way to the whole host of supported BusyBox +applets in Yocto:: root@crownbay:~# rm linux-2.6.19.2.tar.bz2; \ wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2 The quickest and easiest way to get some basic overall data about what's -going on for a particular workload is to profile it using 'perf stat'. -'perf stat' basically profiles using a few default counters and displays +going on for a particular workload is to profile it using ``perf stat``. +This command basically profiles using a few default counters and displays the summed counts at the end of the run:: root@crownbay:~# perf stat wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2 @@ -131,13 +131,13 @@ the summed counts at the end of the run:: 59.836627620 seconds time elapsed -Many times such a simple-minded test doesn't yield much of -interest, but sometimes it does (see Real-world Yocto bug (slow -loop-mounted write speed)). +Such a simple-minded test doesn't always yield much of interest, but sometimes +it does (see the :yocto_bugs:`Slow write speed on live images with denzil +</show_bug.cgi?id=3049>` bug report). -Also, note that 'perf stat' isn't restricted to a fixed set of counters -- basically any event listed in the output of 'perf list' can be tallied -by 'perf stat'. For example, suppose we wanted to see a summary of all +Also, note that ``perf stat`` isn't restricted to a fixed set of counters +--- basically any event listed in the output of ``perf list`` can be tallied +by ``perf stat``. For example, suppose we wanted to see a summary of all the events related to kernel memory allocation/freeing along with cache hits and misses:: @@ -164,22 +164,22 @@ hits and misses:: 44.831023415 seconds time elapsed -So 'perf stat' gives us a nice easy +As you can see, ``perf stat`` gives us a nice easy way to get a quick overview of what might be happening for a set of events, but normally we'd need a little more detail in order to understand what's going on in a way that we can act on in a useful way. -To dive down into a next level of detail, we can use 'perf record'/'perf -report' which will collect profiling data and present it to use using an -interactive text-based UI (or simply as text if we specify ``--stdio`` to -'perf report'). +To dive down into a next level of detail, we can use ``perf record`` / +``perf report`` which will collect profiling data and present it to use using an +interactive text-based UI (or just as text if we specify ``--stdio`` to +``perf report``). -As our first attempt at profiling this workload, we'll simply run 'perf -record', handing it the workload we want to profile (everything after -'perf record' and any perf options we hand it --- here none, will be +As our first attempt at profiling this workload, we'll just run ``perf +record``, handing it the workload we want to profile (everything after +``perf record`` and any perf options we hand it --- here none, will be executed in a new shell). perf collects samples until the process exits -and records them in a file named 'perf.data' in the current working -directory. :: +and records them in a file named ``perf.data`` in the current working +directory:: root@crownbay:~# perf record wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2 @@ -189,7 +189,7 @@ directory. :: [ perf record: Captured and wrote 0.176 MB perf.data (~7700 samples) ] To see the results in a -'text-based UI' (tui), simply run 'perf report', which will read the +"text-based UI" (tui), just run ``perf report``, which will read the perf.data file in the current working directory and display the results in an interactive UI:: @@ -199,26 +199,26 @@ in an interactive UI:: :align: center :width: 70% -The above screenshot displays a 'flat' profile, one entry for each -'bucket' corresponding to the functions that were profiled during the +The above screenshot displays a "flat" profile, one entry for each +"bucket" corresponding to the functions that were profiled during the profiling run, ordered from the most popular to the least (perf has options to sort in various orders and keys as well as display entries only above a certain threshold and so on --- see the perf documentation -for details). Note that this includes both userspace functions (entries -containing a [.]) and kernel functions accounted to the process (entries -containing a [k]). (perf has command-line modifiers that can be used to -restrict the profiling to kernel or userspace, among others). +for details). Note that this includes both user space functions (entries +containing a ``[.]``) and kernel functions accounted to the process (entries +containing a ``[k]``). perf has command-line modifiers that can be used to +restrict the profiling to kernel or user space, among others. -Notice also that the above report shows an entry for 'busybox', which is -the executable that implements 'wget' in Yocto, but that instead of a +Notice also that the above report shows an entry for ``busybox``, which is +the executable that implements ``wget`` in Yocto, but that instead of a useful function name in that entry, it displays a not-so-friendly hex value instead. The steps below will show how to fix that problem. Before we do that, however, let's try running a different profile, one which shows something a little more interesting. The only difference -between the new profile and the previous one is that we'll add the -g +between the new profile and the previous one is that we'll add the ``-g`` option, which will record not just the address of a sampled function, -but the entire callchain to the sampled function as well:: +but the entire call chain to the sampled function as well:: root@crownbay:~# perf record -g wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2 Connecting to downloads.yoctoproject.org (140.211.169.59:80) @@ -233,45 +233,45 @@ but the entire callchain to the sampled function as well:: :align: center :width: 70% -Using the callgraph view, we can actually see not only which functions +Using the call graph view, we can actually see not only which functions took the most time, but we can also see a summary of how those functions were called and learn something about how the program interacts with the kernel in the process. -Notice that each entry in the above screenshot now contains a '+' on the -left-hand side. This means that we can expand the entry and drill down -into the callchains that feed into that entry. Pressing 'enter' on any -one of them will expand the callchain (you can also press 'E' to expand -them all at the same time or 'C' to collapse them all). +Notice that each entry in the above screenshot now contains a ``+`` on the +left side. This means that we can expand the entry and drill down +into the call chains that feed into that entry. Pressing ``Enter`` on any +one of them will expand the call chain (you can also press ``E`` to expand +them all at the same time or ``C`` to collapse them all). In the screenshot above, we've toggled the ``__copy_to_user_ll()`` entry -and several subnodes all the way down. This lets us see which callchains +and several subnodes all the way down. This lets us see which call chains contributed to the profiled ``__copy_to_user_ll()`` function which contributed 1.77% to the total profile. -As a bit of background explanation for these callchains, think about -what happens at a high level when you run wget to get a file out on the +As a bit of background explanation for these call chains, think about +what happens at a high level when you run ``wget`` to get a file out on the network. Basically what happens is that the data comes into the kernel -via the network connection (socket) and is passed to the userspace -program 'wget' (which is actually a part of BusyBox, but that's not +via the network connection (socket) and is passed to the user space +program ``wget`` (which is actually a part of BusyBox, but that's not important for now), which takes the buffers the kernel passes to it and writes it to a disk file to save it. The part of this process that we're looking at in the above call stacks is the part where the kernel passes the data it has read from the socket -down to wget i.e. a copy-to-user. +down to wget i.e. a ``copy-to-user``. Notice also that here there's also a case where the hex value is -displayed in the callstack, here in the expanded ``sys_clock_gettime()`` -function. Later we'll see it resolve to a userspace function call in -busybox. +displayed in the call stack, here in the expanded ``sys_clock_gettime()`` +function. Later we'll see it resolve to a user space function call in +BusyBox. .. image:: figures/perf-wget-g-copy-from-user-expanded-stripped.png :align: center :width: 70% -The above screenshot shows the other half of the journey for the data - -from the wget program's userspace buffers to disk. To get the buffers to +The above screenshot shows the other half of the journey for the data --- +from the ``wget`` program's user space buffers to disk. To get the buffers to disk, the wget program issues a ``write(2)``, which does a ``copy-from-user`` to the kernel, which then takes care via some circuitous path (probably also present somewhere in the profile data), to get it safely to disk. @@ -281,8 +281,8 @@ of how to extract useful information out of it, let's get back to the task at hand and see if we can get some basic idea about where the time is spent in the program we're profiling, wget. Remember that wget is actually implemented as an applet in BusyBox, so while the process name -is 'wget', the executable we're actually interested in is BusyBox. So -let's expand the first entry containing BusyBox: +is ``wget``, the executable we're actually interested in is ``busybox``. +Therefore, let's expand the first entry containing BusyBox: .. image:: figures/perf-wget-busybox-expanded-stripped.png :align: center @@ -293,7 +293,7 @@ hex value instead of a symbol as with most of the kernel entries. Expanding the BusyBox entry doesn't make it any better. The problem is that perf can't find the symbol information for the -busybox binary, which is actually stripped out by the Yocto build +``busybox`` binary, which is actually stripped out by the Yocto build system. One way around that is to put the following in your ``local.conf`` file @@ -303,40 +303,39 @@ when you build the image:: However, we already have an image with the binaries stripped, so what can we do to get perf to resolve the symbols? Basically we need to -install the debuginfo for the BusyBox package. +install the debugging information for the BusyBox package. To generate the debug info for the packages in the image, we can add ``dbg-pkgs`` to :term:`EXTRA_IMAGE_FEATURES` in ``local.conf``. For example:: EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile dbg-pkgs" -Additionally, in order to generate the type of debuginfo that perf -understands, we also need to set -:term:`PACKAGE_DEBUG_SPLIT_STYLE` +Additionally, in order to generate the type of debugging information that perf +understands, we also need to set :term:`PACKAGE_DEBUG_SPLIT_STYLE` in the ``local.conf`` file:: PACKAGE_DEBUG_SPLIT_STYLE = 'debug-file-directory' -Once we've done that, we can install the -debuginfo for BusyBox. The debug packages once built can be found in -``build/tmp/deploy/rpm/*`` on the host system. Find the busybox-dbg-...rpm -file and copy it to the target. For example:: +Once we've done that, we can install the debugging information for BusyBox. The +debug packages once built can be found in ``build/tmp/deploy/rpm/*`` +on the host system. Find the ``busybox-dbg-...rpm`` file and copy it +to the target. For example:: [trz@empanada core2]$ scp /home/trz/yocto/crownbay-tracing-dbg/build/tmp/deploy/rpm/core2_32/busybox-dbg-1.20.2-r2.core2_32.rpm root@192.168.1.31: busybox-dbg-1.20.2-r2.core2_32.rpm 100% 1826KB 1.8MB/s 00:01 -Now install the debug rpm on the target:: +Now install the debug RPM on the target:: root@crownbay:~# rpm -i busybox-dbg-1.20.2-r2.core2_32.rpm -Now that the debuginfo is installed, we see that the BusyBox entries now display +Now that the debugging information is installed, we see that the BusyBox entries now display their functions symbolically: .. image:: figures/perf-wget-busybox-debuginfo.png :align: center :width: 70% -If we expand one of the entries and press 'enter' on a leaf node, we're +If we expand one of the entries and press ``Enter`` on a leaf node, we're presented with a menu of actions we can take to get more information related to that entry: @@ -346,17 +345,17 @@ related to that entry: One of these actions allows us to show a view that displays a busybox-centric view of the profiled functions (in this case we've also -expanded all the nodes using the 'E' key): +expanded all the nodes using the ``E`` key): .. image:: figures/perf-wget-busybox-dso-zoom.png :align: center :width: 70% -Finally, we can see that now that the BusyBox debuginfo is installed, +Finally, we can see that now that the BusyBox debugging information is installed, the previously unresolved symbol in the ``sys_clock_gettime()`` entry mentioned previously is now resolved, and shows that the -sys_clock_gettime system call that was the source of 6.75% of the -copy-to-user overhead was initiated by the ``handle_input()`` BusyBox +``sys_clock_gettime`` system call that was the source of 6.75% of the +``copy-to-user`` overhead was initiated by the ``handle_input()`` BusyBox function: .. image:: figures/perf-wget-g-copy-to-user-expanded-debuginfo.png @@ -365,15 +364,15 @@ function: At the lowest level of detail, we can dive down to the assembly level and see which instructions caused the most overhead in a function. -Pressing 'enter' on the 'udhcpc_main' function, we're again presented +Pressing ``Enter`` on the ``udhcpc_main`` function, we're again presented with a menu: .. image:: figures/perf-wget-busybox-annotate-menu.png :align: center :width: 70% -Selecting 'Annotate udhcpc_main', we get a detailed listing of -percentages by instruction for the udhcpc_main function. From the +Selecting ``Annotate udhcpc_main``, we get a detailed listing of +percentages by instruction for the ``udhcpc_main`` function. From the display, we can see that over 50% of the time spent in this function is taken up by a couple tests and the move of a constant (1) to a register: @@ -382,17 +381,17 @@ taken up by a couple tests and the move of a constant (1) to a register: :width: 70% As a segue into tracing, let's try another profile using a different -counter, something other than the default 'cycles'. +counter, something other than the default ``cycles``. The tracing and profiling infrastructure in Linux has become unified in a way that allows us to use the same tool with a completely different set of counters, not just the standard hardware counters that -traditional tools have had to restrict themselves to (of course the -traditional tools can also make use of the expanded possibilities now +traditional tools have had to restrict themselves to (the +traditional tools can now actually make use of the expanded possibilities now available to them, and in some cases have, as mentioned previously). We can get a list of the available events that can be used to profile a -workload via 'perf list':: +workload via ``perf list``:: root@crownbay:~# perf list @@ -528,14 +527,14 @@ workload via 'perf list':: .. admonition:: Tying it Together These are exactly the same set of events defined by the trace event - subsystem and exposed by ftrace/tracecmd/kernelshark as files in - /sys/kernel/debug/tracing/events, by SystemTap as + subsystem and exposed by ftrace / trace-cmd / KernelShark as files in + ``/sys/kernel/debug/tracing/events``, by SystemTap as kernel.trace("tracepoint_name") and (partially) accessed by LTTng. Only a subset of these would be of interest to us when looking at this workload, so let's choose the most likely subsystems (identified by the -string before the colon in the Tracepoint events) and do a 'perf stat' -run using only those wildcarded subsystems:: +string before the colon in the ``Tracepoint`` events) and do a ``perf stat`` +run using only those subsystem wildcards:: root@crownbay:~# perf stat -e skb:* -e net:* -e napi:* -e sched:* -e workqueue:* -e irq:* -e syscalls:* wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2 Performance counter stats for 'wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2': @@ -607,8 +606,8 @@ and tell perf to do a profile using it as the sampling event:: The screenshot above shows the results of running a profile using sched:sched_switch tracepoint, which shows the relative costs of various -paths to sched_wakeup (note that sched_wakeup is the name of the -tracepoint --- it's actually defined just inside ttwu_do_wakeup(), which +paths to ``sched_wakeup`` (note that ``sched_wakeup`` is the name of the +tracepoint --- it's actually defined just inside ``ttwu_do_wakeup()``, which accounts for the function name actually displayed in the profile: .. code-block:: c @@ -626,15 +625,15 @@ accounts for the function name actually displayed in the profile: } A couple of the more interesting -callchains are expanded and displayed above, basically some network -receive paths that presumably end up waking up wget (busybox) when +call chains are expanded and displayed above, basically some network +receive paths that presumably end up waking up wget (BusyBox) when network data is ready. Note that because tracepoints are normally used for tracing, the default -sampling period for tracepoints is 1 i.e. for tracepoints perf will -sample on every event occurrence (this can be changed using the -c +sampling period for tracepoints is ``1`` i.e. for tracepoints perf will +sample on every event occurrence (this can be changed using the ``-c`` option). This is in contrast to hardware counters such as for example -the default 'cycles' hardware counter used for normal profiling, where +the default ``cycles`` hardware counter used for normal profiling, where sampling periods are much higher (in the thousands) because profiling should have as low an overhead