diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2022-07-29 18:24:38 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2022-07-29 18:26:37 +0300 |
commit | cb2a94c39eddda6e0df65f98fff97cce711c9134 (patch) | |
tree | 0233c00d99735de440f920eb45ef10d47e14c00a /poky/meta/classes | |
parent | 322e9fc9c6aafb1be6757915ca920b5170642aa7 (diff) | |
download | openbmc-c781663ad79d179da0819bdbc654e8f86bb05c92.tar.xz |
subtree updates2.12.0-rc1
meta-openembedded: 5357c7a40e..a47ef04661:
Adrian Fiergolski (1):
python3-matplotlib: add missing dependency
Adrian Freihofer (2):
conntrack-tools: fix postinst script
modemmanager: update to 1.18.8
Akash Hadke (2):
ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"
iperf: Set CVE_PRODUCT to "iperf_project:iperf"
Armin Kuster (5):
meta-oe-image: fix build depends
meta-python-image: Fix build depends
meta-gnome: fix layer depends.
mariadb: update to 10.7.4
mariadb: Fix i386 Clang builds
Ashish Sharma (1):
netserver: don't change permissions on /dev/null
Aurélien Bertron (1):
fix(syslog-ng): warning about conf version
Bartosz Golaszewski (2):
python3-speedtest-cli: fix RDEPENDS
python3-pybluez: fix a runtime issue with python 3.10
Bassem Boubaker (1):
conntrack-tools: Fix missing capability
Changqing Li (5):
chrony: create /var/lib/chrony by systemd-tmpfiles
redis: upgrade 6.2.6 -> 6.2.7
redis: upgrade 7.0-rc3 -> 7.0.2
apache2: upgrade 2.4.53 -> 2.4.54
zabbix: upgrade 5.2.6 -> 5.4.12
Chen Qi (1):
ntfs-3g-ntfsprogs: upgrade to 2022.5.17
Davide Gardenal (11):
emlog: ignore unrelated CVEs
imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
usrsctp: add CVE_VERSION to correctly check for CVEs
openflow: ignore CVE-2018-1078
ntp: ignore many CVEs
wireshark: upgrade 3.4.11 -> 3.4.12
thrift: add CVE_PRODUCT to fix CVE reporting
spice: ignore patched CVEs
quagga: ignore CVE-2016-4049
freeradius: ignore patched CVEs
openflow: ignore unrelated CVEs
Denys Dmytriyenko (3):
devmem2: reinstate previous patches, removed by mistake
devmem2: add support for different page sizes
devmem2: the source and patches moved to github repo
Diego Sueiro (1):
bats: upgrade 1.6.0 -> 1.6.1
Gianfranco (2):
sdbus-c++-libsystemd: Bump SRCREV to last commit of 250-stable branch
libmtp: Add doxygen-native dependency in case documentation build is enabled in PACKAGECONFIG. This fixes a FTBFS due to missing dependency.
Gianfranco Costamagna (1):
vboxguestdrivers: upgrade 6.1.32 -> 6.1.34
Hitendra Prajapati (1):
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
Javier Viguera (1):
networkmanager: fix build with enabled ppp
Jeremy Puhlman (1):
freeradius: mutlilib fixes
Jiaqing Zhao (2):
openldap: Remove libgcrypt dependency
openldap: Upgrade 2.5.9 -> 2.5.12
Joerg Vehlow (1):
jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF
Julien STEPHAN (1):
libcamera: fix packaging
Kai Kang (4):
conntrack-tools: fix postinst script
python3-wxgtk4: backport patch to fix svg issue
libportal: add distro features check
graphviz: rrecommends on liberation-fonts
Khem Raj (11):
ufw: Fix packaging errors found with ppc64
libcereal: Enable for glibc/ppc
mimic: Use special rateconv.c license
makedumpfile: Use right TARGET for ppc32
evince: Add dbus to depnedencies on non-x11 builds
evolution-data-server: Do not pass --library-path to gir compiler
python3-wxgtk4: Needs x11 for sip module
unattended-upgrades: Disable auto-detecting modules
sdbus-c++: Link with libatomic on mips/ppc32
sdbus-c++: Link with libatomic for rv32
sdbus-c++-libsystemd: Fix patch fuzz
Markus Volk (1):
minidlna: fix obsolete license warning
Martin Jansa (3):
ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay
leveldb: switch from master branch to main
tesseract-lang: switch from master branch to main
Michael Opdenacker (1):
devmem2: update SRC_URI according to redirect
Mingli Yu (1):
s-nail: Set VAL_MTA
Nicolas Dechesne (1):
imlib2: update SRC_URI
Peter Marko (1):
libgpiod: move test dependencies to ptest package
Richard Neill (1):
bats: Add patch to fix false-negatives caused by teardown code
Wentao Zhang (1):
protobuf-c: update to 1.4.1 fix CVE-2022-33070
Xu Huan (1):
python3-astroid: upgrade 2.11.2 -> 2.11.3
Yi Zhao (4):
frr: inherit autotools-brokensep instead of autotools
networkmanager: fix parallel build failure
dnsmasq: Security fix CVE-2022-0934
strongswan: upgrade 5.9.5 -> 5.9.6
Yue Tao (2):
exo: upgrade 4.16.3 -> 4.16.4
dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291
wangmy (5):
php: upgrade 8.1.4 -> 8.1.5
php: upgrade 8.1.5 -> 8.1.6
postgresql: upgrade 14.2 -> 14.3
postgresql: upgrade 14.3 -> 14.4
php: upgrade 8.1.6 -> 8.1.7
meta-security: 93f2146211..c79262a30b:
Anton Antonov (1):
Parsec-service: Update installation procedure
Armin Kuster (5):
fscrypt: add distro_check on pam
aide: Update 01.17.4
tpm2-pkcs11: tpm2-pkcs11 module missing
tpm2-tools: Add missing rdepends
oeqa/cases/tpm2: fix and enhance test suite
Davide Gardenal (1):
sssd: ignore CVE-2018-16838
Jeremy A. Puhlman (5):
aide: Add depend on audit when audit is enabled.