as possible and sampling on every cycle would be prohibitively expensive. @@ -645,10 +644,10 @@ Using perf to do Basic Tracing Profiling is a great tool for solving many problems or for getting a high-level view of what's going on with a workload or across the system. It is however by definition an approximation, as suggested by the most -prominent word associated with it, 'sampling'. On the one hand, it +prominent word associated with it, ``sampling``. On the one hand, it allows a representative picture of what's going on in the system to be -cheaply taken, but on the other hand, that cheapness limits its utility -when that data suggests a need to 'dive down' more deeply to discover +cheaply taken, but alternatively, that cheapness limits its utility +when that data suggests a need to "dive down" more deeply to discover what's really going on. In such cases, the only way to see what's really going on is to be able to look at (or summarize more intelligently) the individual steps that go into the higher-level behavior exposed by the @@ -661,7 +660,7 @@ applicable to our workload:: -e syscalls:sys_enter_read -e syscalls:sys_exit_read -e syscalls:sys_enter_write -e syscalls:sys_exit_write wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2 -We can look at the raw trace output using 'perf script' with no +We can look at the raw trace output using ``perf script`` with no arguments:: root@crownbay:~# perf script @@ -692,7 +691,7 @@ arguments:: This gives us a detailed timestamped sequence of events that occurred within the workload with respect to those events. -In many ways, profiling can be viewed as a subset of tracing - +In many ways, profiling can be viewed as a subset of tracing --- theoretically, if you have a set of trace events that's sufficient to capture all the important aspects of a workload, you can derive any of the results or views that a profiling run can. @@ -712,23 +711,23 @@ an infinite variety of ways. Another way to look at it is that there are only so many ways that the 'primitive' counters can be used on their own to generate interesting output; to get anything more complicated than simple counts requires -some amount of additional logic, which is typically very specific to the +some amount of additional logic, which is typically specific to the problem at hand. For example, if we wanted to make use of a 'counter' that maps to the value of the time difference between when a process was scheduled to run on a processor and the time it actually ran, we wouldn't expect such a counter to exist on its own, but we could derive -one called say 'wakeup_latency' and use it to extract a useful view of +one called say ``wakeup_latency`` and use it to extract a useful view of that metric from trace data. Likewise, we really can't figure out from standard profiling tools how much data every process on the system reads and writes, along with how many of those reads and writes fail completely. If we have sufficient trace data, however, we could with the right tools easily extract and present that information, but we'd need -something other than pre-canned profiling tools to do that. +something other than ready-made profiling tools to do that. Luckily, there is a general-purpose way to handle such needs, called -'programming languages'. Making programming languages easily available +"programming languages". Making programming languages easily available to apply to such problems given the specific format of data is called a -'programming language binding' for that data and language. Perf supports +'programming language binding' for that data and language. perf supports two programming language bindings, one for Python and one for Perl. .. admonition:: Tying it Together @@ -738,21 +737,21 @@ two programming language bindings, one for Python and one for Perl. DProbes dpcc compiler, an ANSI C compiler which targeted a low-level assembly language running on an in-kernel interpreter on the target system. This is exactly analogous to what Sun's DTrace did, except - that DTrace invented its own language for the purpose. Systemtap, + that DTrace invented its own language for the purpose. SystemTap, heavily inspired by DTrace, also created its own one-off language, but rather than running the product on an in-kernel interpreter, created an elaborate compiler-based machinery to translate its language into kernel modules written in C. -Now that we have the trace data in perf.data, we can use 'perf script --g' to generate a skeleton script with handlers for the read/write -entry/exit events we recorded:: +Now that we have the trace data in ``perf.data``, we can use ``perf script +-g`` to generate a skeleton script with handlers for the read / write +entry / exit events we recorded:: root@crownbay:~# perf script -g python generated Python script: perf-script.py -The skeleton script simply creates a Python function for each event type in the -perf.data file. The body of each function simply prints the event name along +The skeleton script just creates a Python function for each event type in the +``perf.data`` file. The body of each function just prints the event name along with its parameters. For example: .. code-block:: python @@ -766,7 +765,7 @@ with its parameters. For example: print "skbaddr=%u, len=%u, name=%s\n" % (skbaddr, len, name), We can run that script directly to print all of the events contained in the -perf.data file:: +``perf.data`` file:: root@crownbay:~# perf script -s perf-script.py @@ -795,8 +794,8 @@ perf.data file:: syscalls__sys_exit_read 1 11624.859944032 1262 wget nr=3, ret=1024 That in itself isn't very useful; after all, we can accomplish pretty much the -same thing by simply running 'perf script' without arguments in the same -directory as the perf.data file. +same thing by just running ``perf script`` without arguments in the same +directory as the ``perf.data`` file. We can however replace the print statements in the generated function bodies with whatever we want, and thereby make it infinitely more @@ -817,8 +816,8 @@ event. For example: Each event handler function in the generated code is modified to do this. For convenience, we define a common function -called inc_counts() that each handler calls; inc_counts() simply tallies -a count for each event using the 'counts' hash, which is a specialized +called ``inc_counts()`` that each handler calls; ``inc_counts()`` just tallies +a count for each event using the ``counts`` hash, which is a specialized hash function that does Perl-like autovivification, a capability that's extremely useful for kinds of multi-level aggregation commonly used in processing traces (see perf's documentation on the Python language @@ -836,7 +835,7 @@ binding for details): Finally, at the end of the trace processing run, we want to print the result of all the per-event tallies. For that, we use the special -'trace_end()' function: +``trace_end()`` function: .. code-block:: python @@ -865,7 +864,7 @@ The end result is a summary of all the events recorded in the trace:: syscalls__sys_exit_write 8990 Note that this is -pretty much exactly the same information we get from 'perf stat', which +pretty much exactly the same information we get from ``perf stat``, which goes a little way to support the idea mentioned previously that given the right kind of trace data, higher-level profiling-type summaries can be derived from it. @@ -877,44 +876,44 @@ System-Wide Tracing and Profiling ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The examples so far have focused on tracing a particular program or -workload --- in other words, every profiling run has specified the program -to profile in the command-line e.g. 'perf record wget ...'. +workload --- that is, every profiling run has specified the program +to profile in the command-line e.g. ``perf record wget ...``. It's also possible, and more interesting in many cases, to run a system-wide profile or trace while running the workload in a separate shell. -To do system-wide profiling or tracing, you typically use the -a flag to -'perf record'. +To do system-wide profiling or tracing, you typically use the ``-a`` flag to +``perf record``. To demonstrate this, open up one window and start the profile using the --a flag (press Ctrl-C to stop tracing):: +``-a`` flag (press ``Ctrl-C`` to stop tracing):: root@crownbay:~# perf record -g -a ^C[ perf record: Woken up 6 times to write data ] [ perf record: Captured and wrote 1.400 MB perf.data (~61172 samples) ] -In another window, run the wget test:: +In another window, run the ``wget`` test:: root@crownbay:~# wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2 Connecting to downloads.yoctoproject.org (140.211.169.59:80) linux-2.6.19.2.tar.b 100% \|*******************************\| 41727k 0:00:00 ETA -Here we see entries not only for our wget load, but for +Here we see entries not only for our ``wget`` load, but for other processes running on the system as well: .. image:: figures/perf-systemwide.png :align: center :width: 70% -In the snapshot above, we can see callchains that originate in libc, and -a callchain from Xorg that demonstrates that we're using a proprietary X -driver in userspace (notice the presence of 'PVR' and some other -unresolvable symbols in the expanded Xorg callchain). +In the snapshot above, we can see call chains that originate in ``libc``, and +a call chain from ``Xorg`` that demonstrates that we're using a proprietary X +driver in user space (notice the presence of ``PVR`` and some other +unresolvable symbols in the expanded ``Xorg`` call chain). -Note also that we have both kernel and userspace entries in the above -snapshot. We can also tell perf to focus on userspace but providing a -modifier, in this case 'u', to the 'cycles' hardware counter when we +Note also that we have both kernel and user space entries in the above +snapshot. We can also tell perf to focus on user space but providing a +modifier, in this case ``u``, to the ``cycles`` hardware counter when we record a profile:: root@crownbay:~# perf record -g -a -e cycles:u @@ -925,25 +924,25 @@ record a profile:: :align: center :width: 70% -Notice in the screenshot above, we see only userspace entries ([.]) +Notice in the screenshot above, we see only user space entries (``[.]``) -Finally, we can press 'enter' on a leaf node and select the 'Zoom into -DSO' menu item to show only entries associated with a specific DSO. In -the screenshot below, we've zoomed into the 'libc' DSO which shows all -the entries associated with the libc-xxx.so DSO. +Finally, we can press ``Enter`` on a leaf node and select the ``Zoom into +DSO`` menu item to show only entries associated with a specific DSO. In +the screenshot below, we've zoomed into the ``libc`` DSO which shows all +the entries associated with the ``libc-xxx.so`` DSO. .. image:: figures/perf-systemwide-libc.png :align: center :width: 70% -We can also use the system-wide -a switch to do system-wide tracing. +We can also use the system-wide ``-a`` switch to do system-wide tracing. Here we'll trace a couple of scheduler events:: root@crownbay:~# perf record -a -e sched:sched_switch -e sched:sched_wakeup ^C[ perf record: Woken up 38 times to write data ] [ perf record: Captured and wrote 9.780 MB perf.data (~427299 samples) ] -We can look at the raw output using 'perf script' with no arguments:: +We can look at the raw output using ``perf script`` with no arguments:: root@crownbay:~# perf script @@ -961,11 +960,11 @@ We can look at the raw output using 'perf script' with no arguments:: Filtering ^^^^^^^^^ -Notice that there are a lot of events that don't really have anything to -do with what we're interested in, namely events that schedule 'perf' +Notice that there are many events that don't really have anything to +do with what we're interested in, namely events that schedule ``perf`` itself in and out or that wake perf up. We can get rid of those by using -the '--filter' option --- for each event we specify using -e, we can add a ---filter after that to filter out trace events that contain fields with +the ``--filter`` option --- for each event we specify using ``-e``, we can add a +``--filter`` after that to filter out trace events that contain fields with specific values:: root@crownbay:~# perf record -a -e sched:sched_switch --filter 'next_comm != perf && prev_comm != perf' -e sched:sched_wakeup --filter 'comm != perf' @@ -991,16 +990,16 @@ specific values:: kworker/0:3 1209 [000] 7932.326214: sched_switch: prev_comm=kworker/0:3 prev_pid=1209 prev_prio=120 prev_state=S ==> next_comm=swapper/0 next_pid=0 next_prio=120 In this case, we've filtered out all events that have -'perf' in their 'comm' or 'comm_prev' or 'comm_next' fields. Notice that +``perf`` in their ``comm``, ``comm_prev`` or ``comm_next`` fields. Notice that there are still events recorded for perf, but notice that those events -don't have values of 'perf' for the filtered fields. To completely +don't have values of ``perf`` for the filtered fields. To completely filter out anything from perf will require a bit more work, but for the purpose of demonstrating how to use filters, it's close enough. .. admonition:: Tying it Together These are exactly the same set of event filters defined by the trace - event subsystem. See the ftrace/tracecmd/kernelshark section for more + event subsystem. See the ftrace / trace-cmd / KernelShark section for more discussion about these event filters. .. admonition:: Tying it Together @@ -1010,14 +1009,14 @@ purpose of demonstrating how to use filters, it's close enough. indispensable part of the perf design as it relates to tracing. kernel-based event filters provide a mechanism to precisely throttle the event stream that appears in user space, where it makes sense to - provide bindings to real programming languages for postprocessing the + provide bindings to real programming languages for post-processing the event stream. This architecture allows for the intelligent and flexible partitioning of processing between the kernel and user space. Contrast this with other tools such as SystemTap, which does all of its processing in the kernel and as such requires a special project-defined language in order to accommodate that design, or - LTTng, where everything is sent to userspace and as such requires a - super-efficient kernel-to-userspace transport mechanism in order to + LTTng, where everything is sent to user space and as such requires a + super-efficient kernel-to-user space transport mechanism in order to function properly. While perf certainly can benefit from for instance advances in the design of the transport, it doesn't fundamentally depend on them. Basically, if you find that your perf tracing @@ -1028,9 +1027,9 @@ Using Dynamic Tracepoints ~~~~~~~~~~~~~~~~~~~~~~~~~ perf isn't restricted to the fixed set of static tracepoints listed by -'perf list'. Users can also add their own 'dynamic' tracepoints anywhere -in the kernel. For instance, suppose we want to define our own -tracepoint on do_fork(). We can do that using the 'perf probe' perf +``perf list``. Users can also add their own "dynamic" tracepoints anywhere +in the kernel. For example, suppose we want to define our own +tracepoint on ``do_fork()``. We can do that using the ``perf probe`` perf subcommand:: root@crownbay:~# perf probe do_fork @@ -1042,8 +1041,8 @@ subcommand:: perf record -e probe:do_fork -aR sleep 1 Adding a new tracepoint via -'perf probe' results in an event with all the expected files and format -in /sys/kernel/debug/tracing/events, just the same as for static +``perf probe`` results in an event with all the expected files and format +in ``/sys/kernel/debug/tracing/events``, just the same as for static tracepoints (as discussed in more detail in the trace events subsystem section:: @@ -1076,7 +1075,7 @@ existence:: probe:do_fork (on do_fork) probe:schedule (on schedule) -Let's record system-wide ('sleep 30' is a +Let's record system-wide (``sleep 30`` is a trick for recording system-wide but basically do nothing and then wake up after 30 seconds):: @@ -1084,7 +1083,7 @@ up after 30 seconds):: [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 0.087 MB perf.data (~3812 samples) ] -Using 'perf script' we can see each do_fork event that fired:: +Using ``perf script`` we can see each ``do_fork`` event that fired:: root@crownbay:~# perf script @@ -1125,8 +1124,8 @@ Using 'perf script' we can see each do_fork event that fired:: matchbox-deskto 1311 [001] 34237.114106: do_fork: (c1028460) gaku 1312 [000] 34237.202388: do_fork: (c1028460) -And using 'perf report' on the same file, we can see the -callgraphs from starting a few programs during those 30 seconds: +And using ``perf report`` on the same file, we can see the +call graphs from starting a few programs during those 30 seconds: .. image:: figures/perf-probe-do_fork-profile.png :align: center @@ -1141,57 +1140,57 @@ callgraphs from starting a few programs during those 30 seconds: .. admonition:: Tying it Together - Dynamic tracepoints are implemented under the covers by kprobes and - uprobes. kprobes and uprobes are also used by and in fact are the + Dynamic tracepoints are implemented under the covers by Kprobes and + Uprobes. Kprobes and Uprobes are also used by and in fact are the main focus of SystemTap. -Perf Documentation +perf Documentation ------------------ -Online versions of the man pages for the commands discussed in this +Online versions of the manual pages for the commands discussed in this section can be found here: -- The `'perf stat' manpage <https://linux.die.net/man/1/perf-stat>`__. +- The `'perf stat' manual page <https://linux.die.net/man/1/perf-stat>`__. - The `'perf record' - manpage <https://linux.die.net/man/1/perf-record>`__. + manual page <https://linux.die.net/man/1/perf-record>`__. - The `'perf report' - manpage <https://linux.die.net/man/1/perf-report>`__. + manual page <https://linux.die.net/man/1/perf-report>`__. -- The `'perf probe' manpage <https://linux.die.net/man/1/perf-probe>`__. +- The `'perf probe' manual page <https://linux.die.net/man/1/perf-probe>`__. - The `'perf script' - manpage <https://linux.die.net/man/1/perf-script>`__. + manual page <https://linux.die.net/man/1/perf-script>`__. - Documentation on using the `'perf script' Python binding <https://linux.die.net/man/1/perf-script-python>`__. -- The top-level `perf(1) manpage <https://linux.die.net/man/1/perf>`__. +- The top-level `perf(1) manual page <https://linux.die.net/man/1/perf>`__. -Normally, you should be able to invoke the man pages via perf itself -e.g. 'perf help' or 'perf help record'. +Normally, you should be able to open the manual pages via perf itself +e.g. ``perf help`` or ``perf help record``. -To have the perf manpages installed on your target, modify your +To have the perf manual pages installed on your target, modify your configuration as follows:: IMAGE_INSTALL:append = " perf perf-doc" DISTRO_FEATURES:append = " api-documentation" -The man pages in text form, along with some other files, such as a set -of examples, can also be found in the 'perf' directory of the kernel tree:: +The manual pages in text form, along with some other files, such as a set +of examples, can also be found in the ``perf`` directory of the kernel tree:: tools/perf/Documentation There's also a nice perf tutorial on the perf -wiki that goes into more detail than we do here in certain areas: `Perf +wiki that goes into more detail than we do here in certain areas: `perf Tutorial <https://perf.wiki.kernel.org/index.php/Tutorial>`__ ftrace ====== -'ftrace' literally refers to the 'ftrace function tracer' but in reality -this encompasses a number of related tracers along with the +"ftrace" literally refers to the "ftrace function tracer" but in reality +this encompasses several related tracers along with the infrastructure that they all make use of. ftrace Setup @@ -1200,20 +1199,20 @@ ftrace Setup For this section, we'll assume you've already performed the basic setup outlined in the ":ref:`profile-manual/intro:General Setup`" section. -ftrace, trace-cmd, and kernelshark run on the target system, and are +ftrace, trace-cmd, and KernelShark run on the target system, and are ready to go out-of-the-box --- no additional setup is necessary. For the -rest of this section we assume you've ssh'ed to the host and will be -running ftrace on the target. kernelshark is a GUI application and if -you use the '-X' option to ssh you can have the kernelshark GUI run on +rest of this section we assume you're connected to the host through SSH and +will be running ftrace on the target. KernelShark is a GUI application and if +you use the ``-X`` option to ``ssh`` you can have the KernelShark GUI run on the target but display remotely on the host if you want. Basic ftrace usage ------------------ -'ftrace' essentially refers to everything included in the /tracing +"ftrace" essentially refers to everything included in the ``/tracing`` directory of the mounted debugfs filesystem (Yocto follows the standard -convention and mounts it at /sys/kernel/debug). Here's a listing of all -the files found in /sys/kernel/debug/tracing on a Yocto system:: +convention and mounts it at ``/sys/kernel/debug``). All the files found in +``/sys/kernel/debug/tracing`` on a Yocto system are:: root@sugarbay:/sys/kernel/debug/tracing# ls README kprobe_events trace @@ -1229,7 +1228,7 @@ the files found in /sys/kernel/debug/tracing on a Yocto system:: free_buffer set_graph_function The files listed above are used for various purposes -- some relate directly to the tracers themselves, others are used to set +--- some relate directly to the tracers themselves, others are used to set tracing options, and yet others actually contain the tracing output when a tracer is in effect. Some of the functions can be guessed from their names, others need explanation; in any case, we'll cover some of the @@ -1238,30 +1237,30 @@ the ftrace documentation. We'll start by looking at some of the available built-in tracers. -cat'ing the 'available_tracers' file lists the set of available tracers:: +The ``available_tracers`` file lists the set of available tracers:: root@sugarbay:/sys/kernel/debug/tracing# cat available_tracers blk function_graph function nop -The 'current_tracer' file contains the tracer currently in effect:: +The ``current_tracer`` file contains the tracer currently in effect:: root@sugarbay:/sys/kernel/debug/tracing# cat current_tracer nop -The above listing of current_tracer shows that the -'nop' tracer is in effect, which is just another way of saying that +The above listing of ``current_tracer`` shows that the +``nop`` tracer is in effect, which is just another way of saying that there's actually no tracer currently in effect. -echo'ing one of the available_tracers into current_tracer makes the +Writing one of the available tracers into ``current_tracer`` makes the specified tracer the current tracer:: root@sugarbay:/sys/kernel/debug/tracing# echo function > current_tracer root@sugarbay:/sys/kernel/debug/tracing# cat current_tracer function -The above sets the current tracer to be the 'function tracer'. This tracer +The above sets the current tracer to be the ``function`` tracer. This tracer traces every function call in the kernel and makes it available as the -contents of the 'trace' file. Reading the 'trace' file lists the +contents of the ``trace`` file. Reading the ``trace`` file lists the currently buffered function calls that have been traced by the function tracer:: @@ -1308,7 +1307,7 @@ tracer:: . Each line in the trace above shows what was happening in the kernel on a given -cpu, to the level of detail of function calls. Each entry shows the function +CPU, to the level of detail of function calls. Each entry shows the function called, followed by its caller (after the arrow). The function tracer gives you an extremely detailed idea of what the @@ -1318,11 +1317,11 @@ great way to learn about how the kernel code works in a dynamic sense. .. admonition:: Tying it Together The ftrace function tracer is also available from within perf, as the - ftrace:function tracepoint. + ``ftrace:function`` tracepoint. It is a little more difficult to follow the call chains than it needs to be --- luckily there's a variant of the function tracer that displays the -callchains explicitly, called the 'function_graph' tracer:: +call chains explicitly, called the ``function_graph`` tracer:: root@sugarbay:/sys/kernel/debug/tracing# echo function_graph > current_tracer root@sugarbay:/sys/kernel/debug/tracing# cat trace | less @@ -1437,11 +1436,11 @@ callchains explicitly, called the 'function_graph' tracer:: 3) + 13.784 us | } 3) | sys_ioctl() { -As you can see, the function_graph display is much easier +As you can see, the ``function_graph`` display is much easier to follow. Also note that in addition to the function calls and associated braces, other events such as scheduler events are displayed in context. In fact, you can freely include any tracepoint available in -the trace events subsystem described in the next section by simply +the trace events subsystem described in the next section by just enabling those events, and they'll appear in context in the function graph display. Quite a powerful tool for understanding kernel dynamics. @@ -1455,9 +1454,9 @@ The 'trace events' Subsystem ---------------------------- One especially important directory contained within the -/sys/kernel/debug/tracing directory is the 'events' subdirectory, which +``/sys/kernel/debug/tracing`` directory is the ``events`` subdirectory, which contains representations of every tracepoint in the system. Listing out -the contents of the 'events' subdirectory, we see mainly another set of +the contents of the ``events`` subdirectory, we see mainly another set of subdirectories:: root@sugarbay:/sys/kernel/debug/tracing# cd events @@ -1505,9 +1504,9 @@ subdirectories:: drwxr-xr-x 26 root root 0 Nov 14 23:19 writeback Each one of these subdirectories -corresponds to a 'subsystem' and contains yet again more subdirectories, +corresponds to a "subsystem" and contains yet again more subdirectories, each one of those finally corresponding to a tracepoint. For example, -here are the contents of the 'kmem' subsystem:: +here are the contents of the ``kmem`` subsystem:: root@sugarbay:/sys/kernel/debug/tracing/events# cd kmem root@sugarbay:/sys/kernel/debug/tracing/events/kmem# ls -al @@ -1529,7 +1528,7 @@ here are the contents of the 'kmem' subsystem:: drwxr-xr-x 2 root root 0 Nov 14 23:19 mm_page_pcpu_drain Let's see what's inside the subdirectory for a -specific tracepoint, in this case the one for kmalloc:: +specific tracepoint, in this case the one for ``kmalloc``:: root@sugarbay:/sys/kernel/debug/tracing/events/kmem# cd kmalloc root@sugarbay:/sys/kernel/debug/tracing/events/kmem/kmalloc# ls -al @@ -1540,12 +1539,12 @@ specific tracepoint, in this case the one for kmalloc:: -r--r--r-- 1 root root 0 Nov 14 23:19 format -r--r--r-- 1 root root 0 Nov 14 23:19 id -The 'format' file for the +The ``format`` file for the tracepoint describes the event in memory, which is used by the various tracing tools that now make use of these tracepoint to parse the event -and make sense of it, along with a 'print fmt' field that allows tools -like ftrace to display the event as text. Here's what the format of the -kmalloc event looks like:: +and make sense of it, along with a ``print fmt`` field that allows tools +like ftrace to display the event as text. The format of the +``kmalloc`` event looks like:: root@sugarbay:/sys/kernel/debug/tracing/events/kmem/kmalloc# cat format name: kmalloc @@ -1580,11 +1579,11 @@ kmalloc event looks like:: long)(( gfp_t)0x08u), "GFP_MOVABLE"}, {(unsigned long)(( gfp_t)0), "GFP_NOTRACK"}, {(unsigned long)(( gfp_t)0x400000u), "GFP_NO_KSWAPD"}, {(unsigned long)(( gfp_t)0x800000u), "GFP_OTHER_NODE"} ) : "GFP_NOWAIT" -The 'enable' file +The ``enable`` file in the tracepoint directory is what allows the user (or tools such as -trace-cmd) to actually turn the tracepoint on and off. When enabled, the -corresponding tracepoint will start appearing in the ftrace 'trace' file -described previously. For example, this turns on the kmalloc tracepoint:: +``trace-cmd``) to actually turn the tracepoint on and off. When enabled, the +corresponding tracepoint will start appearing in the ftrace ``trace`` file +described previously. For example, this turns on the ``kmalloc`` tracepoint:: root@sugarbay:/sys/kernel/debug/tracing/events/kmem/kmalloc# echo 1 > enable @@ -1596,8 +1595,8 @@ events in the output buffer:: root@sugarbay:/sys/kernel/debug/tracing# echo nop > current_tracer root@sugarbay:/sys/kernel/debug/tracing# echo 1 > tracing_on -Now, if we look at the 'trace' file, we see nothing -but the kmalloc events we just turned on:: +Now, if we look at the ``trace`` file, we see nothing +but the ``kmalloc`` events we just turned on:: root@sugarbay:/sys/kernel/debug/tracing# cat trace | less # tracer: nop @@ -1643,17 +1642,17 @@ but the kmalloc events we just turned on:: <idle>-0 [000] ..s3 18156.400660: kmalloc: call_site=ffffffff81619b36 ptr=ffff88006d554800 bytes_req=512 bytes_alloc=512 gfp_flags=GFP_ATOMIC matchbox-termin-1361 [001] ...1 18156.552800: kmalloc: call_site=ffffffff81614050 ptr=ffff88006db34800 bytes_req=576 bytes_alloc=1024 gfp_flags=GFP_KERNEL|GFP_REPEAT -To again disable the kmalloc event, we need to send 0 to the enable file:: +To again disable the ``kmalloc`` event, we need to send ``0`` to the ``enable`` file:: root@sugarbay:/sys/kernel/debug/tracing/events/kmem/kmalloc# echo 0 > enable You can enable any number of events or complete subsystems (by -using the 'enable' file in the subsystem directory) and get an +using the ``enable`` file in the subsystem directory) and get an arbitrarily fine-grained idea of what's going on in the system by enabling as many of the appropriate tracepoints as applicable. -A number of the tools described in this HOWTO do just that, including -trace-cmd and kernelshark in the next section. +Several tools described in this How-to do just that, including +``trace-cmd`` and KernelShark in the next section. .. admonition:: Tying it Together @@ -1661,41 +1660,40 @@ trace-cmd and kernelshark in the next section. ftrace, but by many of the other tools covered in this document and they form a central point of integration for the various tracers available in Linux. They form a central part of the instrumentation - for the following tools: perf, lttng, ftrace, blktrace and SystemTap + for the following tools: perf, LTTng, ftrace, blktrace and SystemTap .. admonition:: Tying it Together Eventually all the special-purpose tracers currently available in - /sys/kernel/debug/tracing will be removed and replaced with - equivalent tracers based on the 'trace events' subsystem. + ``/sys/kernel/debug/tracing`` will be removed and replaced with + equivalent tracers based on the "trace events" subsystem. -trace-cmd/kernelshark ---------------------- +trace-cmd / KernelShark +----------------------- -trace-cmd is essentially an extensive command-line 'wrapper' interface +trace-cmd is essentially an extensive command-line "wrapper" interface that hides the details of all the individual files in -/sys/kernel/debug/tracing, allowing users to specify specific particular -events within the /sys/kernel/debug/tracing/events/ subdirectory and to +``/sys/kernel/debug/tracing``, allowing users to specify specific particular +events within the ``/sys/kernel/debug/tracing/events/`` subdirectory and to collect traces and avoid having to deal with those details directly. -As yet another layer on top of that, kernelshark provides a GUI that +As yet another layer on top of that, KernelShark provides a GUI that allows users to start and stop traces and specify sets of events using an intuitive interface, and view the output as both trace events and as -a per-CPU graphical display. It directly uses 'trace-cmd' as the +a per-CPU graphical display. It directly uses trace-cmd as the plumbing that accomplishes all that underneath the covers (and actually displays the trace-cmd command it uses, as we'll see). -To start a trace using kernelshark, first start kernelshark:: +To start a trace using KernelShark, first start this tool:: root@sugarbay:~# kernelshark -Then bring up the 'Capture' dialog by -choosing from the kernelshark menu:: +Then open up the ``Capture`` dialog by choosing from the KernelShark menu:: Capture | Record That will display the following dialog, which allows you to choose one or more -events (or even one or more complete subsystems) to trace: +events (or even entire subsystems) to trace: .. image:: figures/kernelshark-choose-events.png :align: center @@ -1703,41 +1701,41 @@ events (or even one or more complete subsystems) to trace: Note that these are exactly the same sets of events described in the previous trace events subsystem section, and in fact is where trace-cmd -gets them for kernelshark. +gets them for KernelShark. In the above screenshot, we've decided to explore the graphics subsystem a bit and so have chosen to trace all the tracepoints contained within -the 'i915' and 'drm' subsystems. +the ``i915`` and ``drm`` subsystems. -After doing that, we can start and stop the trace using the 'Run' and -'Stop' button on the lower right corner of the dialog (the same button +After doing that, we can start and stop the trace using the ``Run`` and +``Stop`` button on the lower right corner of the dialog (the same button will turn into the 'Stop' button after the trace has started): .. image:: figures/kernelshark-output-display.png :align: center :width: 70% -Notice that the right-hand pane shows the exact trace-cmd command-line +Notice that the right pane shows the exact trace-cmd command-line that's used to run the trace, along with the results of the trace-cmd run. -Once the 'Stop' button is pressed, the graphical view magically fills up -with a colorful per-cpu display of the trace data, along with the +Once the ``Stop`` button is pressed, the graphical view magically fills up +with a colorful per-CPU display of the trace data, along with the detailed event listing below that: .. image:: figures/kernelshark-i915-display.png :align: center :width: 70% -Here's another example, this time a display resulting from tracing 'all -events': +Here's another example, this time a display resulting from tracing ``all +events``: .. image:: figures/kernelshark-all.png :align: center :width: 70% The tool is pretty self-explanatory, but for more detailed information -on navigating through the data, see the `kernelshark +on navigating through the data, see the `KernelShark website <https://kernelshark.org/Documentation.html>`__. ftrace Documentation @@ -1753,41 +1751,41 @@ Documentation directory:: Documentation/trace/events.txt -There is a nice series of articles on using ftrace and trace-cmd at LWN: +A nice series of articles on using ftrace and trace-cmd are available at LWN: -- `Debugging the kernel using Ftrace - part +- `Debugging the kernel using ftrace - part 1 <https://lwn.net/Articles/365835/>`__ -- `Debugging the kernel using Ftrace - part +- `Debugging the kernel using ftrace - part 2 <https://lwn.net/Articles/366796/>`__ -- `Secrets of the Ftrace function +- `Secrets of the ftrace function tracer <https://lwn.net/Articles/370423/>`__ - `trace-cmd: A front-end for - Ftrace <https://lwn.net/Articles/410200/>`__ + ftrace <https://lwn.net/Articles/410200/>`__ See also `KernelShark's documentation <https://kernelshark.org/Documentation.html>`__ for further usage details. -An amusing yet useful README (a tracing mini-HOWTO) can be found in +An amusing yet useful README (a tracing mini-How-to) can be found in ``/sys/kernel/debug/tracing/README``. -systemtap +SystemTap ========= SystemTap is a system-wide script-based tracing and profiling tool. SystemTap scripts are C-like programs that are executed in the kernel to -gather/print/aggregate data extracted from the context they end up being -invoked under. +gather / print / aggregate data extracted from the context they end up being +called under. For