lib-perl: prefix man pages to avoid conflicting with base perl
libmhash: add multilib header
python3-privacyidea: add correct path to lib/privacyidea
clamav: make install owner match the added user name
Jose Quaresma (1):
meta-integrity: kernel-modsign: prevents splitting out debug symbols
poky: d84c73d1ef..e4b5c35fd4:
Ahmed Hossam (1):
insane.bbclass: host-user-contaminated: Correct per package home path
Alejandro Hernandez Samaniego (2):
package.bbclass: Fix base directory for debugsource files when using externalsrc
package.bbclass: Fix kernel source handling when not using externalsrc
Alex Kiernan (1):
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
Alexander Kanavin (41):
systemd: upgrade 250.4 -> 250.5
mesa: upgrade 22.0.0 -> 22.0.2
bind: upgrade 9.18.1 -> 9.18.2
cronie: upgrade 1.6.0 -> 1.6.1
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
libinput: upgrade 1.19.3 -> 1.19.4
sqlite3: upgrade 3.38.2 -> 3.38.3
webkitgtk: upgrade 2.36.0 -> 2.36.1
xwayland: upgrade 22.1.0 -> 22.1.1
mmc-utils: upgrade to latest revision
gst-devtools: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2
gstreamer1.0: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2
libcgroup: upgrade 2.0.1 -> 2.0.2
mesa: upgrade 22.0.2 -> 22.0.3
mobile-broadband-provider-info: upgrade 20220315 -> 20220511
sqlite3: upgrade 3.38.3 -> 3.38.5
bash: submit patch upstream
valgrind: submit arm patches upstream
zip/unzip: mark all submittable patches as Inactive-Upstream
python3: use built-in distutils for ptest, rather than setuptools' 'fork'
wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
oeqa/sdk: drop the nativesdk-python 2.x test
at: take tarballs from debian
openssl: update 3.0.4 -> 3.0.5
gstreamer1.0: upgrade 1.20.2 -> 1.20.3
weston: update 10.0.0 -> 10.0.1
glib-2.0: upgrade 2.72.2 -> 2.72.3
glib-networking: upgrade 2.72.0 -> 2.72.1
libsoup: upgrade 3.0.6 -> 3.0.7
waffle: correctly request wayland-scanner executable
Aryaman Gupta (1):
e2fsprogs: update upstream status
Bruce Ashfield (48):
linux-yocto/5.10: update to v5.10.110
linux-yocto/5.10: base: enable kernel crypto userspace API
linux-yocto/5.10: update to v5.10.112
linux-yocto/5.15: arm: poky-tiny cleanup and fixes
linux-yocto/5.15: update to v5.15.33
linux-yocto/5.15: base: enable kernel crypto userspace API
linux-yocto/5.15: kasan: fix BUG: sleeping function called from invalid context
linux-yocto/5.15: fix ppc boot
linux-yocto/5.15: netfilter: conntrack: avoid useless indirection during conntrack destruction
linux-yocto/5.15: update to v5.15.35
linux-yocto/5.15: Fix CVE-2022-28796
linux-yocto: enable powerpc debug fragment
linux-yocto/5.15: fix -standard kernel build issue
linux-yocto/5.15: update to v5.15.36
linux-yocto/5.15: fix qemuarm graphical boot
strace: fix ptest failure in landlock
yocto-bsps: update to v5.15.36
linux-yocto/5.15: update to v5.15.37
linux-yocto/5.10: update to v5.10.113
linux-yocto/5.15: update to v5.15.38
linux-yocto/5.10: update to v5.10.114
linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default
linux-yocto/5.15: update to v5.15.43
linux-yocto/5.10: update to v5.10.118
linux-yocto/5.15: Enable MDIO bus config
linux-yocto/5.15: cfg/xen: Move x86 configs to separate file
linux-yocto/5.15: update to v5.15.44
linux-yocto/5.10: update to v5.10.119
lttng-modules: fix build against 5.18-rc7+
linux-yocto/5.10: update to v5.10.121
linux-yocto/5.10: update to v5.10.123
linux-yocto/5.10: update to v5.10.128
linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
linux-yocto/5.10: fix buildpaths issue with gen-mach-types
linux-yocto/5.10: update to v5.10.130
linux-yocto/5.10: fix buildpaths issue with pnmtologo
linux-yocto/5.15: update to v5.15.46
linux-yocto/5.15: update to v5.15.48
linux-yocto/5.15: drop obselete GPIO sysfs ABI
linux-yocto/5.15: update to v5.15.52
linux-yocto/5.15: fix qemuppc buildpaths warning
linux-yocto/5.15: fix build_OID_registry buildpaths warning
linux-yocto/5.15: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: update to v5.15.54
linux-yocto/5.15: fix buildpaths issue with pnmtologo
kernel-devsrc: fix reproducibility and buildpaths QA warning
kernel-devsrc: ppc32: fix reproducibility
perf: fix reproducibility in 5.19+
Chanho Park (2):
cargo_common.bbclass: enable bitbake vendoring for externalsrc
externalsrc.bbclass: support crate fetcher on externalsrc
Chen Qi (1):
go-helloworld: remove unused GO_WORKDIR
Christoph Lauer (1):
package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo
Claudius Heine (2):
overlayfs: add docs about skipping QA check & service dependencies
classes: rootfs-postcommands: add skip option to overlayfs_qa_check
David Bagonyi (1):
sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity
Davide Gardenal (14):
cve-check: add JSON format to summary output
cve-check: fix symlinks where link and output path are equal
rootfs-postcommands: fix symlinks where link and output path are equal
openssl: minor security upgrade 3.0.2 -> 3.0.3
freetype: backport patch for CVE-2022-27404
freetype: backport patch for CVE-2022-27405
freetype: backport patch for CVE-2022-27406
qemu: backport patch for CVE-2021-4206
qemu: backport patch for CVE-2021-4207
base-passwd: Disable shell for default users
libpcre2: upgrade 10.39 -> 10.40
ncurses: update to patchlevel 20220423
baremetal-image: fix broken symlink in do_rootfs
efivar: add musl libc compatibility
Dmitry Baryshkov (6):
linux-firmware: upgrade 20220411 -> 20220509
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
linux-firmware: package new Qualcomm firmware
linux-firmware: split ath3k firmware
linux-firmware: add support for building snapshots
linux-firmware: upgrade 20220509 -> 20220610
Ernst Sjöstrand (2):
cve-check: Add helper for symlink handling
cve-check: Only include installed packages for rootfs manifest
Felix Moessbauer (1):
wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions
Gunjan Gupta (1):
bitbake: fetch2/osc: Small fixes for osc fetcher
He Zhe (1):
lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel
Hitendra Prajapati (1):
pcre2: CVE-2022-1586 Out-of-bounds read
Jack Mitchell (1):
meson.bbclass: add cython binary to cross/native toolchain config
Jeremy Puhlman (1):
gcc: depend on zstd-native
Jiaqing Zhao (8):
libxml2: Upgrade 2.9.13 -> 2.9.14
sed: Specify shell for "nobody" user in run-ptest
strace: Don't run ptest as "nobody"
systemd: Drop 0001-test-parse-argument-Include-signal.h.patch
systemd: Remove __compare_fn_t type in musl-specific patch
systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch
systemd: Correct path returned in sd_path_lookup()
systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch
Joerg Vehlow (1):
libseccomp: Add missing files for ptests
Jon Mason (2):
poky-tiny: enable qemuarmv5/qemuarm64 and cleanups
qemuarmv5: use arm-versatile-926ejs KMACHINE
Jose Quaresma (3):
archiver: use bb.note instead of echo
archiver: don't use machine variables in shared recipes
curl: backport openssl fix CN check error code
Justin Bronder (1):
pulseaudio: conditionally depend on alsa-plugins-pulseaudio-conf
Kai Kang (2):
xxhash: fix build with gcc 12
glibc-tests: not clear BBCLASSEXTEND
Khem Raj (11):
kmod: Enable xz support by default
qemu: Add packageconfig for libbpf support
linux-yocto: Enable powerpc-debug fragment for ppc64 LE
systemd: Fix build regression with latest update
ovmf: Fix native build with gcc-12
gcc: Upgrade to 11.3 release
systemd: Drop redundant musl patches
systemd: Document future actions needed for set of musl patches
systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
systemd: Update patch status
libmodule-build-perl: Use env utility to find perl interpreter
Konrad Weihmann (1):
linux-firmware: replace mkdir by install
Lee Chee Yang (1):
ghostscript: fix CVE-2022-2085
Lucas Stach (1):
perf: sort-pmuevents: really keep array terminators
Marcel Ziswiler (1):
alsa-plugins: fix libavtp vs. avtp packageconfig
Markus Volk (2):
mesa.inc: package 00-radv-defaults.conf
python3: Backport patch to fix an issue in subinterpreters
Marta Rybczynska (9):
cve-update-db-native: update the CVE database once a day only
cve-update-db-native: let the user to drive the update interval
cve-check: Fix report generation
cve-check: move update_symlinks to a library
cve-check: write empty fragment files in the text mode
cve-check: fix return type in check_cves
cve-update-db-native: make it possible to disable database updates
cve-check: add support for Ignored CVEs
oeqa/selftest/cve_check: add tests for Ignored and partial reports
Martin Jansa (9):
staging.bbclass: process direct dependencies in deterministic order
insane.bbclass: make sure to close .patch files
makedevs: Don't use COPYING.patch just to add license file into ${S}
patch.py: make sure that patches/series file exists before quilt pop
lttng-modules: fix shell syntax