example, this probe from the `SystemTap -tutorial <https://sourceware.org/systemtap/tutorial/>`__ simply prints a -line every time any process on the system open()s a file. For each line, +tutorial <https://sourceware.org/systemtap/tutorial/>`__ just prints a +line every time any process on the system runs ``open()`` on a file. For each line, it prints the executable name of the program that opened the file, along -with its PID, and the name of the file it opened (or tried to open), -which it extracts from the open syscall's argstr. +with its PID, and the name of the file it opened (or tried to open), which it +extracts from the argument string (``argstr``) of the ``open`` system call. .. code-block:: none @@ -1802,48 +1800,48 @@ which it extracts from the open syscall's argstr. } Normally, to execute this -probe, you'd simply install systemtap on the system you want to probe, +probe, you'd just install SystemTap on the system you want to probe, and directly run the probe on that system e.g. assuming the name of the -file containing the above text is trace_open.stp:: +file containing the above text is ``trace_open.stp``:: # stap trace_open.stp -What systemtap does under the covers to run this probe is 1) parse and -convert the probe to an equivalent 'C' form, 2) compile the 'C' form +What SystemTap does under the covers to run this probe is 1) parse and +convert the probe to an equivalent "C" form, 2) compile the "C" form into a kernel module, 3) insert the module into the kernel, which arms it, and 4) collect the data generated by the probe and display it to the user. -In order to accomplish steps 1 and 2, the 'stap' program needs access to +In order to accomplish steps 1 and 2, the ``stap`` program needs access to the kernel build system that produced the kernel that the probed system -is running. In the case of a typical embedded system (the 'target'), the +is running. In the case of a typical embedded system (the "target"), the kernel build system unfortunately isn't typically part of the image -running on the target. It is normally available on the 'host' system +running on the target. It is normally available on the "host" system that produced the target image however; in such cases, steps 1 and 2 are executed on the host system, and steps 3 and 4 are executed on the -target system, using only the systemtap 'runtime'. +target system, using only the SystemTap "runtime". -The systemtap support in Yocto assumes that only steps 3 and 4 are run +The SystemTap support in Yocto assumes that only steps 3 and 4 are run on the target; it is possible to do everything on the target, but this section assumes only the typical embedded use-case. -So basically what you need to do in order to run a systemtap script on +Therefore, what you need to do in order to run a SystemTap script on the target is to 1) on the host system, compile the probe into a kernel module that makes sense to the target, 2) copy the module onto the target system and 3) insert the module into the target kernel, which arms it, and 4) collect the data generated by the probe and display it to the user. -systemtap Setup +SystemTap Setup --------------- -Those are a lot of steps and a lot of details, but fortunately Yocto -includes a script called 'crosstap' that will take care of those -details, allowing you to simply execute a systemtap script on the remote +Those are many steps and details, but fortunately Yocto +includes a script called ``crosstap`` that will take care of those +details, allowing you to just execute a SystemTap script on the remote target, with arguments if necessary. In order to do this from a remote host, however, you need to have access -to the build for the image you booted. The 'crosstap' script provides +to the build for the image you booted. The ``crosstap`` script provides details on how to do this if you run the script on the host without having done a build:: @@ -1852,29 +1850,35 @@ having done a build:: Error: No target kernel build found. Did you forget to create a local build of your image? - 'crosstap' requires a local sdk build of the target system - (or a build that includes 'tools-profile') in order to build - kernel modules that can probe the target system. - - Practically speaking, that means you need to do the following: - - If you're running a pre-built image, download the release - and/or BSP tarballs used to build the image. - - If you're working from git sources, just clone the metadata - and BSP layers needed to build the image you'll be booting. - - Make sure you're properly set up to build a new image (see - the BSP README and/or the widely available basic documentation - that discusses how to build images). - - Build an -sdk version of the image e.g.: - $ bitbake core-image-sato-sdk - OR - - Build a non-sdk image but include the profiling tools: - [ edit local.conf and add 'tools-profile' to the end of - the EXTRA_IMAGE_FEATURES variable ] - $ bitbake core-image-sato +'crosstap' requires a local SDK build of the target system +(or a build that includes 'tools-profile') in order to build +kernel modules that can probe the target system. + +Practically speaking, that means you need to do the following: + +- If you're running a pre-built image, download the release + and/or BSP tarballs used to build the image. + +- If you're working from git sources, just clone the metadata + and BSP layers needed to build the image you'll be booting. + +- Make sure you're properly set up to build a new image (see + the BSP README and/or the widely available basic documentation + that discusses how to build images). + +- Build an ``-sdk`` version of the image e.g.:: + + $ bitbake core-image-sato-sdk + +- Or build a non-SDK image but include the profiling tools + (edit ``local.conf`` and add ``tools-profile`` to the end of + :term:``EXTRA_IMAGE_FEATURES`` variable):: + + $ bitbake core-image-sato Once you've build the image on the host system, you're ready to - boot it (or the equivalent pre-built image) and use 'crosstap' - to probe it (you need to source the environment as usual first): + boot it (or the equivalent pre-built image) and use ``crosstap`` + to probe it (you need to source the environment as usual first):: $ source oe-init-build-env $ cd ~/my/systemtap/scripts @@ -1882,29 +1886,27 @@ having done a build:: .. note:: - SystemTap, which uses 'crosstap', assumes you can establish an ssh + SystemTap, which uses ``crosstap``, assumes you can establish an SSH connection to the remote target. Please refer to the crosstap wiki - page for details on verifying ssh connections at - . Also, the ability to ssh into the target system is not enabled by - default in \*-minimal images. + page for details on verifying SSH connections. Also, the ability to SSH + into the target system is not enabled by default in ``*-minimal`` images. -So essentially what you need to -do is build an SDK image or image with 'tools-profile' as detailed in -the ":ref:`profile-manual/intro:General Setup`" section of this -manual, and boot the resulting target image. +Therefore, what you need to do is build an SDK image or image with +``tools-profile`` as detailed in the ":ref:`profile-manual/intro:General Setup`" +section of this manual, and boot the resulting target image. .. note:: If you have a :term:`Build Directory` containing multiple machines, you need - to have the :term:`MACHINE` you're connecting to selected in local.conf, and + to have the :term:`MACHINE` you're connecting to selected in ``local.conf``, and the kernel in that machine's :term:`Build Directory` must match the kernel on - the booted system exactly, or you'll get the above 'crosstap' message - when you try to invoke a script. + the booted system exactly, or you'll get the above ``crosstap`` message + when you try to call a script. Running a Script on a Target ---------------------------- -Once you've done that, you should be able to run a systemtap script on +Once you've done that, you should be able to run a SystemTap script on the target:: $ cd /path/to/yocto @@ -1922,8 +1924,8 @@ the target:: You can also run generated QEMU images with a command like 'runqemu qemux86-64' -Once you've done that, you can cd to whatever -directory contains your scripts and use 'crosstap' to run the script:: +Once you've done that, you can ``cd`` to whatever +directory contains your scripts and use ``crosstap`` to run the script:: $ cd /path/to/my/systemap/script $ crosstap root@192.168.7.2 trace_open.stp @@ -1933,13 +1935,12 @@ If you get an error connecting to the target e.g.:: $ crosstap root@192.168.7.2 trace_open.stp error establishing ssh connection on remote 'root@192.168.7.2' -Try ssh'ing to the target and see what happens:: +Try connecting to the target through SSH and see what happens:: $ ssh root@192.168.7.2 -A lot of the time, connection -problems are due specifying a wrong IP address or having a 'host key -verification error'. +Connection problems are often due specifying a wrong IP address or having a ``host key +verification error``. If everything worked as planned, you should see something like this (enter the password when prompted, or press enter if it's set up to use @@ -1952,7 +1953,7 @@ no password): matchbox-termin(1036) open ("/tmp/vte3FS2LW", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) matchbox-termin(1036) open ("/tmp/vteJMC7LW", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) -systemtap Documentation +SystemTap Documentation ----------------------- The SystemTap language reference can be found here: `SystemTap Language @@ -1965,7 +1966,7 @@ page <https://sourceware.org/systemtap/documentation.html>`__ Sysprof ======= -Sysprof is a very easy to use system-wide profiler that consists of a +Sysprof is an easy to use system-wide profiler that consists of a single window with three panes and a few buttons which allow you to start, stop, and view the profile from one place. @@ -1975,18 +1976,18 @@ Sysprof Setup For this section, we'll assume you've already performed the basic setup outlined in the ":ref:`profile-manual/intro:General Setup`" section. -Sysprof is a GUI-based application that runs on the target system. For -the rest of this document we assume you've ssh'ed to the host and will -be running Sysprof on the target (you can use the '-X' option to ssh and +Sysprof is a GUI-based application that runs on the target system. For the rest +of this document we assume you're connected to the host through SSH and will be +running Sysprof on the target (you can use the ``-X`` option to ``ssh`` and have the Sysprof GUI run on the target but display remotely on the host if you want). Basic Sysprof Usage ------------------- -To start profiling the system, you simply press the 'Start' button. To +To start profiling the system, you just press the ``Start`` button. To stop profiling and to start viewing the profile data in one easy step, -press the 'Profile' button. +press the ``Profile`` button. Once you've pressed the profile button, the three panes will fill up with profiling data: @@ -1998,11 +1999,11 @@ with profiling data: The left pane shows a list of functions and processes. Selecting one of those expands that function in the right pane, showing all its callees. Note that this caller-oriented display is essentially the inverse of -perf's default callee-oriented callchain display. +perf's default callee-oriented call chain display. In the screenshot above, we're focusing on ``__copy_to_user_ll()`` and -looking up the callchain we can see that one of the callers of -``__copy_to_user_ll`` is sys_read() and the complete callpath between them. +looking up the call chain we can see that one of the callers of +``__copy_to_user_ll`` is ``sys_read()`` and the complete call path between them. Notice that this is essentially a portion of the same information we saw in the perf display shown in the perf section of this page. @@ -2011,7 +2012,7 @@ in the perf display shown in the perf section of this page. :width: 70% Similarly, the above is a snapshot of the Sysprof display of a -copy-from-user callchain. +``copy-from-user`` call chain. Finally, looking at the third Sysprof pane in the lower left, we can see a list of all the callers of a particular function selected in the top @@ -2027,18 +2028,17 @@ to the selected function, and so on. .. admonition:: Tying it Together - If you like sysprof's 'caller-oriented' display, you may be able to - approximate it in other tools as well. For example, 'perf report' has - the -g (--call-graph) option that you can experiment with; one of the - options is 'caller' for an inverted caller-based callgraph display. + If you like Sysprof's ``caller-oriented`` display, you may be able to + approximate it in other tools as well. For example, ``perf report`` has + the ``-g`` (``--call-graph``) option that you can experiment with; one of the + options is ``caller`` for an inverted caller-based call graph display. Sysprof Documentation --------------------- There doesn't seem to be any documentation for Sysprof, but maybe that's -because it's pretty self-explanatory. The Sysprof website, however, is -here: `Sysprof, System-wide Performance Profiler for -Linux <http://sysprof.com/>`__ +because it's pretty self-explanatory. The Sysprof website, however, is here: +`Sysprof, System-wide Performance Profiler for Linux <http://sysprof.com/>`__ LTTng (Linux Trace Toolkit, next generation) ============================================ @@ -2048,20 +2048,20 @@ LTTng Setup For this section, we'll assume you've already performed the basic setup outlined in the ":ref:`profile-manual/intro:General Setup`" section. -LTTng is run on the target system by ssh'ing to it. +LTTng is run on the target system by connecting to it through SSH. Collecting and Viewing Traces ----------------------------- Once you've applied the above commits and built and booted your image -(you need to build the core-image-sato-sdk image or use one of the other +(you need to build the ``core-image-sato-sdk`` image or use one of the other methods described in the ":ref:`profile-manual/intro:General Setup`" section), you're ready to start tracing. Collecting and viewing a trace on the target (inside a shell) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -First, from the host, ssh to the target:: +First, from the host, connect to the target through SSH:: $ ssh -l root 192.168.1.47 The authenticity of host '192.168.1.47 (192.168.1.47)' can't be established. @@ -2139,30 +2139,30 @@ You can now view the trace in text form on the target:: You can now safely destroy the trace session (note that this doesn't delete the trace --- it's still there in -~/lttng-traces):: +``~/lttng-traces``):: root@crownbay:~# lttng destroy Session auto-20121015-232120 destroyed at /home/root Note that the trace is saved in a directory of the same name as returned by -'lttng create', under the ~/lttng-traces directory (note that you can change this by -supplying your own name to 'lttng create'):: +``lttng create``, under the ``~/lttng-traces`` directory (note that you can change this by +supplying your own name to ``lttng create``):: root@crownbay:~# ls -al ~/lttng-traces drwxrwx--- 3 root root 1024 Oct 15 23:21 . drwxr-xr-x 5 root root 1024 Oct 15 23:57 .. drwxrwx--- 3 root root 1024 Oct 15 23:21 auto-20121015-232120 -Collecting and viewing a userspace trace on the target (inside a shell) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Collecting and viewing a user space trace on the target (inside a shell) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -For LTTng userspace tracing, you need to have a properly instrumented -userspace program. For this example, we'll use the 'hello' test program -generated by the lttng-ust build. +For LTTng user space tracing, you need to have a properly instrumented +user space program. For this example, we'll use the ``hello`` test program +generated by the ``lttng-ust`` build. -The 'hello' test program isn't installed on the root filesystem by the lttng-ust -build, so we need to copy it over manually. First cd into the build -directory that contains the hello executable:: +The ``hello`` test program isn't installed on the root filesystem by the ``lttng-ust`` +build, so we need to copy it over manually. First ``cd`` into the build +directory that contains the ``hello`` executable:: $ cd build/tmp/work/core2_32-poky-linux/lttng-ust/2.0.5-r0/git/tests/hello/.libs @@ -2170,10 +2170,10 @@ Copy that over to the target machine:: $ scp hello root@192.168.1.20: -You now have the instrumented lttng 'hello world' test program on the +You now have the instrumented LTTng "hello world" test program on the target, ready to test. -First, from the host, ssh to the target:: +First, from the host, connect to the target through SSH:: $ ssh -l root 192.168.1.47 The authenticity of host '192.168.1.47 (192.168.1.47)' can't be established. @@ -2188,7 +2188,7 @@ Once on the target, use these steps to create a trace:: Session auto-20190303-021943 created. Traces will be written in /home/root/lttng-traces/auto-20190303-021943 -Enable the events you want to trace (in this case all userspace events):: +Enable the events you want to trace (in this case all user space events):: root@crownbay:~# lttng enable-event --userspace --all All UST events are enabled in channel channel0 @@ -2198,7 +2198,7 @@ Start the trace:: root@crownbay:~# lttng start Tracing started for session auto-20190303-021943 -Run the instrumented hello world program:: +Run the instrumented "hello world" program:: root@crownbay:~# ./hello Hello, World! @@ -2222,7 +2222,7 @@ You can now view the trace in text form on the target:: . You can now safely destroy the trace session (note that this doesn't delete the -trace --- it's still there in ~/lttng-traces):: +trace --- it's still there in ``~/lttng-traces``):: root@crownbay:~# lttng destroy Session auto-20190303-021943 destroyed at /home/root @@ -2260,27 +2260,27 @@ the entire blktrace and blkparse pipeline on the target, or you can run blktrace in 'listen' mode on the target and have blktrace and blkparse collect and analyze the data on the host (see the ":ref:`profile-manual/usage:Using blktrace Remotely`" section -below). For the rest of this section we assume you've ssh'ed to the host and -will be running blkrace on the target. +below). For the rest of this section we assume you've to the host through SSH +and will be running blktrace on the target. Basic blktrace Usage -------------------- -To record a trace, simply run the 'blktrace' command, giving it the name +To record a trace, just run the ``blktrace`` command, giving it the name of the block device you want to trace activity on:: root@crownbay:~# blktrace /dev/sdc -In another shell, execute a workload you want to trace. :: +In another shell, execute a workload you want to trace:: root@crownbay:/media/sdc# rm linux-2.6.19.2.tar.bz2; wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2; sync Connecting to downloads.yoctoproject.org (140.211.169.59:80) linux-2.6.19.2.tar.b 100% \|*******************************\| 41727k 0:00:00 ETA -Press Ctrl-C in the blktrace shell to stop the trace. It +Press ``Ctrl-C`` in the blktrace shell to stop the trace. It will display how many events were logged, along with the per-cpu file -sizes (blktrace records traces in per-cpu kernel buffers and simply -dumps them to userspace for blkparse to merge and sort later). :: +sizes (blktrace records traces in per-cpu kernel buffers and just +dumps them to user space for blkparse to merge and sort later):: ^C=== sdc === CPU 0: 7082 events, 332 KiB data @@ -2296,7 +2296,7 @@ with the device name as the first part of the filename:: -rw-r--r-- 1 root root 339938 Oct 27 22:40 sdc.blktrace.0 -rw-r--r-- 1 root root 75753 Oct 27 22:40 sdc.blktrace.1 -To view the trace events, simply invoke 'blkparse' in the directory +To view the trace events, just call ``blkparse`` in the directory containing the trace files, giving it the device name that forms the first part of the filenames:: @@ -2388,15 +2388,15 @@ first part of the filenames:: The report shows each event that was found in the blktrace data, along with a summary of the overall block I/O traffic during the run. You can look at the -`blkparse <https://linux.die.net/man/1/blkparse>`__ manpage to learn the +`blkparse <https://linux.die.net/man/1/blkparse>`__ manual page to learn the meaning of each field displayed in the trace listing. Live Mode ~~~~~~~~~ blktrace and blkparse are designed from the ground up to be able to -operate together in a 'pipe mode' where the stdout of blktrace can be -fed directly into the stdin of blkparse:: +operate together in a "pipe mode" where the standard output of blktrace can be +fed directly into the standard input of blkparse:: root@crownbay:~# blktrace /dev/sdc -o - | blkparse -i - @@ -2441,13 +2441,13 @@ On the host system, you should see this:: server: connection from 192.168.1.43 -In another shell, execute a workload you want to trace. :: +In another shell, execute a workload you want to trace:: root@crownbay:/media/sdc# rm linux-2.6.19.2.tar.bz2; wget &YOCTO_DL_URL;/mirror/sources/linux-2.6.19.2.tar.bz2; sync Connecting to downloads.yoctoproject.org (140.211.169.59:80) linux-2.6.19.2.tar.b 100% \|*******************************\| 41727k 0:00:00 ETA -When it's done, do a Ctrl-C on the target system to stop the +When it's done, do a ``Ctrl-C`` on the target system to stop the trace:: ^C=== sdc === @@ -2465,14 +2465,14 @@ just ended:: Total: 11800 events (dropped 0), 554 KiB data The blktrace instance on the host will -save the target output inside a hostname-timestamp directory:: +save the target output inside a ``<hostname>-<timestamp>`` directory:: $ ls -al drwxr-xr-x 10 root root 1024 Oct 28 02:40 . drwxr-sr-x 4 root root 1024 Oct 26 18:24 .. drwxr-xr-x 2 root root 1024 Oct 28 02:40 192.168.1.43-2012-10-28-02:40:56 -cd into that directory to see the output files:: +``cd`` into that directory to see the output files:: $ ls -l -rw-r--r-- 1 root root 369193 Oct 28 02:44 sdc.blktrace.0 @@ -2537,16 +2537,16 @@ Tracing Block I/O via 'ftrace' It's also possible to trace block I/O using only :ref:`profile-manual/usage:The 'trace events' Subsystem`, which can be useful for casual tracing if you don't want to bother dealing with the -userspace tools. +user space tools. -To enable tracing for a given device, use /sys/block/xxx/trace/enable, -where xxx is the device name. This for example enables tracing for -/dev/sdc:: +To enable tracing for a given device, use ``/sys/block/xxx/trace/enable``, +where ``xxx`` is the device name. This for example enables tracing for +``/dev/sdc``:: root@crownbay:/sys/kernel/debug/tracing# echo 1 > /sys/block/sdc/trace/enable Once you've selected the device(s) you want -to trace, selecting the 'blk' tracer will turn the blk tracer on:: +to trace, selecting the ``blk`` tracer will turn the blk tracer on:: root@crownbay:/sys/kernel/debug/tracing# cat available_tracers blk function_graph function nop @@ -2557,7 +2557,7 @@ Execute the workload you're interested in:: root@crownbay:/sys/kernel/debug/tracing# cat /media/sdc/testfile.txt -And look at the output (note here that we're using 'trace_pipe' instead of +And look at the output (note here that we're using ``trace_pipe`` instead of trace to capture this trace --- this allows us to wait around on the pipe for data to appear):: @@ -2585,7 +2585,7 @@ And this turns off tracing for the specified device:: blktrace Documentation ---------------------- -Online versions of the man pages for the commands discussed in this +Online versions of the manual pages for the commands discussed in this section can be found here: - https://linux.die.net/man/8/blktrace @@ -2594,8 +2594,8 @@ section can be found here: - https://linux.die.net/man/8/btrace -The above manpages, along with manpages for the other blktrace utilities -(btt, blkiomon, etc) can be found in the /doc directory of the blktrace -tools git repo:: +The above manual pages, along with manuals for the other blktrace utilities +(``btt``, ``blkiomon``, etc) can be found in the ``/doc`` directory of the blktrace +tools git repository:: $ git clone git://git.kernel.dk/blktrace.git diff --git a/poky/documentation/ref-manual/classes.rst b/poky/documentation/ref-manual/classes.rst index 81dab1f4b3..7b4ce2c67d 100644 --- a/poky/documentation/ref-manual/classes.rst +++ b/poky/documentation/ref-manual/classes.rst @@ -392,7 +392,7 @@ and BusyBox. It could have been called "kconfig" too. ``compress_doc`` ================ -Enables compression for man pages and info pages. This class is intended +Enables compression for manual and info pages. This class is intended to be inherited globally. The default compression mechanism is gz (gzip) but you can select an alternative mechanism by setting the :term:`DOC_COMPRESS` variable. @@ -664,7 +664,7 @@ information about using :ref:`ref-classes-devshell`. The :ref:`ref-classes-devupstream` class uses :term:`BBCLASSEXTEND` to add a variant of the recipe that fetches from an alternative URI (e.g. Git) instead of a -tarball. Following is an example:: +tarball. Here is an example:: BBCLASSEXTEND = "devupstream:target" SRC_URI:class-devupstream = "git://git.example.com/example;branch=main" @@ -1217,8 +1217,8 @@ Please keep in mind that the QA checks are meant to detect real or potential problems in the packaged output. So exercise caution when disabling these checks. -Here are the tests you can list with the :term:`WARN_QA` and -:term:`ERROR_QA` variables: +The tests you can list with the :term:`WARN_QA` and +:term:`ERROR_QA` variables are: - ``already-stripped:`` Checks that produced binaries have not already been stripped prior to the build system extracting debug @@ -3217,7 +3217,7 @@ information. The :ref:`ref-classes-uboot-sign` class provides support for U-Boot verified boot. It is intended to be inherited from U-Boot recipes. -Here are variables used by this class: +The variables used by this class are: - :term:`SPL_MKIMAGE_DTCOPTS`: DTC options for U-Boot ``mkimage`` when building the FIT image. diff --git a/poky/documentation/ref-manual/devtool-reference.rst b/poky/documentation/ref-manual/devtool-reference.rst index e167f58092..9319addc3c 100644 --- a/poky/documentation/ref-manual/devtool-reference.rst +++ b/poky/documentation/ref-manual/devtool-reference.rst @@ -378,7 +378,7 @@ command:: Unless you provide a specific recipe name on the command line, the command checks all recipes in all configured layers. -Following is a partial example table that reports on all the recipes:: +Here is a partial example table that reports on all the recipes:: $ devtool check-upgrade-status ... @@ -598,7 +598,7 @@ The ``devtool status`` command has no command-line options:: $ devtool status -Following is sample output after using +Here is sample output after using :ref:`devtool add <ref-manual/devtool-reference:adding a new recipe to the workspace layer>` to create and add the ``mtr_0.86.bb`` recipe to the ``workspace`` directory:: diff --git a/poky/documentation/ref-manual/faq.rst b/poky/documentation/ref-manual/faq.rst index a3a15506c3..bab284bbfd 100644 --- a/poky/documentation/ref-manual/faq.rst +++ b/poky/documentation/ref-manual/faq.rst @@ -90,7 +90,7 @@ HTTPS requests and direct them to the ``http://`` sources mirror. You can use ``file://`` URLs to point to local directories or network shares as well. -Here are other options:: +Another option is to set:: BB_NO_NETWORK = "1" @@ -106,7 +106,7 @@ This statement limits the build system to pulling source from the :term:`PREMIRRORS` only. Again, this technique is useful for reproducing builds. -Here is another technique:: +Here is yet another technique:: BB_GENERATE_MIRROR_TARBALLS = "1" @@ -135,7 +135,7 @@ Most source fetching by the OpenEmbedded build system is done by single user or can be in ``/usr/local/etc/wgetrc`` as a global user file. -Following is the applicable code for setting various proxy types in the +Here is the applicable code for setting various proxy types in the ``.wgetrc`` file. By default, these settings are disabled with comments. To use them, remove the comments:: diff --git a/poky/documentation/ref-manual/features.rst b/poky/documentation/ref-manual/features.rst index dd14339bc2..96e79d608a 100644 --- a/poky/documentation/ref-manual/features.rst +++ b/poky/documentation/ref-manual/features.rst @@ -268,7 +268,7 @@ you can add several different predefined packages such as development utilities or packages with debug information needed to investigate application problems or profile applications. -Here are the image features available for all images: +The image features available for all images are: - *allow-empty-password:* Allows Dropbear and OpenSSH to accept logins from accounts having an empty password string. diff --git a/poky/documentation/ref-manual/images.rst b/poky/documentation/ref-manual/images.rst index 0f6d6bdb3f..c45f9104a9 100644 --- a/poky/documentation/ref-manual/images.rst +++ b/poky/documentation/ref-manual/images.rst @@ -32,7 +32,7 @@ that contain image recipe files:: $ ls meta*/recipes*/images/*.bb -Following is a list of supported recipes: +Here is a list of supported recipes: - ``build-appliance-image``: An example virtual machine that contains all the pieces required to run builds using the build system as well diff --git a/poky/documentation/ref-manual/release-process.rst b/poky/documentation/ref-manual/release-process.rst index c861feaa9d..920794679d 100644 --- a/poky/documentation/ref-manual/release-process.rst +++ b/poky/documentation/ref-manual/release-process.rst @@ -14,7 +14,7 @@ Major and Minor Release Cadence The Yocto Project delivers major releases (e.g. &DISTRO;) using a six month cadence roughly timed each April and October of the year. -Following are examples of some major YP releases with their codenames +Here are examples of some major YP releases with their codenames also shown. See the ":ref:`ref-manual/release-process:major release codenames`" section for information on codenames used with major releases. @@ -29,8 +29,8 @@ major holidays in various geographies. The Yocto project delivers minor (point) releases on an unscheduled basis and are usually driven by the accumulation of enough significant -fixes or enhancements to the associated major release. Following are -some example past point releases: +fixes or enhancements to the associated major release. +Some example past point releases are: - 4.1.3 - 4.0.8 @@ -175,7 +175,7 @@ consists of the following pieces: piece of software. The test allows the packages to be run within a target image. -- ``oe-selftest``: Tests combination BitBake invocations. These tests +- ``oe-selftest``: Tests combinations of BitBake invocations. These tests operate outside the OpenEmbedded build system itself. The ``oe-selftest`` can run all tests by default or can run selected tests or test suites. diff --git a/poky/documentation/ref-manual/structure.rst b/poky/documentation/ref-manual/structure.rst index f1b11ad69b..acadd5efa3 100644 --- a/poky/documentation/ref-manual/structure.rst +++ b/poky/documentation/ref-manual/structure.rst @@ -537,7 +537,7 @@ recipe-specific :term:`WORKDIR` directories. Thus, the This directory holds information that BitBake uses for accounting purposes to track what tasks have run and when they have run. The directory is sub-divided by architecture, package name, and version. -Following is an example:: +Here is an example:: stamps/all-poky-linux/distcc-config/1.0-r0.do_build-2fdd....2do diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst index 9dee24a1fa..bcca42e36e 100644 --- a/poky/documentation/ref-manual/system-requirements.rst +++ b/poky/documentation/ref-manual/system-requirements.rst @@ -168,8 +168,8 @@ with a supported Ubuntu or Debian Linux distribution:: Here are the packages needed to build Project documentation manuals:: - $ sudo apt install make python3-pip inkscape texlive-latex-extra - &PIP3_HOST_PACKAGES_DOC; + $ sudo apt install git make inkscape texlive-latex-extra + $ sudo apt install sphinx python3-saneyaml python3-sphinx-rtd-theme Fedora Packages --------------- @@ -181,7 +181,7 @@ with a supported Fedora Linux distribution:: Here are the packages needed to build Project documentation manuals:: - $ sudo dnf install make python3-pip which inkscape texlive-fncychap + $ sudo dnf install git make python3-pip which inkscape texlive-fncychap &PIP3_HOST_PACKAGES_DOC; openSUSE Packages @@ -194,7 +194,7 @@ with a supported openSUSE distribution:: Here are the packages needed to build Project documentation manuals:: - $ sudo zypper install make python3-pip which inkscape texlive-fncychap + $ sudo zypper install git make python3-pip which inkscape texlive-fncychap &PIP3_HOST_PACKAGES_DOC; @@ -221,7 +221,7 @@ with a supported AlmaLinux distribution:: Here are the packages needed to build Project documentation manuals:: - $ sudo dnf install make python3-pip which inkscape texlive-fncychap + $ sudo dnf install git make python3-pip which inkscape texlive-fncychap &PIP3_HOST_PACKAGES_DOC; .. _system-requirements-buildtools: diff --git a/poky/documentation/ref-manual/tasks.rst b/poky/documentation/ref-manual/tasks.rst index 0db960b22f..c28cd7a94a 100644 --- a/poky/documentation/ref-manual/tasks.rst +++ b/poky/documentation/ref-manual/tasks.rst @@ -470,9 +470,29 @@ You can run this task using BitBake as follows:: $ bitbake -c cleanall recipe -Typically, you would not normally use the :ref:`ref-tasks-cleanall` task. Do so only -if you want to start fresh with the :ref:`ref-tasks-fetch` -task. +You should never use the :ref:`ref-tasks-cleanall` task in a normal +scenario. If you want to start fresh with the :ref:`ref-tasks-fetch` task, +use instead:: + + $ bitbake -f -c fetch recipe + +.. note:: + + The reason to prefer ``bitbake -f -c fetch`` is that the + :ref:`ref-tasks-cleanall` task would break in some cases, such as:: + + $ bitbake -c fetch recipe + $ bitbake -c cleanall recipe-native + $ bitbake -c unpack recipe + + because after step 1 there is a stamp file for the + :ref:`ref-tasks-fetch` task of ``recipe``, and it won't be removed at + step 2 because step 2 uses a different work directory. So the unpack task + at step 3 will try to extract the downloaded archive and fail as it has + been deleted in step 2. + + Note that this also applies to BitBake from concurrent processes when a + shared download directory (:term:`DL_DIR`) is setup. .. _ref-tasks-cleansstate: @@ -496,6 +516,18 @@ scratch is guaranteed. .. note:: + Using :ref:`ref-tasks-cleansstate` with a shared :term:`SSTATE_DIR` is + not recommended because it could trigger an error during the build of a + separate BitBake instance. This is because the builds check sstate "up + front" but download the files later, so it if is deleted in the + meantime, it will cause an error but not a total failure as it will + rebuild it. + + The reliable and preferred way to force a new build is to use ``bitbake + -f`` instead. + +.. note:: + The :ref:`ref-tasks-cleansstate` task cannot remove sstate from a remote sstate mirror. If you need to build a target from scratch using remote mirrors, use the "-f" option as follows:: diff --git a/poky/documentation/ref-manual/terms.rst b/poky/documentation/ref-manual/terms.rst index 31ddeae009..ad9c46c339 100644 --- a/poky/documentation/ref-manual/terms.rst +++ b/poky/documentation/ref-manual/terms.rst @@ -4,7 +4,7 @@ Yocto Project Terms ******************* -Following is a list of terms and definitions users new to the Yocto Project +Here is a list of terms and definitions users new to the Yocto Project development environment might find helpful. While some of these terms are universal, the list includes them just in case: @@ -67,7 +67,7 @@ universal, the list includes them just in case: :term:`TOPDIR` variable points to the :term:`Build Directory`. You have a lot of flexibility when creating the :term:`Build Directory`. - Following are some examples that show how to create the directory. The + Here are some examples that show how to create the directory. The examples assume your :term:`Source Directory` is named ``poky``: - Create the :term:`Build Directory` inside your Source Directory and let diff --git a/poky/documentation/ref-manual/variables.rst b/poky/documentation/ref-manual/variables.rst index 6f7d6ff01e..7ae61ad0ff 100644 --- a/poky/documentation/ref-manual/variables.rst +++ b/poky/documentation/ref-manual/variables.rst @@ -311,7 +311,7 @@ system and gives an overview of their function and contents. :term:`BB_ALLOWED_NETWORKS` Specifies a space-delimited list of hosts that the fetcher is allowed - to use to obtain the required source code. Following are + to use to obtain the required source code. Here are considerations surrounding this variable: - This host list is only used if :term:`BB_NO_NETWORK` is either not set @@ -2292,7 +2292,7 @@ system and gives an overview of their function and contents. :term:`DOC_COMPRESS` When inheriting the :ref:`ref-classes-compress_doc` class, this variable sets the compression policy used when the - OpenEmbedded build system compresses man pages and info pages. By + OpenEmbedded build system compresses manual and info pages. By default, the compression method used is gz (gzip). Other policies available are xz and bz2. @@ -3234,6 +3234,14 @@ system and gives an overview of their function and contents. GROUPADD_PARAM:${PN} = "-r netdev" + More than one group can be added by separating each set of different + groups' parameters with a semicolon. + + Here is an example adding multiple groups from the ``useradd-example.bb`` + file in the ``meta-skeleton`` layer:: + + GROUPADD_PARAM:${PN} = "-g 880 group1; -g 890 group2" + For information on the standard Linux shell command ``groupadd``, see https://linux.die.net/man/8/groupadd. @@ -6557,7 +6565,7 @@ system and gives an overview of their function and contents. The :term:`PREFERRED_PROVIDER` variable is set with the name (:term:`PN`) of the recipe you prefer to provide "virtual/kernel". - Following are more examples:: + Here are more examples:: PREFERRED_PROVIDER_virtual/xserver = "xserver-xf86" PREFERRED_PROVIDER_virtual/libgl ?