buildhistory.bbclass: fix shell syntax when using dash
rootfs.py: close kernel_abi_ver_file
mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
wic: fix WicError message
Matt Madison (1):
bitbake: providers: use local variable for packages_dynamic pattern
Maxime Roussin-Bélanger (1):
libffi: fix native build being not portable
Michael Opdenacker (4):
rootfs-postcommands.bbclass: correct comments
manuals: switch to the sstate mirror shared between all versions
docs: BB_HASHSERVE_UPSTREAM: update to new host
ref-manual: variables: remove sphinx directive from literal block
Ming Liu (3):
udev-extraconf: let automount base directory configurable
udev-extraconf: fix some systemd automount issues
udev-extraconf:mount.sh: fix path mismatching issues
Mingli Yu (2):
perl: Fix build with gcc-12
oescripts: change compare logic in OEListPackageconfigTests
Muhammad Hamza (6):
initramfs-framework: move storage mounts to actual rootfs
udev-extraconf/mount.sh: add LABELs to mountpoints
udev-extraconf/mount.sh: save mount name in our tmp filecache
udev-extraconf/mount.sh: only mount devices on hotplug
udev-extraconf: force systemd-udevd to use shared MountFlags
udev-extraconf/mount.sh: ignore lvm in automount
Naveen Saini (1):
pciutils: avoid lspci conflict with busybox
Nick Potenski (1):
systemd: systemd-systemctl: Support instance conf files during enable
Pascal Bach (1):
bin_package: install into base_prefix
Paul Eggleton (4):
devtool: ignore pn- overrides when determining SRC_URI overrides
patch: handle if S points to a subdirectory of a git repo
devtool: finish: handle patching when S points to subdir of a git repo
oe-selftest: devtool: test modify git recipe building from a subdir
Paulo Neves (2):
python: Avoid shebang overflow on python-config.py
gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
Pavel Zhukov (3):
bitbake.conf: Make TCLIBC and TCMODE lazy assigned
systemd: update 0008-add-missing-FTW_-macros-for-musl.patch
harfbuzz: Fix compilation with clang
Peter Bergin (1):
rust: fix issue building cross-canadian tools for aarch64 on x86_64
Peter Kjellerstedt (4):
license_image.bbclass: Make QA errors fail the build
libseccomp: Correct LIC_FILES_CHKSUM
license.bbclass: Bound beginline and endline in copy_license_files()
base.bbclass: Correct the test for obsolete license exceptions
Peter Marko (2):
openssl: extract legacy provider module to a separate package
alsa-state: correct license
Pgowda (1):
binutils : CVE-2019-1010204
Portia (1):
volatile-binds: Change DefaultDependencies from false to no
Raju Kumar Pothuraju (1):
kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set
Rasmus Villemoes (1):
e2fsprogs: add alternatives handling of lsattr as well
Richard Purdie (79):
bitbake: tests/parse: Fix one test overwriting another
bitbake: server/process: Drop unused import
bitbake: ui/buildinfohelper: Drop unused import
bitbake: cooker: Drop unused loop
bitbake: msg: Drop unused local variable
bitbake: buildinfohelper: Drop unused function
bitbake: fetch2/crate: Drop unused import
bitbake: siggen: Drop pointless break statement
bitbake: ui/knotty: Drop pointless pass statement
bitbake: persist_data: Use a valid exception for missing implementation
bitbake: runqueue: Drop pointless variable assignment
bitbake: buildinfohelper: Drop unused variables
bitbake: fetch2/osc: Add missing parameter
bitbake: runqueue: Fix sig file location when using multiconfig
bitbake: fetch/git : Use cat as pager
lib/sstatesig: Fix find_siginfo to match sstate filename generation
base: Avoid circular references to our own scripts
scripts: Make git intercept global
scripts/git: Ensure we don't have circular references
package: Ensure we track whether PRSERV was active or not
abi_version/sstate: Bump hashequiv and sstate versions due to git changes
build-appliance-image: Update to kirkstone head revision
vim: Upgrade 8.2.4681 -> 8.2.4912
cairo: Add missing GPLv3 license checksum entry
sanity: Don't warn about make 4.2.1 for mint
bitbake: build: Add clean_stamp API function to allow removal of task stamps
staging: Fix rare sysroot corruption issue
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES
vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210
libxslt: Mark CVE-2022-29824 as not applying
cve-extra-exclusions: Add kernel CVEs
cve-check: Allow warnings to be disabled
rust-common: Fix sstate signatures between arm hf and non-hf
rust-common: Drop LLVM_TARGET and simplify
rust-common: Fix native signature dependency issues
lzo: Add further info to a patch and mark as Inactive-Upstream
glib-2.0: upgrade 2.72.1 -> 2.72.2
libxkbcommon: upgrade 1.4.0 -> 1.4.1
gtk+3: upgrade 3.24.33 -> 3.24.34
webkitgtk: upgrade 2.36.1 -> 2.36.3
openssl: Backport fix for ptest cert expiry
gcc-cross-canadian: Add nativesdk-zstd dependency
local.conf.sample: Update sstate url to new 'all' path
sanity: Switch to make 4.0 as a minimum version
perl: Add dependency on make-native to avoid race issues
glibc: Drop make-native dependency
vim: Upgrade 8.2.5034 -> 8.2.5083
uboot-sign: Fix potential index error issues
selftest/multiconfig: Test that multiconfigs in separate layers works
gcc-source: Fix incorrect task dependencies from ${B}
liberror-perl: Update sstate/equiv versions to clean cache
python3: Remove problematic paths from sysroot files
python3: Ensure stale empty python module directories don't break the build
bitbake: server/process: Fix logging issues where only the first message was displayed
build-appliance-image: Update to kirkstone head revision
unzip: Port debian fixes for two CVEs
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
vim: 8.2.5083 -> 9.0.0005
openssl: Upgrade 3.0.3 -> 3.0.4
coreutils: Tweak packaging variable names for coreutils-dev
oeqa/runtime/scp: Disable scp test for dropbear
packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
oe-selftest-image: Ensure the image has sftp as well as dropbear
qemu: Avoid accidental librdmacm linkage
glibc-tests: Avoid reproducibility issues
qemu: Fix slirp determinism issue
qemu: Add PACKAGECONFIG for brlapi
gperf: Add a patch to work around reproducibility issues
gperf: Switch to upstream patch
udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist
insane: Fix buildpaths test to work with special devices
lua: Fix multilib buildpath reproducibility issues
vala: Fix on target wrapper buildpaths issue
gtk-doc: Remove hardcoded buildpath
kernel-arch: Fix buildpaths leaking into external module compiles
gcc-runtime: Fix build when using gold
gcc-runtime: Fix missing MLPREFIX in debug mappings
selftest/runtime_test/virgl: Disable for all almalinux
Robert Joslyn (3):
powerpc: Remove invalid GLIBC_EXTRA_OECONF
curl: Backport CVE fixes
curl: Fix multiple CVEs
Robert Yang (1):
bitbake: fetch2/ssh.py: decode path back for ssh
Roland Hieber (1):
bitbake: cache: correctly handle file names containing colons
Ross Burton (12):
cve-check: no need to depend on the fetch task
oeqa/selftest: add test for git working correctly inside pseudo
Revert "bitbake.conf: mark all directories as safe for git to read"
oeqa/selftest/cve_check: add tests for recipe and image reports
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
cups: ignore CVE-2022-26691
busybox: fix CVE-2022-30065
cve-check: hook cleanup to the BuildCompleted event, not CookerExit
tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
vim: upgrade to 9.0.0021
perl: don't install Makefile.old into perl-ptest
pulseaudio: add m4-native to DEPENDS
Sakib Sajal (1):
u-boot: fix CVE-2022-34835
Samuli Piippo (1):
binutils: Bump to latest 2.38 release branch
Sean Anderson (1):
rootfs.py: find .ko.zst kernel modules
Stefan Wiehler (1):
kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
Steve Sakoman (11):
scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng
poky.conf: bump version for 4.0.1 release
virgl: skip headless test on alma 8.6
python3: fix reproducibility issue with python3-core
go: upgrade 1.17.8 -> 1.17.10
poky.conf: bump version for 4.0.2
openssh: break dependency on base package for -dev package
dropbear: break dependency on base package for -dev package
ruby: add PACKAGECONFIG for capstone
qemu: add PACKAGECONFIG for capstone
qemu: Avoid accidental libvdeplug linkage
Sundeep KOKKONDA (4):
rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets
rust-common: Fix for target definitions returning 'NoneType' for arm
glibc: stable 2.35 branch updates
binutils : stable 2.38 branch updates
Thomas Roos (1):
recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG
Tomasz Dziendzielski (1):
bitbake: data: Do not depend on vardepvalueexclude flag
Wentao Zhang (1):
harfbuzz: fix CVE-2022-33068
Xiaobing Luo (1):
devtool: Fix _copy_file() TypeError
Yi Zhao (2):
popt: fix override syntax in RDEPENDS
git: fix override syntax in RDEPENDS
leimaohui (1):
cve-check.bbclass: Added do_populate_sdk[recrdeptask].