= "mesa" @@ -6742,11 +6750,11 @@ system and gives an overview of their function and contents. .. note:: - A corresponding mechanism for virtual runtime dependencies - (packages) exists. However, the mechanism does not depend on any - special functionality beyond ordinary variable assignments. For - example, ``VIRTUAL-RUNTIME_dev_manager`` refers to the package of - the component that manages the ``/dev`` directory. + A corresponding mechanism for virtual runtime dependencies (packages) + exists. However, the mechanism does not depend on any special + functionality beyond ordinary variable assignments. For example, + :term:`VIRTUAL-RUNTIME_dev_manager <VIRTUAL-RUNTIME>` refers to the + package of the component that manages the ``/dev`` directory. Setting the "preferred provider" for runtime dependencies is as simple as using the following assignment in a configuration file:: @@ -7612,6 +7620,10 @@ system and gives an overview of their function and contents. configuration will not take effect. :term:`SDKPATH` + Defines the path used to collect the SDK components and build the + installer. + + :term:`SDKPATHINSTALL` Defines the path offered to the user for installation of the SDK that is generated by the OpenEmbedded build system. The path appears as the default location for installing the SDK when you run the SDK's @@ -7621,7 +7633,7 @@ system and gives an overview of their function and contents. :term:`SDKTARGETSYSROOT` The full path to the sysroot used for cross-compilation within an SDK as it will be when installed into the default - :term:`SDKPATH`. + :term:`SDKPATHINSTALL`. :term:`SECTION` The section in which packages should be categorized. Package @@ -7913,6 +7925,11 @@ system and gives an overview of their function and contents. image), compared to just using the :ref:`ref-classes-create-spdx` class with no option. + :term:`SPDX_NAMESPACE_PREFIX` + This option could be used in order to change the prefix of ``spdxDocument`` + and the prefix of ``documentNamespace``. It is set by default to + ``http://spdx.org/spdxdoc``. + :term:`SPDX_PRETTY` This option makes the SPDX output more human-readable, using identation and newlines, instead of the default output in a @@ -9391,7 +9408,7 @@ system and gives an overview of their function and contents. configuration can define the :term:`UBOOT_MACHINE` and optionally the :term:`IMAGE_FSTYPES` and the :term:`UBOOT_BINARY`. - Following is an example from the ``meta-freescale`` layer. :: + Here is an example from the ``meta-freescale`` layer. :: UBOOT_CONFIG ??= "sdcard-ifc-secure-boot sdcard-ifc sdcard-qspi lpuart qspi secure-boot nor" UBOOT_CONFIG[nor] = "ls1021atwr_nor_defconfig" @@ -9868,6 +9885,33 @@ system and gives an overview of their function and contents. Additionally, you should also set the :term:`USERADD_ERROR_DYNAMIC` variable. + :term:`VIRTUAL-RUNTIME` + :term:`VIRTUAL-RUNTIME` is a commonly used prefix for defining virtual + packages for runtime usage, typically for use in :term:`RDEPENDS` + or in image definitions. + + An example is ``VIRTUAL-RUNTIME_base-utils`` that makes it possible + to either use BusyBox based utilities:: + + VIRTUAL-RUNTIME_base-utils = "busybox" + + or their full featured implementations from GNU Coreutils + and other projects:: + + VIRTUAL-RUNTIME_base-utils = "packagegroup-core-base-utils" + + Here are two examples using this virtual runtime package. The + first one is in :yocto_git:`initramfs-framework_1.0.bb + </poky/tree/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb?h=scarthgap>`:: + + RDEPENDS:${PN} += "${VIRTUAL-RUNTIME_base-utils}" + + The second example is in the :yocto_git:`core-image-initramfs-boot + </poky/tree/meta/recipes-core/images/core-image-initramfs-boot.bb?h=scarthgap>` + image definition:: + + PACKAGE_INSTALL = "${INITRAMFS_SCRIPTS} ${VIRTUAL-RUNTIME_base-utils} base-passwd" + :term:`VOLATILE_LOG_DIR` Specifies the persistence of the target's ``/var/log`` directory, which is used to house postinstall target log files. @@ -9929,7 +9973,7 @@ system and gives an overview of their function and contents. With the :term:`WKS_FILE_DEPENDS` variable, you have the possibility to specify a list of additional dependencies (e.g. native tools, bootloaders, and so forth), that are required to build Wic images. - Following is an example:: + Here is an example:: WKS_FILE_DEPENDS = "some-native-tool" diff --git a/poky/documentation/sdk-manual/appendix-obtain.rst b/poky/documentation/sdk-manual/appendix-obtain.rst index ad531cbf24..d06d6ec6b5 100644 --- a/poky/documentation/sdk-manual/appendix-obtain.rst +++ b/poky/documentation/sdk-manual/appendix-obtain.rst @@ -66,7 +66,7 @@ Follow these steps to locate and hand-install the toolchain: poky-glibc-x86_64-core-image-sato-core2-64-qemux86-64-toolchain-&DISTRO;.sh #. *Run the Installer:* Be sure you have execution privileges and run - the installer. Following is an example from the ``Downloads`` + the installer. Here is an example from the ``Downloads`` directory:: $ ~/Downloads/poky-glibc-x86_64-core-image-sato-core2-64-qemux86-64-toolchain-&DISTRO;.sh @@ -165,12 +165,12 @@ build the SDK installer. Follow these steps: variable inside your ``local.conf`` file before building the SDK installer. Doing so ensures that the eventual SDK installation process installs the appropriate library packages - as part of the SDK. Following is an example using ``libc`` + as part of the SDK. Here is an example using ``libc`` static development libraries: TOOLCHAIN_TARGET_TASK:append = " libc-staticdev" #. *Run the Installer:* You can now run the SDK installer from - ``tmp/deploy/sdk`` in the :term:`Build Directory`. Following is an example:: + ``tmp/deploy/sdk`` in the :term:`Build Directory`. Here is an example:: $ cd poky/build/tmp/deploy/sdk $ ./poky-glibc-x86_64-core-image-sato-core2-64-toolchain-ext-&DISTRO;.sh @@ -235,7 +235,7 @@ Follow these steps to extract the root filesystem: This script is located in the top-level directory in which you installed the toolchain (e.g. ``poky_sdk``). - Following is an example based on the toolchain installed in the + Here is an example based on the toolchain installed in the ":ref:`sdk-manual/appendix-obtain:locating pre-built sdk installers`" section:: $ source poky_sdk/environment-setup-core2-64-poky-linux @@ -243,7 +243,7 @@ Follow these steps to extract the root filesystem: #. *Extract the Root Filesystem:* Use the ``runqemu-extract-sdk`` command and provide the root filesystem image. - Following is an example command that extracts the root filesystem + Here is an example command that extracts the root filesystem from a previously built root filesystem image that was downloaded from the :yocto_dl:`Index of Releases </releases/yocto/yocto-&DISTRO;/machines/>`. This command extracts the root filesystem into the ``core2-64-sato`` diff --git a/poky/documentation/sdk-manual/extensible.rst b/poky/documentation/sdk-manual/extensible.rst index 355c6cb0e4..d335e78623 100644 --- a/poky/documentation/sdk-manual/extensible.rst +++ b/poky/documentation/sdk-manual/extensible.rst @@ -74,7 +74,7 @@ Setting up the Extensible SDK environment directly in a Yocto build $ bitbake meta-ide-support $ bitbake -c populate_sysroot gtk+3 # or any other target or native item that the application developer would need - $ bitbake build-sysroots + $ bitbake build-sysroots -c build_native_sysroot && bitbake build-sysroots -c build_target_sysroot Setting up the Extensible SDK from a standalone installer --------------------------------------------------------- @@ -1226,8 +1226,12 @@ In this scenario, the Yocto build tooling, e.g. ``bitbake`` is directly accessible to build additional items, and it can simply be executed directly:: + $ bitbake curl-native + # Add newly built native items to native sysroot + $ bitbake build-sysroots -c build_native_sysroot $ bitbake mesa - $ bitbake build-sysroots + # Add newly built target items to target sysroot + $ bitbake build-sysroots -c build_target_sysroot When using a standalone installer for the Extensible SDK -------------------------------------------------------- diff --git a/poky/documentation/sdk-manual/intro.rst b/poky/documentation/sdk-manual/intro.rst index 49aa921e70..e8fd191dbc 100644 --- a/poky/documentation/sdk-manual/intro.rst +++ b/poky/documentation/sdk-manual/intro.rst @@ -66,7 +66,7 @@ The SDK development environment consists of the following: In summary, the extensible and standard SDK share many features. However, the extensible SDK has powerful development tools to help you -more quickly develop applications. Following is a table that summarizes +more quickly develop applications. Here is a table that summarizes the primary differences between the standard and extensible SDK types when considering which to build: diff --git a/poky/documentation/standards.md b/poky/documentation/standards.md index 9f4771ebd9..e0c0cba83c 100644 --- a/poky/documentation/standards.md +++ b/poky/documentation/standards.md @@ -5,6 +5,21 @@ documentation is created. It is currently a work in progress. +## Automatic style validation + +There is an ongoing effort to automate style validation +through the [Vale](https://vale.sh/). To try it, run: + + $ make stylecheck + +Note that this just applies to text. Therefore, the syntax +conventions described below still apply. + +If you wish to add a new word to an "accept.txt" file +(./styles/config/vocabularies/<Vocab>/accept.txt), +make sure the spelling and capitalization matches +what Wikipedia or the project defining this word uses. + ## Text standards ### Bulleted lists diff --git a/poky/documentation/styles/config/vocabularies/OpenSource/accept.txt b/poky/documentation/styles/config/vocabularies/OpenSource/accept.txt new file mode 100644 index 0000000000..e378fbf79b --- /dev/null +++ b/poky/documentation/styles/config/vocabularies/OpenSource/accept.txt @@ -0,0 +1,20 @@ +autovivification +blkparse +blktrace +callee +debugfs +ftrace +KernelShark +Kprobe +LTTng +perf +profiler +subcommand +subnode +superset +Sysprof +systemd +toolchain +tracepoint +Uprobe +wget diff --git a/poky/documentation/styles/config/vocabularies/Yocto/accept.txt b/poky/documentation/styles/config/vocabularies/Yocto/accept.txt new file mode 100644 index 0000000000..ca622ba412 --- /dev/null +++ b/poky/documentation/styles/config/vocabularies/Yocto/accept.txt @@ -0,0 +1,5 @@ +BitBake +BSP +crosstap +OpenEmbedded +Yocto diff --git a/poky/documentation/toaster-manual/setup-and-use.rst b/poky/documentation/toaster-manual/setup-and-use.rst index c5521edda1..a0c27499ba 100644 --- a/poky/documentation/toaster-manual/setup-and-use.rst +++ b/poky/documentation/toaster-manual/setup-and-use.rst @@ -365,7 +365,7 @@ Perform the following steps to install Toaster: /etc/apache2/conf.d/toaster.conf - Following is a sample Apache configuration for Toaster you can follow: + Here is a sample Apache configuration for Toaster you can follow: .. code-block:: apache @@ -495,7 +495,7 @@ The Toaster web interface allows you to do the following: Toaster Web Interface Videos ---------------------------- -Following are several videos that show how to use the Toaster GUI: +Here are several videos that show how to use the Toaster GUI: - *Build Configuration:* This `video <https://www.youtube.com/watch?v=qYgDZ8YzV6w>`__ overviews and diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index ca07b3ddee..c21ba469fd 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "4.3.3" +DISTRO_VERSION = "4.3.4" DISTRO_CODENAME = "nanbield" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass index 16b85dbca4..2ff2dff9e2 100644 --- a/poky/meta/classes-recipe/kernel.bbclass +++ b/poky/meta/classes-recipe/kernel.bbclass @@ -239,6 +239,8 @@ KERNEL_EXTRA_ARGS ?= "" EXTRA_OEMAKE += ' CC="${KERNEL_CC}" LD="${KERNEL_LD}" OBJCOPY="${KERNEL_OBJCOPY}" STRIP="${KERNEL_STRIP}"' EXTRA_OEMAKE += ' HOSTCC="${BUILD_CC}" HOSTCFLAGS="${BUILD_CFLAGS}" HOSTLDFLAGS="${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"' EXTRA_OEMAKE += ' HOSTCXX="${BUILD_CXX}" HOSTCXXFLAGS="${BUILD_CXXFLAGS}"' +# Only for newer kernels (5.19+), native pkg-config variables are set for older kernels when building kernel and modules +EXTRA_OEMAKE += ' HOSTPKG_CONFIG="pkg-config-native"' KERNEL_ALT_IMAGETYPE ??= "" @@ -356,9 +358,6 @@ kernel_do_compile() { export PKG_CONFIG_LIBDIR="$PKG_CONFIG_DIR" export PKG_CONFIG_SYSROOT_DIR="" - # for newer kernels (5.19+) there's a dedicated variable - export HOSTPKG_CONFIG="pkg-config-native" - if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then # kernel sources do not use do_unpack, so SOURCE_DATE_EPOCH may not # be set.... @@ -408,6 +407,13 @@ addtask transform_kernel after do_compile before do_install do_compile_kernelmodules() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE + + # setup native pkg-config variables (kconfig scripts call pkg-config directly, cannot generically be overriden to pkg-config-native) + export PKG_CONFIG_DIR="${STAGING_DIR_NATIVE}${libdir_native}/pkgconfig" + export PKG_CONFIG_PATH="$PKG_CONFIG_DIR:${STAGING_DATADIR_NATIVE}/pkgconfig" + export PKG_CONFIG_LIBDIR="$PKG_CONFIG_DIR" + export PKG_CONFIG_SYSROOT_DIR="" + if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then # kernel sources do not use do_unpack, so SOURCE_DATE_EPOCH may not # be set.... diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 5191d04303..56ba8bceef 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -418,6 +418,9 @@ def check_cves(d, patched_cves): cves_status.append([product, False]) conn.close() + diff_ignore = list(set(cve_ignore) - set(cves_ignored)) + if diff_ignore: + oe.qa.handle_error("cve_status_not_in_db", "Found CVE (%s) with CVE_STATUS set that are not found in database for this component" % " ".join(diff_ignore), d) if not cves_in_recipe: bb.note("No CVE records for products in recipe %s" % (pn)) diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index fc42f95de2..fdeac3db3c 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -102,7 +102,6 @@ PTESTS_SLOW = "\ libgcrypt \ libmodule-build-perl \ lttng-tools \ - mdadm \ openssh \ openssl \ parted \ @@ -131,6 +130,7 @@ PTESTS_PROBLEMS:append:x86 = " valgrind" # ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py # libinput \ # Tests need an unloaded system to be reliable # libpam \ # Needs pam DISTRO_FEATURE +# mdadm \ # tests are flaky in AB. # numactl \ # qemu not (yet) configured for numa; all tests are skipped # libseccomp \ # tests failed: 38; add to slow tests once addressed # python3-numpy \ # requires even more RAM and (possibly) disk space; multiple failures @@ -143,6 +143,7 @@ PTESTS_PROBLEMS = "\ libinput \ libpam \ libseccomp \ + mdadm \ numactl \ python3-license-expression \ python3-numpy \ diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index eaa3e9b31c..4ac66fd506 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.38" -UNINATIVE_VERSION = "4.3" +UNINATIVE_MAXGLIBCVERSION = "2.39" +UNINATIVE_VERSION = "4.4" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec" -UNINATIVE_CHECKSUM[i686] ?= "bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd" -UNINATIVE_CHECKSUM[x86_64] ?= "1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030" +UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec" +UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc" +UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302" diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..38d07cae39 100644 --- a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -1,4 +1,4 @@ -From 246087f89e9434b726c7884e4c0964f71084f091 Mon Sep 17 00:00:00 2001 +From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker <paul.gortmaker@windriver.com> Date: Tue, 9 Jun 2015 11:22:00 -0400 Subject: [PATCH] bind: ensure searching for json headers searches sysroot @@ -33,10 +33,10 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 10e8bf6..bf20690 100644 +index 2ab8ddd..92fe983 100644 --- a/configure.ac +++ b/configure.ac -@@ -814,7 +814,7 @@ AS_CASE([$with_lmdb], +@@ -761,7 +761,7 @@ AS_CASE([$with_lmdb], [no],[], [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], [ac_lib_lmdb_found=yes], diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.20.