wangmy (15):
librepo: upgrade 1.14.2 -> 1.14.3
cups: upgrade 2.4.1 -> 2.4.2
logrotate: upgrade 3.19.0 -> 3.20.1
iso-codes: upgrade 4.9.0 -> 4.10.0
lttng-ust: upgrade 2.13.2 -> 2.13.3
gst-devtools: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie30881bf20846b7311381bed443623fce8912406
Diffstat (limited to 'poky/meta/classes')
25 files changed, 308 insertions, 146 deletions
diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index c19c770d11..33070cd17f 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -55,9 +55,10 @@ ARCHIVER_MODE[compression] ?= "xz" DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources" ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources" -ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/" +ARCHIVER_ARCH = "${TARGET_SYS}" +ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${ARCHIVER_ARCH}/${PF}/" ARCHIVER_RPMTOPDIR ?= "${WORKDIR}/deploy-sources-rpm" -ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${TARGET_SYS}/${PF}/" +ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${ARCHIVER_ARCH}/${PF}/" ARCHIVER_WORKDIR = "${WORKDIR}/archiver-work/" # When producing a combined mirror directory, allow duplicates for the case @@ -101,6 +102,10 @@ python () { bb.debug(1, 'archiver: %s is excluded, covered by gcc-source' % pn) return + # TARGET_SYS in ARCHIVER_ARCH will break the stamp for gcc-source in multiconfig + if pn.startswith('gcc-source'): + d.setVar('ARCHIVER_ARCH', "allarch") + def hasTask(task): return bool(d.getVarFlag(task, "task", False)) and not bool(d.getVarFlag(task, "noexec", False)) @@ -579,7 +584,7 @@ python do_dumpdata () { SSTATETASKS += "do_deploy_archives" do_deploy_archives () { - echo "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}." + bbnote "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}." } python do_deploy_archives_setscene () { sstate_setscene(d) diff --git a/poky/meta/classes/baremetal-image.bbclass b/poky/meta/classes/baremetal-image.bbclass index 81f5e5e93d..cb9e250350 100644 --- a/poky/meta/classes/baremetal-image.bbclass +++ b/poky/meta/classes/baremetal-image.bbclass @@ -47,9 +47,10 @@ python do_rootfs(){ Path(manifest_name).touch() if os.path.exists(manifest_name) and link_name: manifest_link = deploy_dir + "/" + link_name + ".manifest" - if os.path.lexists(manifest_link): - os.remove(manifest_link) - os.symlink(os.path.basename(manifest_name), manifest_link) + if manifest_link != manifest_name: + if os.path.lexists(manifest_link): + os.remove(manifest_link) + os.symlink(os.path.basename(manifest_name), manifest_link) # A lot of postprocess commands assume the existence of rootfs/etc sysconfdir = d.getVar("IMAGE_ROOTFS") + d.getVar('sysconfdir') bb.utils.mkdirhier(sysconfdir) diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass index 3515720bf9..0cf27fbb91 100644 --- a/poky/meta/classes/base.bbclass +++ b/poky/meta/classes/base.bbclass @@ -115,6 +115,10 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True): tools = d.getVar(toolsvar).split() origbbenv = d.getVar("BB_ORIGENV", False) path = origbbenv.getVar("PATH") + # Need to ignore our own scripts directories to avoid circular links + for p in path.split(":"): + if p.endswith("/scripts"): + path = path.replace(p, "/ignoreme") bb.utils.mkdirhier(dest) notfound = [] for tool in tools: @@ -592,9 +596,9 @@ python () { for lic_exception in exceptions: if ":" in lic_exception: - lic_exception.split(":")[0] + lic_exception = lic_exception.split(":")[1] if lic_exception in oe.license.obsolete_license_list(): - bb.fatal("Invalid license %s used in INCOMPATIBLE_LICENSE_EXCEPTIONS" % lic_exception) + bb.fatal("Obsolete license %s used in INCOMPATIBLE_LICENSE_EXCEPTIONS" % lic_exception) pkgs = d.getVar('PACKAGES').split() skipped_pkgs = {} diff --git a/poky/meta/classes/bin_package.bbclass b/poky/meta/classes/bin_package.bbclass index c3aca20443..f0407e1329 100644 --- a/poky/meta/classes/bin_package.bbclass +++ b/poky/meta/classes/bin_package.bbclass @@ -30,8 +30,9 @@ bin_package_do_install () { bbfatal bin_package has nothing to install. Be sure the SRC_URI unpacks into S. fi cd ${S} + install -d ${D}${base_prefix} tar --no-same-owner --exclude='./patches' --exclude='./.pc' -cpf - . \ - | tar --no-same-owner -xpf - -C ${D} + | tar --no-same-owner -xpf - -C ${D}${base_prefix} } FILES:${PN} = "/" diff --git a/poky/meta/classes/buildhistory.bbclass b/poky/meta/classes/buildhistory.bbclass index 8db79a4829..4345ffc693 100644 --- a/poky/meta/classes/buildhistory.bbclass +++ b/poky/meta/classes/buildhistory.bbclass @@ -508,7 +508,7 @@ buildhistory_get_installed() { # Set correct pkgdatadir pkgdatadir=${PKGDATA_DIR} - if [ "$2" == "sdk" ] && [ "$3" == "host" ]; then + if [ "$2" = "sdk" ] && [ "$3" = "host" ] ; then pkgdatadir="${PKGDATA_DIR_SDK}" fi diff --git a/poky/meta/classes/cargo_common.bbclass b/poky/meta/classes/cargo_common.bbclass index 90fad75415..39f32829fd 100644 --- a/poky/meta/classes/cargo_common.bbclass +++ b/poky/meta/classes/cargo_common.bbclass @@ -45,7 +45,7 @@ cargo_common_do_configure () { directory = "${CARGO_VENDORING_DIRECTORY}" EOF - if [ -z "${EXTERNALSRC}" ] && [ ${CARGO_DISABLE_BITBAKE_VENDORING} = "0" ]; then + if [ ${CARGO_DISABLE_BITBAKE_VENDORING} = "0" ]; then cat <<- EOF >> ${CARGO_HOME}/config [source.crates-io] diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 78516d0bb6..da7f93371c 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -47,8 +47,11 @@ CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" +# Report Patched or Ignored CVEs CVE_CHECK_REPORT_PATCHED ??= "1" +CVE_CHECK_SHOW_WARNINGS ??= "1" + # Provide text output CVE_CHECK_FORMAT_TEXT ??= "1" @@ -79,9 +82,31 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" # set to "alphabetical" for version using single alphabetical character as increment release CVE_VERSION_SUFFIX ??= "" +def generate_json_report(d, out_path, link_path): + if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): + import json + from oe.cve_check import cve_check_merge_jsons, update_symlinks + + bb.note("Generating JSON CVE summary") + index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") + summary = {"version":"1", "package": []} + with open(index_file) as f: + filename = f.readline() + while filename: + with open(filename.rstrip()) as j: + data = json.load(j) + cve_check_merge_jsons(summary, data) + filename = f.readline() + + with open(out_path, "w") as f: + json.dump(summary, f, indent=2) + + update_symlinks(out_path, link_path) + python cve_save_summary_handler () { import shutil import datetime + from oe.cve_check import update_symlinks cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") @@ -94,13 +119,15 @@ python cve_save_summary_handler () { if os.path.exists(cve_tmp_file): shutil.copyfile(cve_tmp_file, cve_summary_file) + cvefile_link = os.path.join(cvelogpath, cve_summary_name) + update_symlinks(cve_summary_file, cvefile_link) + bb.plain("Complete CVE report summary created at: %s" % cvefile_link) - if cve_summary_file and os.path.exists(cve_summary_file): - cvefile_link = os.path.join(cvelogpath, cve_summary_name) - - if os.path.exists(os.path.realpath(cvefile_link)): - os.remove(cvefile_link) - os.symlink(os.path.basename(cve_summary_file), cvefile_link) + if d.getVar("CVE_CHECK_FORMAT_JSON") == "1": + json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) + json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp)) + generate_json_report(d, json_summary_name, json_summary_link_name) + bb.plain("Complete