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.24.bb index 187685eef5..2874990320 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.20.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.24.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "4b891ebf58d3f2a7ac3dd2682990f528a3448eaa1c992ddc5c141b8587a98ec5" +SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 diff --git a/poky/meta/recipes-connectivity/openssl/openssl/bti.patch b/poky/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/bti.patch @@ -0,0 +1,58 @@ +From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 +From: Tom Cosgrove <tom.cosgrove@arm.com> +Date: Tue, 26 Mar 2024 13:18:00 +0000 +Subject: [PATCH] aarch64: fix BTI in bsaes assembly code + +In Arm systems where BTI is enabled but the Crypto extensions are not (more +likely in FVPs than in real hardware), the bit-sliced assembler code will +be used. However, this wasn't annotated with BTI instructions when BTI was +enabled, so the moment libssl jumps into this code it (correctly) aborts. + +Solve this by adding the missing BTI landing pads. + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + crypto/aes/asm/bsaes-armv8.pl | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl +index b3c97e439f..c3c5ff3e05 100644 +--- a/crypto/aes/asm/bsaes-armv8.pl ++++ b/crypto/aes/asm/bsaes-armv8.pl +@@ -1018,6 +1018,7 @@ _bsaes_key_convert: + // Initialisation vector overwritten with last quadword of ciphertext + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_cbc_encrypt: ++ AARCH64_VALID_CALL_TARGET + cmp x2, #128 + bhs .Lcbc_do_bsaes + b AES_cbc_encrypt +@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: + // Output text filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_ctr32_encrypt_blocks: +- ++ AARCH64_VALID_CALL_TARGET + cmp x2, #8 // use plain AES for + blo .Lctr_enc_short // small sizes + +@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: + // Output ciphertext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_encrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: + // Output plaintext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_decrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +-- +2.34.1 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/poky/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch deleted file mode 100644 index 78dcd81685..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch +++ /dev/null @@ -1,22 +0,0 @@ -The perl script adds random suffixes to the local function names to ensure -it doesn't clash with other parts of openssl. Set the random number seed -to something predictable so the assembler files are generated consistently -and our own reproducible builds tests pass. - -Upstream-Status: Pending -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - -Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl -=================================================================== ---- openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl -+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl -@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable = (16 * 6); - # ;;; Helper functions - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -+# Ensure the local labels are reproduicble -+srand(10000); -+ - # ; Generates "random" local labels - sub random_string() { - my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_'); diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.5.bb index 0fe4e76808..174b5f6ad3 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.4.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.5.bb @@ -11,15 +11,15 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ - file://fix_random_labels.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ + file://bti.patch \ " SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3" +SRC_URI[sha256sum] = "6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -187,6 +187,7 @@ PTEST_BUILD_HOST_PATTERN = "perl_version =" do_install_ptest () { install -d ${D}${PTEST_PATH}/test install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test # Prune the build tree diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch new file mode 100644 index 0000000000..620560d3c7 --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch @@ -0,0 +1,213 @@ +From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 8 Jul 2023 19:55:32 +0300 +Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements + +The previous PEAP client behavior allowed the server to skip Phase 2 +authentication with the expectation that the server was authenticated +during Phase 1 through TLS server certificate validation. Various PEAP +specifications are not exactly clear on what the behavior on this front +is supposed to be and as such, this ended up being more flexible than +the TTLS/FAST/TEAP cases. However, this is not really ideal when +unfortunately common misconfiguration of PEAP is used in deployed +devices where the server trust root (ca_cert) is not configured or the +user has an easy option for allowing this validation step to be skipped. + +Change the default PEAP client behavior to be to require Phase 2 +authentication to be successfully completed for cases where TLS session +resumption is not used and the client certificate has not been +configured. Those two exceptions are the main cases where a deployed +authentication server might skip Phase 2 and as such, where a more +strict default behavior could result in undesired interoperability +issues. Requiring Phase 2 authentication will end up disabling TLS +session resumption automatically to avoid interoperability issues. + +Allow Phase 2 authentication behavior to be configured with a new phase1 +configuration parameter option: +'phase2_auth' option can be used to control Phase 2 (i.e., within TLS +tunnel) behavior for PEAP: + * 0 = do not require Phase 2 authentication + * 1 = require Phase 2 authentication when client certificate + (private_key/client_cert) is no used and TLS session resumption was + not used (default) + * 2 = require Phase 2 authentication in all cases + +Signed-off-by: Jouni Malinen <j@w1.fi> + +CVE: CVE-2023-52160 +Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c] + +Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> + +--- + src/eap_peer/eap_config.h | 8 ++++++ + src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++--- + src/eap_peer/eap_tls_common.c | 6 +++++ + src/eap_peer/eap_tls_common.h | 5 ++++ + wpa_supplicant/wpa_supplicant.conf | 7 ++++++ + 5 files changed, 63 insertions(+), 3 deletions(-) + +diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h +index 3238f74..047eec2 100644 +--- a/src/eap_peer/eap_config.h ++++ b/src/eap_peer/eap_config.h +@@ -469,6 +469,14 @@ struct eap_peer_config { + * 1 = use cryptobinding if server supports it + * 2 = require cryptobinding + * ++ * phase2_auth option can be used to control Phase 2 (i.e., within TLS ++ * tunnel) behavior for PEAP: ++ * 0 = do not require Phase 2 authentication ++ * 1 = require Phase 2 authentication when client certificate ++ * (private_key/client_cert) is no used and TLS session resumption was ++ * not used (default) ++ * 2 = require Phase 2 authentication in all cases ++ * + * EAP-WSC (WPS) uses following options: pin=Device_Password and + * uuid=Device_UUID + * +diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c +index 12e30df..6080697 100644 +--- a/src/eap_peer/eap_peap.c ++++ b/src/eap_peer/eap_peap.c +@@ -67,6 +67,7 @@ struct eap_peap_data { + u8 cmk[20]; + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) + * is enabled. */ ++ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; + }; + + +@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); + } + ++ if (os_strstr(phase1, "phase2_auth=0")) { ++ data->phase2_auth = NO_AUTH; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Do not require Phase 2 authentication"); ++ } else if (os_strstr(phase1, "phase2_auth=1")) { ++ data->phase2_auth = FOR_INITIAL; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for initial connection"); ++ } else if (os_strstr(phase1, "phase2_auth=2")) { ++ data->phase2_auth = ALWAYS; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for all cases"); ++ } + #ifdef EAP_TNC + if (os_strstr(phase1, "tnc=soh2")) { + data->soh = 2; +@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) + data->force_peap_version = -1; + data->peap_outer_success = 2; + data->crypto_binding = OPTIONAL_BINDING; ++ data->phase2_auth = FOR_INITIAL; + + if (config && config->phase1) + eap_peap_parse_phase1(data, config->phase1); +@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, + } + + ++static bool peap_phase2_sufficient(struct eap_sm *sm, ++ struct eap_peap_data *data) ++{ ++ if ((data->phase2_auth == ALWAYS || ++ (data->phase2_auth == FOR_INITIAL && ++ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && ++ !data->ssl.client_cert_conf) || ++ data->phase2_eap_started) && ++ !data->phase2_eap_success) ++ return false; ++ return true; ++} ++ ++ + /** + * eap_tlv_process - Process a received EAP-TLV message and generate a response + * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() +@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, + " - force failed Phase 2"); + resp_status = EAP_TLV_RESULT_FAILURE; + ret->decision = DECISION_FAIL; ++ } else if (!peap_phase2_sufficient(sm, data)) { ++ wpa_printf(MSG_INFO, ++ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); ++ resp_status = EAP_TLV_RESULT_FAILURE; ++ ret->decision = DECISION_FAIL; + } else { + resp_status = EAP_TLV_RESULT_SUCCESS; + ret->decision = DECISION_UNCOND_SUCC; +@@ -887,8 +921,7 @@ continue_req: + /* EAP-Success within TLS tunnel is used to indicate + * shutdown of the TLS channel. The authentication has + * been completed. */ +- if (data->phase2_eap_started && +- !data->phase2_eap_success) { ++ if (!peap_phase2_sufficient(sm, data)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " + "Success used to indicate success, " + "but Phase 2 EAP was not yet " +@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, + static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) + { + struct eap_peap_data *data = priv; ++ + return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && +- data->phase2_success; ++ data->phase2_success && data->phase2_auth != ALWAYS; + } + + +diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c +index c1837db..a53eeb1 100644 +--- a/src/eap_peer/eap_tls_common.c ++++ b/src/eap_peer/eap_tls_common.c +@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, + + sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); + ++ if (!phase2) ++ data->client_cert_conf = params->client_cert || ++ params->client_cert_blob || ++ params->private_key || ++ params->private_key_blob; ++ + return 0; + } + +diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h +index 9ac0012..3348634 100644 +--- a/src/eap_peer/eap_tls_common.h ++++ b/src/eap_peer/eap_tls_common.h +@@ -79,6 +79,11 @@ struct eap_ssl_data { + * tls_v13 - Whether TLS v1.3 or newer is used + */ + int tls_v13; ++ ++ /** ++ * client_cert_conf: Whether client certificate has been configured ++ */ ++ bool client_cert_conf; + }; + + +diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf +index 6619d6b..d63f73c 100644 +--- a/wpa_supplicant/wpa_supplicant.conf ++++ b/wpa_supplicant/wpa_supplicant.conf +@@ -1321,6 +1321,13 @@ fast_reauth=1 + # * 0 = do not use cryptobinding (default) + # * 1 = use cryptobinding if server supports it + # * 2 = require cryptobinding ++# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS ++# tunnel) behavior for PEAP: ++# * 0 = do not require Phase 2 authentication ++# * 1 = require Phase 2 authentication when client certificate ++# (private_key/client_cert) is no used and TLS session resumption was ++# not used (default) ++# * 2 = require Phase 2 authentication in all cases + # EAP-WSC (WPS) uses following options: pin=<Device Password> or + # pbc=1. + # diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb index 46604045da..22028ce957 100644 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb @@ -18,6 +18,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch \ file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \ file://0001-Install-wpa_passphrase-when-not-disabled.patch \ + file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \ " SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f" diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index 212f960cb5..ee89762ae6 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -11,7 +11,6 @@ CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-5156] = "fixed-version: Fixed in stable branch updates" -CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-0687] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-6246] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-6779] = "fixed-version: Fixed in stable branch updates" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index d63079bb34..07764a1826 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check REQUIRED_DISTRO_FEATURES += "xattr" -SRCREV ?= "17635c5e4d2460a762152f550ac98d66b9090904" +SRCREV ?= "8730750b335c2eb9c3af673262dd83f4a861e075" SRC_URI = "git://git.yoctoproject.org/poky;branch=nanbield \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/images/core-image-ptest.bb b/poky/meta/recipes-core/images/core-image-ptest.bb index b6f5c2fd60..f2d0ae94b8 100644 --- a/poky/meta/recipes-core/images/core-image-ptest.bb +++ b/poky/meta/recipes-core/images/core-image-ptest.bb @@ -21,7 +21,7 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in d.getVar('PTESTS').split()] IMAGE_OVERHEAD_FACTOR = "1.0" IMAGE_ROOTFS_EXTRA_SPACE = "324288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288" -IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288" +IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1524288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288" # tar-ptest in particular needs more space diff --git a/poky/meta/recipes-core/libxml/libxml2_2.11.5.bb b/poky/meta/recipes-core/libxml/libxml2_2.11.7.bb index fc82912df2..482ce9042d 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.11.5.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.11.7.bb @@ -18,7 +18,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://install-tests.patch \ " -SRC_URI[archive.sha256sum] = "3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6" +SRC_URI[archive.sha256sum] = "fb27720e25eaf457f94fd3d7189bcf2626c6dccf4201553bc8874d50e3560162" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" # Disputed as a security issue, but fixed in d39f780 diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb index bfe48b27e7..1901641965 100644 --- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,13 +26,17 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" -# Number of attmepts for each http query to nvd server before giving up +# CVE database incremental update age threshold, in seconds. If the database is +# older than this threshold, do a full re-download, else, do an incremental +# update. By default: the maximum allowed value from NVD: 120 days (120*24*60*60) +# Use 0 to force a full download. +CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000" + +# Number of attempts for each http query to nvd server before giving up CVE_DB_UPDATE_ATTEMPTS ?= "5" CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" - python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -119,7 +123,8 @@ def nvd_request_wait(attempt, min_wait): def nvd_request_next(url, attempts, api_key, args, min_wait): """ - Request next part of the NVD dabase + Request next part of the NVD database + NVD API documentation: https://nvd.nist.gov/developers/vulnerabilities """ import urllib.request @@ -172,18 +177,24 @@ def update_db_file(db_tmp_file, d, database_time): req_args = {'startIndex' : 0} - # The maximum range for time is 120 days - # Force a complete update if our range is longer - if (database_time != 0): + incr_update_threshold = int(d.getVar("CVE_DB_INCR_UPDATE_AGE_THRES")) + if database_time != 0: database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc) today_date = datetime.datetime.now(tz=datetime.timezone.utc) delta = today_date - database_date - if delta.days < 120: + if incr_update_threshold == 0: + bb.note("CVE database: forced full update") + elif delta < datetime.timedelta(seconds=incr_update_threshold): bb.note("CVE database: performing partial update") + # The maximum range for time is 120 days + if delta > datetime.timedelta(days=120): + bb.error("CVE database: Trying to do an incremental update on a larger than supported range") req_args['lastModStartDate'] = database_date.isoformat() req_args['lastModEndDate'] = today_date.isoformat() else: bb.note("CVE database: file too old, forcing a full update") + else: + bb.note("CVE database: no preexisting database, do a full download") with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: @@ -313,6 +324,10 @@ def update_db(conn, elt): vectorString = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": + c = conn.cursor() + c.execute("delete from PRODUCTS where ID = ?;", [cveId]) + c.execute("delete from NVD where ID = ?;", [cveId]) + c.close() return cveDesc = "" for desc in elt['cve']['descriptions']: @@ -346,6 +361,10 @@ def update_db(conn, elt): [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() try: + # Remove any pre-existing CVE configuration. Even for partial database + # update, those will be repopulated. This ensures that old + # configuration is not kept for an updated CVE. + conn.execute("delete from PRODUCTS where ID = ?", [cveId]).close() for config in elt['cve']['configurations']: # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing for node in config["nodes"]: diff --git a/poky/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb b/poky/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb index fa6d930a9c..18057809c8 100644 --- a/poky/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/Jinja2/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" -SRC_URI[sha256sum] = "31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852" +SRC_URI[sha256sum] = "ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90" PYPI_PACKAGE = "Jinja2" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index 2774e5e730..4734adcc08 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2023d" +PV = "2024a" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "e9a5f9e118886d2de92b62bb05510a28cc6c058d791c93bd6b84d3292c3c161e" -SRC_URI[tzdata.sha256sum] = "dbca21970b0a8b8c0ceceec1d7b91fa903be0f6eca5ae732b5329672232a08f3" +SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8" +SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3" diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.4.bb index 9aa7b4dfcd..092359172a 100644 --- a/poky/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb +++ b/poky/meta/recipes-graphics/xwayland/xwayland_23.2.4.