CVE JSON report summary created at: %s" % json_summary_link_name) } addhandler cve_save_summary_handler @@ -119,14 +146,14 @@ python do_cve_check () { bb.fatal("Failure in searching patches") ignored, patched, unpatched, status = check_cves(d, patched_cves) if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): - cve_data = get_cve_info(d, patched + unpatched) + cve_data = get_cve_info(d, patched + unpatched + ignored) cve_write_data(d, patched, unpatched, ignored, cve_data, status) else: bb.note("No CVE database found, skipping CVE check") } -addtask cve_check before do_build after do_fetch +addtask cve_check before do_build do_cve_check[depends] = "cve-update-db-native:do_fetch" do_cve_check[nostamp] = "1" @@ -139,7 +166,7 @@ python cve_check_cleanup () { } addhandler cve_check_cleanup -cve_check_cleanup[eventmask] = "bb.cooker.CookerExit" +cve_check_cleanup[eventmask] = "bb.event.BuildCompleted" python cve_check_write_rootfs_manifest () { """ @@ -147,7 +174,9 @@ python cve_check_write_rootfs_manifest () { """ import shutil - from oe.cve_check import cve_check_merge_jsons + import json + from oe.rootfs import image_list_installed_packages + from oe.cve_check import cve_check_merge_jsons, update_symlinks if d.getVar("CVE_CHECK_COPY_FILES") == "1": deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") @@ -157,47 +186,68 @@ python cve_check_write_rootfs_manifest () { if os.path.exists(deploy_file_json): bb.utils.remove(deploy_file_json) - if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")): - bb.note("Writing rootfs CVE manifest") - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") - link_name = d.getVar("IMAGE_LINK_NAME") + # Create a list of relevant recipies + recipies = set() + for pkg in list(image_list_installed_packages(d)): + pkg_info = os.path.join(d.getVar('PKGDATA_DIR'), + 'runtime-reverse', pkg) + pkg_data = oe.packagedata.read_pkgdatafile(pkg_info) + recipies.add(pkg_data["PN"]) + + bb.note("Writing rootfs CVE manifest") + deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") + link_name = d.getVar("IMAGE_LINK_NAME") + + json_data = {"version":"1", "package": []} + text_data = "" + enable_json = d.getVar("CVE_CHECK_FORMAT_JSON") == "1" + enable_text = d.getVar("CVE_CHECK_FORMAT_TEXT") == "1" + + save_pn = d.getVar("PN") + + for pkg in recipies: + # To be able to use the CVE_CHECK_RECIPE_FILE variable we have to evaluate + # it with the different PN names set each time. + d.setVar("PN", pkg) + if enable_text: + pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE") + if os.path.exists(pkgfilepath): + with open(pkgfilepath) as pfile: + text_data += pfile.read() + + if enable_json: + pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE_JSON") + if os.path.exists(pkgfilepath): + with open(pkgfilepath) as j: + data = json.load(j) + cve_check_merge_jsons(json_data, data) + + d.setVar("PN", save_pn) + + if enable_text: + link_path = os.path.join(deploy_dir, "%s.cve" % link_name) manifest_name = d.getVar("CVE_CHECK_MANIFEST") - cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") - bb.utils.mkdirhier(os.path.dirname(manifest_name)) - shutil.copyfile(cve_tmp_file, manifest_name) + with open(manifest_name, "w") as f: + f.write(text_data) - if manifest_name and os.path.exists(manifest_name): - manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name) - # If we already have another manifest, update symlinks - if os.path.exists(os.path.realpath(manifest_link)): - os.remove(manifest_link) - os.symlink(os.path.basename(manifest_name), manifest_link) - bb.plain("Image CVE report stored in: %s" % manifest_name) + update_symlinks(manifest_name, link_path) + bb.plain("Image CVE report stored in: %s" % manifest_name) - if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): - import json - bb.note("Generating JSON CVE manifest") - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") - link_name = d.getVar("IMAGE_LINK_NAME") + if enable_json: + link_path = os.path.join(deploy_dir, "%s.json" % link_name) manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") - index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") - manifest = {"version":"1", "package": []} - with open(index_file) as f: - filename = f.readline() - while filename: - with open(filename.rstrip()) as j: - data = json.load(j) - cve_check_merge_jsons(manifest, data) - filename = f.readline() with open(manifest_name, "w") as f: - json.dump(manifest, f, indent=2) - bb.plain("Image CVE report stored in: %s" % manifest_name) + json.dump(json_data, f, indent=2) + + update_symlinks(manifest_name, link_path) + bb.plain("Image CVE JSON report stored in: %s" % manifest_name) } ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" do_rootfs[recrdeptask] += "${@'do_cve_check' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" +do_populate_sdk[recrdeptask] += "${@'do_cve_check' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" def check_cves(d, patched_cves): """ @@ -210,13 +260,14 @@ def check_cves(d, patched_cves): suffix = d.getVar("CVE_VERSION_SUFFIX") cves_unpatched = [] + cves_ignored = [] cves_status = [] cves_in_recipe = False # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) products = d.getVar("CVE_PRODUCT").split() # If this has been unset then we're not scanning for CVEs here (for example, image recipes) if not products: - return ([], [], [], {}) + return ([], [], [], []) pv = d.getVar("CVE_VERSION").split("+git")[0] # If the recipe has been skipped/ignored we return empty lists @@ -243,9 +294,8 @@ def check_cves(d, patched_cves): cve = cverow[0] if cve in cve_ignore: - bb.note("%s-%s has been ignored for %s" % (product, pv, cve)) - # TODO: this should be in the report as 'ignored' - patched_cves.add(cve) + bb.note("%s-%s ignores %s" % (product, pv, cve)) + cves_ignored.append(cve) continue elif cve in patched_cves: bb.note("%s has been patched" % (cve)) @@ -257,9 +307,13 @@ def check_cves(d, patched_cves): cves_in_recipe = True vulnerable = False + ignored = False + for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): (_, _, _, version_start, operator_start, version_end, operator_end) = row #bb.debug(2, "Evaluating row " + str(row)) + if cve in cve_ignore: + ignored = True if (operator_start == '=' and pv == version_start) or version_start == '-': vulnerable = True @@ -292,13 +346,16 @@ def check_cves(d, patched_cves): vulnerable = vulnerable_start or vulnerable_end if vulnerable: - bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) - cves_unpatched.append(cve) + if ignored: + bb.note("%s is ignored in %s-%s" % (cve, pn, real_pv)) + cves_ignored.append(cve) + else: + bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) + cves_unpatched.append(cve) break if not vulnerable: bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) - # TODO: not patched but not vulnerable patched_cves.add(cve) if not cves_in_product: @@ -310,7 +367,7 @@ def check_cves(d, patched_cves): if not cves_in_recipe: bb.note("No CVE records for products in recipe %s" % (pn)) - return (list(cve_ignore), list(patched_cves), cves_unpatched, cves_status) + return (list(cves_ignored), list(patched_cves), cves_unpatched, cves_status) def get_cve_info(d, cves): """ @@ -348,6 +405,8 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() + report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1" + if exclude_layers and layer in exclude_layers: return @@ -355,7 +414,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): return # Early exit, the text format does not report packages without CVEs - if not patched+unpatched: + if not patched+unpatched+ignored: return nvd_link = "https://nvd.nist.gov/vuln/detail/" @@ -365,13 +424,16 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): for cve in sorted(cve_data): is_patched = cve in patched - if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"): + is_ignored = cve in ignored + + if (is_patched or is_ignored) and not report_all: continue + write_string += "LAYER: %s\n" % layer write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) write_string += "CVE: %s\n" % cve - if cve in ignored: + if is_ignored: write_string += "CVE STATUS: Ignored\n" elif is_patched: write_string += "CVE STATUS: Patched\n" @@ -384,26 +446,25 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): write_string += "VECTOR: %s\n" % cve_data[cve]["vector"] write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve) - if unpatched_cves: + if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1": bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file)) - if write_string: - with open(cve_file, "w") as f: - bb.note("Writing file %s with CVE information" % cve_file) - f.write(write_string) + with open(cve_file, "w") as f: + bb.note("Writing file %s with CVE information" % cve_file) + f.write(write_string) - if d.getVar("CVE_CHECK_COPY_FILES") == "1": - deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") - bb.utils.mkdirhier(os.path.dirname(deploy_file)) - with open(deploy_file, "w") as f: - f.write(write_string) + if d.getVar("CVE_CHECK_COPY_FILES") == "1": + deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE") + bb.utils.mkdirhier(os.path.dirname(deploy_file)) + with open(deploy_file, "w") as f: + f.write(write_string) - if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": - cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") - bb.utils.mkdirhier(cvelogpath) + if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) - with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: - f.write("%s" % write_string) + with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: + f.write("%s" % write_string) def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file): """ @@ -449,6 +510,8 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() + report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1" + if exclude_layers and layer in exclude_layers: return @@ -475,10 +538,11 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): for cve in sorted(cve_data): is_patched = cve in patched + is_ignored = cve in ignored status = "Unpatched" - if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"): + if (is_patched or is_ignored) and not report_all: continue - if cve in ignored: + if is_ignored: status = "Ignored" elif is_patched: status = "Patched" diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index b2f216f361..90792a737b 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -68,7 +68,7 @@ python () { url_data = fetch.ud[url] parm = url_data.parm if (url_data.type == 'file' or - url_data.type == 'npmsw' or + url_data.type == 'npmsw' or url_data.type == 'crate' or 'type' in parm and parm['type'] == 'kmeta'): local_srcuri.append(url) diff --git a/poky/meta/classes/image.bbclass b/poky/meta/classes/image.bbclass index 7f1f6f80a4..2139a7e576 100644 --- a/poky/meta/classes/image.bbclass +++ b/poky/meta/classes/image.bbclass @@ -132,7 +132,12 @@ def rootfs_variables(d): do_rootfs[vardeps] += "${@rootfs_variables(d)}" -do_build[depends] += "virtual/kernel:do_deploy" +# This is needed to have kernel image in DEPLOY_DIR. +# This follows many common usecases and user expectations. +# But if you are building an image which doesn't need the kernel image at all, +# you can unset this variable manually. +KERNEL_DEPLOY_DEPEND ?= "virtual/kernel:do_deploy" +do_build[depends] += "${KERNEL_DEPLOY_DEPEND}" python () { diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass index 0bc6492c83..f3f80334f6 100644 --- a/poky/meta/classes/insane.bbclass +++ b/poky/meta/classes/insane.bbclass @@ -444,12 +444,14 @@ def package_qa_check_buildpaths(path, name, d, elf, messages): Check for build paths inside target files and error if paths are not explicitly ignored. """ + import stat # Ignore .debug files, not interesting if path.find(".debug") != -1: return - # Ignore symlinks - if os.path.islink(path): + # Ignore symlinks/devs/fifos + mode = os.lstat(path).st_mode + if stat.S_ISLNK(mode) or stat.S_ISBLK(mode) or stat.S_ISFIFO(mode) or stat.S_ISCHR(mode) or stat.S_ISSOCK(mode): return tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8") @@ -970,7 +972,7 @@ def package_qa_check_host_user(path, name, d, elf, messages): dest = d.getVar('PKGDEST') pn = d.getVar('PN') - home = os.path.join(dest, 'home') + home = os.path.join(dest, name, 'home') if path == home or path.startswith(home + os.sep): return @@ -1201,18 +1203,20 @@ python do_qa_patch() { if '/meta/' not in fullpath: continue - content = open(fullpath, encoding='utf-8', errors='ignore').read() kinda_status_re = re.compile(r"^.*upstream.*status.*$", re.IGNORECASE | re.MULTILINE) strict_status_re = re.compile(r"^Upstream-Status: (Pending|Submitted|Denied|Accepted|Inappropriate|Backport|Inactive-Upstream)( .+)?$", re.MULTILINE) - match_kinda = kinda_status_re.search(content) - match_strict = strict_status_re.search(content) guidelines = "https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations:_Upstream-Status" - if not match_strict: - if match_kinda: - bb.error("Malformed Upstream-Status in patch\n%s\nPlease correct according to %s :\n%s" % (fullpath, guidelines, match_kinda.group(0))) - else: - bb.error("Missing Upstream-Status in patch\n%s\nPlease add according to %s ." % (fullpath, guidelines)) + with open(fullpath, encoding='utf-8', errors='ignore') as f: + file_content = f.read() + match_kinda = kinda_status_re.search(file_content) + match_strict = strict_status_re.search(file_content) + + if not match_strict: + if match_kinda: + bb.error("Malformed Upstream-Status in patch\n%s\nPlease correct according to %s :\n%s" % (fullpath, guidelines, match_kinda.group(0))) + else: + bb.error("Missing Upstream-Status in patch\n%s\nPlease add according to %s ." % (fullpath, guidelines)) } python do_qa_configure() { diff --git a/poky/meta/classes/kernel-arch.bbclass b/poky/meta/classes/kernel-arch.bbclass index 07ec242e63..348a3adf22 100644 --- a/poky/meta/classes/kernel-arch.bbclass +++ b/poky/meta/classes/kernel-arch.bbclass @@ -61,7 +61,7 @@ HOST_LD_KERNEL_ARCH ?= "${TARGET_LD_KERNEL_ARCH}" TARGET_AR_KERNEL_ARCH ?