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz" -SRC_URI[sha256sum] = "eb9d9aa7232c47412c8835ec15a97c575f03563726c787754ff0c019bd07e302" +SRC_URI[sha256sum] = "a99e159b6d0d33098b3b6ab22a88bfcece23c8b9d0ca72c535c55dcb0681b46b" UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb index 0ed4d91f8a..490c0ab89f 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb @@ -91,7 +91,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \ file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \ file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \ - file://LICENSE.cirrus;md5=bb18d943382abf8e8232a9407bfdafe0 \ + file://LICENSE.cirrus;md5=662ea2c1a8888f7d79ed7f27c27472e1 \ file://LICENCE.cnm;md5=93b67e6bac7f8fec22b96b8ad0a1a9d0 \ file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \ file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \ @@ -151,7 +151,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "3113c4ea08e5171555f3bf49eceb5b07" +WHENCE_CHKSUM = "a344e6c28970fc7daafa81c10247aeb6" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -237,7 +237,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "96af7e4b5eabd37869cdb3dcbb7ab36911106d39b76e799fa1caab16a9dbe8bb" +SRC_URI[sha256sum] = "bf0f239dc0801e9d6bf5d5fb3e2f549575632cf4688f4348184199cb02c2bcd7" inherit allarch diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 45fcc7b260..cb48e4d88d 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-01-18 21:10:06.148505+00:00 for version 6.1.73 +# Generated at 2024-02-21 02:22:41.710563+00:00 for version 6.1.78 python check_kernel_cve_status_version() { - this_version = "6.1.73" + this_version = "6.1.78" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -3668,6 +3668,10 @@ CVE_STATUS[CVE-2021-3348] = "fixed-version: Fixed from version 5.11rc6" CVE_STATUS[CVE-2021-33624] = "fixed-version: Fixed from version 5.13rc7" +CVE_STATUS[CVE-2021-33630] = "fixed-version: Fixed from version 5.4rc1" + +CVE_STATUS[CVE-2021-33631] = "cpe-stable-backport: Backported in 6.1.4" + CVE_STATUS[CVE-2021-33655] = "fixed-version: Fixed from version 5.19rc6" CVE_STATUS[CVE-2021-33656] = "fixed-version: Fixed from version 5.12rc1" @@ -4420,7 +4424,7 @@ CVE_STATUS[CVE-2022-3636] = "fixed-version: Fixed from version 5.19rc1" CVE_STATUS[CVE-2022-3640] = "fixed-version: Fixed from version 6.1rc4" -# CVE-2022-36402 has no known resolution +CVE_STATUS[CVE-2022-36402] = "cpe-stable-backport: Backported in 6.1.50" # CVE-2022-3642 has no known resolution @@ -4958,7 +4962,7 @@ CVE_STATUS[CVE-2023-35824] = "cpe-stable-backport: Backported in 6.1.28" CVE_STATUS[CVE-2023-35826] = "cpe-stable-backport: Backported in 6.1.28" -# CVE-2023-35827 needs backporting (fixed from 6.1.59) +CVE_STATUS[CVE-2023-35827] = "cpe-stable-backport: Backported in 6.1.59" CVE_STATUS[CVE-2023-35828] = "cpe-stable-backport: Backported in 6.1.28" @@ -5032,7 +5036,7 @@ CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.1.43" CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45" -# CVE-2023-40791 needs backporting (fixed from 6.5rc6) +CVE_STATUS[CVE-2023-40791] = "fixed-version: only affects 6.3rc1 onwards" CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45" @@ -5100,9 +5104,15 @@ CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards" CVE_STATUS[CVE-2023-4623] = "cpe-stable-backport: Backported in 6.1.53" -# CVE-2023-46813 needs backporting (fixed from 6.1.60) +CVE_STATUS[CVE-2023-46343] = "cpe-stable-backport: Backported in 6.1.60" + +CVE_STATUS[CVE-2023-46813] = "cpe-stable-backport: Backported in 6.1.60" -# CVE-2023-46862 needs backporting (fixed from 6.6) +CVE_STATUS[CVE-2023-46838] = "cpe-stable-backport: Backported in 6.1.75" + +CVE_STATUS[CVE-2023-46862] = "cpe-stable-backport: Backported in 6.1.61" + +# CVE-2023-47233 has no known resolution CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1" @@ -5110,10 +5120,14 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54" CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" -# CVE-2023-50431 has no known resolution +CVE_STATUS[CVE-2023-50431] = "cpe-stable-backport: Backported in 6.1.75" CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" +CVE_STATUS[CVE-2023-51042] = "cpe-stable-backport: Backported in 6.1.47" + +CVE_STATUS[CVE-2023-51043] = "cpe-stable-backport: Backported in 6.1.40" + CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" CVE_STATUS[CVE-2023-51779] = "cpe-stable-backport: Backported in 6.1.70" @@ -5128,11 +5142,13 @@ CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69" CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56" +CVE_STATUS[CVE-2023-52340] = "cpe-stable-backport: Backported in 6.1.73" + CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" -# CVE-2023-5717 needs backporting (fixed from 6.1.60) +CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60" CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards" @@ -5146,8 +5162,12 @@ CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.1.65" CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" +CVE_STATUS[CVE-2023-6200] = "fixed-version: only affects 6.6rc1 onwards" + # CVE-2023-6238 has no known resolution +# CVE-2023-6240 has no known resolution + # CVE-2023-6270 has no known resolution # CVE-2023-6356 has no known resolution @@ -5164,7 +5184,7 @@ CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47" CVE_STATUS[CVE-2023-6606] = "cpe-stable-backport: Backported in 6.1.70" -# CVE-2023-6610 needs backporting (fixed from 6.7rc7) +CVE_STATUS[CVE-2023-6610] = "cpe-stable-backport: Backported in 6.1.74" CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68" @@ -5172,6 +5192,8 @@ CVE_STATUS[CVE-2023-6679] = "fixed-version: only affects 6.7rc1 onwards" CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68" +CVE_STATUS[CVE-2023-6915] = "cpe-stable-backport: Backported in 6.1.74" + CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68" CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66" @@ -5186,5 +5208,65 @@ CVE_STATUS[CVE-2024-0193] = "fixed-version: only affects 6.5rc6 onwards" CVE_STATUS[CVE-2024-0443] = "fixed-version: only affects 6.2rc1 onwards" -# Skipping dd=CVE-2023-1476, no affected_versions +CVE_STATUS[CVE-2024-0562] = "fixed-version: Fixed from version 6.0rc3" + +# CVE-2024-0564 has no known resolution + +CVE_STATUS[CVE-2024-0565] = "cpe-stable-backport: Backported in 6.1.69" + +CVE_STATUS[CVE-2024-0582] = "fixed-version: only affects 6.4rc1 onwards" + +CVE_STATUS[CVE-2024-0584] = "cpe-stable-backport: Backported in 6.1.66" + +CVE_STATUS[CVE-2024-0607] = "cpe-stable-backport: Backported in 6.1.64" + +CVE_STATUS[CVE-2024-0639] = "cpe-stable-backport: Backported in 6.1.39" + +CVE_STATUS[CVE-2024-0641] = "cpe-stable-backport: Backported in 6.1.57" + +CVE_STATUS[CVE-2024-0646] = "cpe-stable-backport: Backported in 6.1.69" + +CVE_STATUS[CVE-2024-0775] = "cpe-stable-backport: Backported in 6.1.29" + +# CVE-2024-0841 has no known resolution + +CVE_STATUS[CVE-2024-1085] = "cpe-stable-backport: Backported in 6.1.75" + +CVE_STATUS[CVE-2024-1086] = "cpe-stable-backport: Backported in 6.1.76" + +# CVE-2024-1312 needs backporting (fixed from 6.5rc4) + +# CVE-2024-21803 has no known resolution + +# CVE-2024-22099 has no known resolution + +# CVE-2024-22386 has no known resolution + +CVE_STATUS[CVE-2024-22705] = "cpe-stable-backport: Backported in 6.1.71" + +# CVE-2024-23196 has no known resolution + +# CVE-2024-23307 has no known resolution + +# CVE-2024-23848 has no known resolution + +CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.1.76" + +# CVE-2024-23850 has no known resolution + +# CVE-2024-23851 has no known resolution + +# CVE-2024-24855 has no known resolution + +# CVE-2024-24857 has no known resolution + +# CVE-2024-24858 has no known resolution + +# CVE-2024-24859 has no known resolution + +# CVE-2024-24860 has no known resolution + +# CVE-2024-24861 has no known resolution + +# CVE-2024-24864 has no known resolution diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 06c07b70c8..cbf8a18d30 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6fd0860ac9846438f226257ab515bcd612fdc379" -SRCREV_meta ?= "40dede8a165ea5894f172fede6baa0dd94d23fec" +SRCREV_machine ?= "8c4c2f0278e1c64eb5e95bfb23d6322e81090b3d" +SRCREV_meta ?= "ea5365f818fb6031ec97b8ae7a88bb83001b901e" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.1.73" +LINUX_VERSION ?= "6.1.78" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index e391074f8b..3f100b579f 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.1.inc -LINUX_VERSION ?= "6.1.73" +LINUX_VERSION ?= "6.1.78" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_meta ?= "40dede8a165ea5894f172fede6baa0dd94d23fec" +SRCREV_machine ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_meta ?= "ea5365f818fb6031ec97b8ae7a88bb83001b901e" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb index f520954646..982996b9a8 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base" KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "45e6b64447b888e94af6fa8529cf976bf8116624" -SRCREV_machine:qemuarm64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_machine:qemuloongarch64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_machine:qemumips ?= "90ea25826ce7ef511d0d93ae33c3888f3b583bf3" -SRCREV_machine:qemuppc ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_machine:qemuriscv64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_machine:qemuriscv32 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_machine:qemux86 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_machine:qemux86-64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_machine:qemumips64 ?= "59248cf67c17a987f898d9d0c81292cb5fcda858" -SRCREV_machine ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" -SRCREV_meta ?= "40dede8a165ea5894f172fede6baa0dd94d23fec" +SRCREV_machine:qemuarm ?= "2f7e672f9677d3cc448ec7e004763f76f95c7fe0" +SRCREV_machine:qemuarm64 ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_machine:qemuloongarch64 ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_machine:qemumips ?= "f6c42d90dab94077c1c8b6b7eb77d6ca85eab07e" +SRCREV_machine:qemuppc ?= "ff10270b2748ad74c93ef0abf8e76a464665c23d" +SRCREV_machine:qemuriscv64 ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_machine:qemuriscv32 ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_machine:qemux86 ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_machine:qemux86-64 ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_machine:qemumips64 ?= "01b545e3fd1f9ea66d812e281de06b07c861dd69" +SRCREV_machine ?= "d025fe8c17718aa4c837bfafee0f3aa0f830bc75" +SRCREV_meta ?= "ea5365f818fb6031ec97b8ae7a88bb83001b901e" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "fec3b1451d5febbc9e04250f879c10f8952e6bed" +SRCREV_machine:class-devupstream ?= "8b4118fabd6eb75fed19483b04dab3a036886489" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.1/base" @@ -45,7 +45,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.73" +LINUX_VERSION ?= "6.1.78" PV = "${LINUX_VERSION}+git" diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb index c09600ecbe..8fde236ab4 100644 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491" +SRC_URI[sha256sum] = "c8a61c9acf76fa7eb4239e89f640dee3e87098d9f69b4d3518c9c60fc6d20c55" inherit bin_package allarch @@ -13,7 +13,7 @@ do_install() { install -d -m0755 ${D}${nonarch_libdir}/crda install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin - install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem + install -m 0644 wens.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/wens.key.pub.pem install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/skip-aggregator-test.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/skip-aggregator-test.patch new file mode 100644 index 0000000000..81337512fd --- /dev/null +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/skip-aggregator-test.patch @@ -0,0 +1,35 @@ +From 9b72aa7cdbc2a81cffc6f855933afe90c81046d5 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Wed, 28 Feb 2024 12:40:34 +0000 +Subject: [PATCH] Skip aggregator test + +This test case is known to be flaky upstream[1] and often fails on the +autobuilder[2], so skip it until this has been resolved upstream. + +[1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410 +[2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=15054 + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + tests/check/libs/aggregator.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/check/libs/aggregator.c b/tests/check/libs/aggregator.c +index 1f2c5b4..27b3ac7 100644 +--- a/tests/check/libs/aggregator.c ++++ b/tests/check/libs/aggregator.c +@@ -1475,7 +1475,9 @@ gst_aggregator_suite (void) + tcase_add_test (general, test_flushing_seek); + tcase_add_test (general, test_infinite_seek); + tcase_add_test (general, test_infinite_seek_50_src); +- tcase_add_test (general, test_infinite_seek_50_src_live); ++ // This test case is known to be flaky, remove it until resolved: ++ // https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410 ++ // tcase_add_test (general, test_infinite_seek_50_src_live); + tcase_add_test (general, test_linear_pipeline); + tcase_add_test (general, test_two_src_pipeline); + tcase_add_test (general, test_timeout_pipeline); +-- +2.34.1 + diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.9.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.9.bb index b4ab6ad10c..9d634e35dc 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.9.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.9.bb @@ -21,6 +21,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0002-tests-add-support-for-install-the-tests.patch \ file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ + file://skip-aggregator-test.patch \ " SRC_URI[sha256sum] = "1e7124d347e8cdc80f08ec1d370c201be513002af1102bb20e83c5279cb48ebd" diff --git a/poky/meta/recipes-support/curl/curl/no-test-timeout.patch b/poky/meta/recipes-support/curl/curl/no-test-timeout.patch new file mode 100644 index 0000000000..b4cfe716db --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/no-test-timeout.patch @@ -0,0 +1,18 @@ +Set the max-time timeout to 600 so the timeout is 10 minutes instead of 13 seconds. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> + +diff --git a/tests/servers.pm b/tests/servers.pm +index d4472d509..aeab62c47 100644 +--- a/tests/servers.pm ++++ b/tests/servers.pm +@@ -120,7 +120,7 @@ my $sshdverstr; # for socks server, ssh daemon version string + my $sshderror; # for socks server, ssh daemon version error + my %doesntrun; # servers that don't work, identified by pidfile + my %PORT = (nolisten => 47); # port we use for a local non-listening service +-my $server_response_maxtime=13; ++my $server_response_maxtime=600; + my $httptlssrv = find_httptlssrv(); + my %run; # running server + my %runcert; # cert file currently in use by an ssl running server diff --git a/poky/meta/recipes-support/curl/curl/run-ptest b/poky/meta/recipes-support/curl/curl/run-ptest index 8f9c20f34d..acd2892f80 100644 --- a/poky/meta/recipes-support/curl/curl/run-ptest +++ b/poky/meta/recipes-support/curl/curl/run-ptest @@ -1,6 +1,11 @@ #!/bin/sh + cd tests -{ ./runtests.pl -a -n -s -j4 !flaky || echo "FAIL: curl" ; } | sed \ - -e 's|\([^ ]* *\) \([^ ]* *\)...OK|PASS: \1 \2|' \ - -e 's|\([^ ]* *\) \([^ ]* *\)...FAILED|FAIL: \1 \2|' \ - -e 's/Warning: test[0-9]\+ not present in tests\/data\/Makefile.inc//' + +# Run all tests, don't stop on first failure +# Don't use valgrind if it is found +# Use automake-style output +# Run four tests in parallel +# Print log output on failure +# Don't run the flaky or timing dependent tests +./runtests.pl -a -n -am -j4 -p '!flaky !timing-dependent' diff --git a/poky/meta/recipes-support/curl/curl_8.4.0.bb b/poky/meta/recipes-support/curl/curl_8.4.0.bb index 977404c963..0b89542fde 100644 --- a/poky/meta/recipes-support/curl/curl_8.4.0.bb +++ b/poky/meta/recipes-support/curl/curl_8.4.0.bb @@ -15,6 +15,7 @@ SRC_URI = " \ file://disable-tests \ file://CVE-2023-46218.patch \ file://CVE-2023-46219.patch \ + file://no-test-timeout.patch \ " SRC_URI[sha256sum] = "16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d" @@ -127,6 +128,7 @@ RDEPENDS:${PN}-ptest += " \ perl-module-storable \ perl-module-time-hires \ " +RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us" PACKAGES =+ "lib${BPN}" diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.8.1.bb b/poky/meta/recipes-support/gnutls/gnutls_3.8.3.bb index 455031dd47..27d6753be0 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.8.1.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.8.3.bb @@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://Add-ptest-support.patch \ " -SRC_URI[sha256sum] = "ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c" +SRC_URI[sha256sum] = "f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index 6b440d8947..906aa53a16 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".2130" -SRCREV = "075ad7047457debfeef13442c01e74088b461092" +PV .= ".2190" +SRCREV = "6a950da86d7a6eb09d5ebeab17657986420d07ac" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" |