= "" HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}" -KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}" +KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}" KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" TOOLCHAIN = "gcc" diff --git a/poky/meta/classes/kernel-uboot.bbclass b/poky/meta/classes/kernel-uboot.bbclass index 2daa068298..2facade818 100644 --- a/poky/meta/classes/kernel-uboot.bbclass +++ b/poky/meta/classes/kernel-uboot.bbclass @@ -15,6 +15,12 @@ uboot_prep_kimage() { linux_comp="none" else vmlinux_path="vmlinux" + # Use vmlinux.initramfs for linux.bin when INITRAMFS_IMAGE_BUNDLE set + # As per the implementation in kernel.bbclass. + # See do_bundle_initramfs function + if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ] && [ -e vmlinux.initramfs ]; then + vmlinux_path="vmlinux.initramfs" + fi linux_suffix="${FIT_KERNEL_COMP_ALG_EXTENSION}" linux_comp="${FIT_KERNEL_COMP_ALG}" fi diff --git a/poky/meta/classes/kernel-yocto.bbclass b/poky/meta/classes/kernel-yocto.bbclass index 4cb638864c..afccffcf17 100644 --- a/poky/meta/classes/kernel-yocto.bbclass +++ b/poky/meta/classes/kernel-yocto.bbclass @@ -310,6 +310,8 @@ do_kernel_metadata() { bbnote "KERNEL_FEATURES: $KERNEL_FEATURES_FINAL" bbnote "Final scc/cfg list: $sccs_defconfig $bsp_definition $sccs $KERNEL_FEATURES_FINAL" fi + + set -e } do_patch() { @@ -339,6 +341,8 @@ do_patch() { fi done fi + + set -e } do_kernel_checkout() { @@ -397,6 +401,8 @@ do_kernel_checkout() { git commit -q -m "baseline commit: creating repo for ${PN}-${PV}" git clean -d -f fi + + set -e } do_kernel_checkout[dirs] = "${S} ${WORKDIR}" @@ -691,6 +697,8 @@ do_validate_branches() { kgit-s2q --clean fi fi + + set -e } OE_TERMINAL_EXPORTS += "KBUILD_OUTPUT" diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass index 0c637e966e..4ebfc4fb92 100644 --- a/poky/meta/classes/license.bbclass +++ b/poky/meta/classes/license.bbclass @@ -84,17 +84,17 @@ def copy_license_files(lic_files_paths, destdir): os.link(src, dst) except OSError as err: if err.errno == errno.EXDEV: - # Copy license files if hard-link is not possible even if st_dev is the + # Copy license files if hardlink is not possible even if st_dev is the # same on source and destination (docker container with device-mapper?) canlink = False else: raise - # Only chown if we did hardling, and, we're running under pseudo + # Only chown if we did hardlink and we're running under pseudo if canlink and os.environ.get('PSEUDO_DISABLED') == '0': os.chown(dst,0,0) if not canlink: - begin_idx = int(beginline)-1 if beginline is not None else None - end_idx = int(endline) if endline is not None else None + begin_idx = max(0, int(beginline) - 1) if beginline is not None else None + end_idx = max(0, int(endline)) if endline is not None else None if begin_idx is None and end_idx is None: shutil.copyfile(src, dst) else: diff --git a/poky/meta/classes/license_image.bbclass b/poky/meta/classes/license_image.bbclass index 7e1d0e08a9..3213ea758e 100644 --- a/poky/meta/classes/license_image.bbclass +++ b/poky/meta/classes/license_image.bbclass @@ -104,6 +104,8 @@ def write_license_files(d, license_manifest, pkg_dic, rootfs=True): "The license listed %s was not in the "\ "licenses collected for recipe %s" % (lic, pkg_dic[pkg]["PN"]), d) + oe.qa.exit_if_errors(d) + # Two options here: # - Just copy the manifest # - Copy the manifest and the license directories diff --git a/poky/meta/classes/meson.bbclass b/poky/meta/classes/meson.bbclass index 0bfe945811..19b54e0fdc 100644 --- a/poky/meta/classes/meson.bbclass +++ b/poky/meta/classes/meson.bbclass @@ -59,6 +59,7 @@ do_write_config() { [binaries] c = ${@meson_array('CC', d)} cpp = ${@meson_array('CXX', d)} +cython = 'cython3' ar = ${@meson_array('AR', d)} nm = ${@meson_array('NM', d)} strip = ${@meson_array('STRIP', d)} @@ -98,6 +99,7 @@ EOF [binaries] c = ${@meson_array('BUILD_CC', d)} cpp = ${@meson_array('BUILD_CXX', d)} +cython = 'cython3' ar = ${@meson_array('BUILD_AR', d)} nm = ${@meson_array('BUILD_NM', d)} strip = ${@meson_array('BUILD_STRIP', d)} diff --git a/poky/meta/classes/overlayfs.bbclass b/poky/meta/classes/overlayfs.bbclass index 29fced2ca7..f7069edd41 100644 --- a/poky/meta/classes/overlayfs.bbclass +++ b/poky/meta/classes/overlayfs.bbclass @@ -16,10 +16,18 @@ # # OVERLAYFS_MOUNT_POINT[data] ?= "/data" # -# The class assumes you have a data.mount systemd unit defined in your -# systemd-machine-units recipe and installed to the image. +# Per default the class assumes you have a corresponding fstab entry or systemd +# mount unit (data.mount in this case) for this mount point installed on the +# image, for instance via a wks script or the systemd-machine-units recipe. # -# Then you can specify writable directories on a recipe base +# If the mount point is handled somewhere else, e.g. custom boot or preinit +# scripts or in a initramfs, then this QA check can be skipped by adding +# mount-configured to the related OVERLAYFS_QA_SKIP flag: +# +# OVERLAYFS_QA_SKIP[data] = "mount-configured" +# +# To use the overlayfs, you just have to specify writable directories inside +# their recipe: # # OVERLAYFS_WRITABLE_PATHS[data] = "/usr/share/my-custom-application" # @@ -30,6 +38,10 @@ # OVERLAYFS_MOUNT_POINT[mnt-overlay] = "/mnt/overlay" # OVERLAYFS_WRITABLE_PATHS[mnt-overlay] = "/usr/share/another-application" # +# If your recipe deploys a systemd service, then it should require and be +# started after the ${PN}-overlays.service to make sure that all overlays are +# mounted beforehand. +# # Note: the class does not support /etc directory itself, because systemd depends on it # For /etc directory use overlayfs-etc class diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass index 44fbc32df6..97e97d2703 100644 --- a/poky/meta/classes/package.bbclass +++ b/poky/meta/classes/package.bbclass @@ -382,6 +382,11 @@ def splitdebuginfo(file, dvar, dv, d): debugfile = dvar + dest sources = [] + if file.endswith(".ko") and file.find("/lib/modules/") != -1: + if oe.package.is_kernel_module_signed(file): + bb.debug(1, "Skip strip on signed module %s" % file) + return (file, sources) + # Split the file... bb.utils.mkdirhier(os.path.dirname(debugfile)) #bb.note("Split %s -> %s" % (file, debugfile)) @@ -553,13 +558,25 @@ def copydebugsources(debugsrcdir, sources, d): strip = d.getVar("STRIP") objcopy = d.getVar("OBJCOPY") workdir = d.getVar("WORKDIR") + sdir = d.getVar("S") + sparentdir = os.path.dirname(os.path.dirname(sdir)) + sbasedir = os.path.basename(os.path.dirname(sdir)) + "/" + os.path.basename(sdir) workparentdir = os.path.dirname(os.path.dirname(workdir)) workbasedir = os.path.basename(os.path.dirname(workdir)) + "/" + os.path.basename(workdir) + # If S isnt based on WORKDIR we can infer our sources are located elsewhere, + # e.g. using externalsrc; use S as base for our dirs + if workdir in sdir or 'work-shared' in sdir: + basedir = workbasedir + parentdir = workparentdir + else: + basedir = sbasedir + parentdir = sparentdir + # If build path exists in sourcefile, it means toolchain did not use # -fdebug-prefix-map to compile if checkbuildpath(sourcefile, d): - localsrc_prefix = workparentdir + "/" + localsrc_prefix = parentdir + "/" else: localsrc_prefix = "/usr/src/debug/" @@ -581,7 +598,7 @@ def copydebugsources(debugsrcdir, sources, d): processdebugsrc += "sed 's#%s##g' | " processdebugsrc += "(cd '%s' ; cpio -pd0mlL --no-preserve-owner '%s%s' 2>/dev/null)" - cmd = processdebugsrc % (sourcefile, workbasedir, localsrc_prefix, workparentdir, dvar, debugsrcdir) + cmd = processdebugsrc % (sourcefile, basedir, localsrc_prefix, parentdir, dvar, debugsrcdir) try: subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) except subprocess.CalledProcessError: @@ -591,9 +608,22 @@ def copydebugsources(debugsrcdir, sources, d): # cpio seems to have a bug with -lL together and symbolic links are just copied, not dereferenced. # Work around this by manually finding and copying any symbolic links that made it through. cmd = "find %s%s -type l -print0 -delete | sed s#%s%s/##g | (cd '%s' ; cpio -pd0mL --no-preserve-owner '%s%s')" % \ - (dvar, debugsrcdir, dvar, debugsrcdir, workparentdir, dvar, debugsrcdir) + (dvar, debugsrcdir, dvar, debugsrcdir, parentdir, dvar, debugsrcdir) subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) + + # debugsources.list may be polluted from the host if we used externalsrc, + # cpio uses copy-pass and may have just created a directory structure + # matching the one from the host, if thats the case move those files to + # debugsrcdir to avoid host contamination. + # Empty dir structure will be deleted in the next step. + + # Same check as above for externalsrc + if workdir not in sdir: + if os.path.exists(dvar + debugsrcdir + sdir): + cmd = "mv %s%s%s/* %s%s" % (dvar, debugsrcdir, sdir, dvar,debugsrcdir) + subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) + # The copy by cpio may have resulted in some empty directories! Remove these cmd = "find %s%s -empty -type d -delete" % (dvar, debugsrcdir) subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) @@ -662,7 +692,10 @@ def runtime_mapping_rename (varname, pkg, d): # Used by do_packagedata (and possibly other routines post do_package) # +PRSERV_ACTIVE = "${@bool(d.getVar("PRSERV_HOST"))}" +PRSERV_ACTIVE[vardepvalue] = "${PRSERV_ACTIVE}" package_get_auto_pr[vardepsexclude] = "BB_TASKDEPDATA" +package_get_auto_pr[vardeps] += "PRSERV_ACTIVE" python package_get_auto_pr() { import oe.prservice diff --git a/poky/meta/classes/pypi.bbclass b/poky/meta/classes/pypi.bbclass index 9405d58601..5fa7b8a6ae 100644 --- a/poky/meta/classes/pypi.bbclass +++ b/poky/meta/classes/pypi.bbclass @@ -24,3 +24,5 @@ S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}" UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/" UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/" + +CVE_PRODUCT ?= "python:${PYPI_PACKAGE}" diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass index 7b92df69c5..fc179613fb 100644 --- a/poky/meta/classes/rootfs-postcommands.bbclass +++ b/poky/meta/classes/rootfs-postcommands.bbclass @@ -1,5 +1,5 @@ -# Zap the root password if debug-tweaks feature is not enabled +# Zap the root password if debug-tweaks and empty-root-password features are not enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password; ",d)}' # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled @@ -8,7 +8,7 @@ ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'deb # Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login; ", "",d)}' -# Enable postinst logging if debug-tweaks is enabled +# Enable postinst logging if debug-tweaks or post-install-logging is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' # Create /etc/timestamp during image construction to give a reasonably sane default time setting @@ -140,7 +140,7 @@ read_only_rootfs_hook () { } # -# This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. +# This function disallows empty root passwords # zap_empty_root_password () { if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then @@ -202,7 +202,7 @@ python sort_passwd () { } # -# Enable postinst logging if debug-tweaks is enabled +# Enable postinst logging # postinst_enable_logging () { mkdir -p ${IMAGE_ROOTFS}${sysconfdir}/default @@ -267,9 +267,10 @@ python write_image_manifest () { if os.path.exists(manifest_name) and link_name: manifest_link = deploy_dir + "/" + link_name + ".manifest" - if os.path.lexists(manifest_link): - os.remove(manifest_link) - os.symlink(os.path.basename(manifest_name), manifest_link) + if manifest_link != manifest_name: + if os.path.lexists(manifest_link): + os.remove(manifest_link) + os.symlink(os.path.basename(manifest_name), manifest_link) } # Can be used to create /etc/timestamp during image construction to give a reasonably @@ -339,9 +340,10 @@ python write_image_test_data() { if os.path.exists(testdata_name) and link_name: testdata_link = os.path.join(deploy_dir, "%s.testdata.json" % link_name) - if os.path.lexists(testdata_link): - os.remove(testdata_link) - os.symlink(os.path.basename(testdata_name), testdata_link) + if testdata_link != testdata_name: + if os.path.lexists(testdata_link): + os.remove(testdata_link) + os.symlink(os.path.basename(testdata_name), testdata_link) } write_image_test_data[vardepsexclude] += "TOPDIR" @@ -398,6 +400,10 @@ python overlayfs_qa_check() { allUnitExist = True; for mountPoint in overlayMountPoints: + qaSkip = (d.getVarFlag("OVERLAYFS_QA_SKIP", mountPoint) or "").split() + if "mount-configured" in qaSkip: + continue + mountPath = d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint) if mountPath in fstabDevices: continue @@ -407,8 +413,10 @@ python overlayfs_qa_check() { for dirpath in searchpaths): continue - bb.warn('Mount path %s not found in fstat and unit %s not found ' - 'in systemd unit directories' % (mountPath, mountUnit)) + bb.warn(f'Mount path {mountPath} not found in fstab and unit ' + f'{mountUnit} not found in systemd unit directories.') + bb.warn(f'Skip this check by setting OVERLAYFS_QA_SKIP[{mountPoint}] = ' + '"mount-configured"') allUnitExist = False; if not allUnitExist: diff --git a/poky/meta/classes/rust-common.bbclass b/poky/meta/classes/rust-common.bbclass index 02a538258a..cb811ac5da 100644 --- a/poky/meta/classes/rust-common.bbclass +++ b/poky/meta/classes/rust-common.bbclass @@ -117,8 +117,11 @@ RUST_BUILD_ARCH = "${@oe.rust.arch_to_rust_arch(d.getVar('BUILD_ARCH'))}" # its likely best to not use the triple suffix due to potential confusion. RUST_BUILD_SYS = "${@rust_base_triple(d, 'BUILD')}" +RUST_BUILD_SYS[vardepvalue] = "${RUST_BUILD_SYS}" RUST_HOST_SYS = "${@rust_base_triple(d, 'HOST')}" +RUST_HOST_SYS[vardepvalue] = "${RUST_HOST_SYS}" RUST_TARGET_SYS = "${@rust_base_triple(d, 'TARGET')}" +RUST_TARGET_SYS[vardepvalue] = "${RUST_TARGET_SYS}" # wrappers to get around the fact that Rust needs a single # binary but Yocto's compiler and linker commands have diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass index c72a7b3ed3..b1fac107d5 100644 --- a/poky/meta/classes/sanity.bbclass +++ b/poky/meta/classes/sanity.bbclass @@ -432,8 +432,7 @@ def check_patch_version(sanity_data): except subprocess.CalledProcessError as e: return "Unable to execute patch --version, exit code %d:\n%s\n" % (e.returncode, e.output) -# Unpatched versions of make 3.82 are known to be broken. See GNU Savannah Bug 30612. -# Use a modified reproducer from http://savannah.gnu.org/bugs/?30612 to validate. +# Glibc needs make 4.0 or later, we may as well match at this point def check_make_version(sanity_data): import subprocess @@ -442,35 +441,12 @@ def check_make_version(sanity_data): except subprocess.CalledProcessError as e: return "Unable to execute make --version, exit code %d\n%s\n" % (e.returncode, e.output) version = result.split()[2] - if bb.utils.vercmp_string_op(version, "3.82", "=="): - # Construct a test file - f = open("makefile_test", "w") - f.write("makefile_test.a: makefile_test_a.c makefile_test_b.c makefile_test.a( makefile_test_a.c makefile_test_b.c)\n") - f.write("\n") - f.write("makefile_test_a.c:\n") - f.write(" touch $@\n") - f.write("\n") - f.write("makefile_test_b.c:\n") - f.write(" touch $@\n") - f.close() - - # Check if make 3.82 has been patched - try: - subprocess.check_call(['make', '-f', 'makefile_test']) - except subprocess.CalledProcessError as e: - return "Your version of make 3.82 is broken. Please revert to 3.81 or install a patched version.\n" - finally: - os.remove("makefile_test") - if os.path.exists("makefile_test_a.c"): - os.remove("makefile_test_a.c") - if os.path.exists("makefile_test_b.c"): - os.remove("makefile_test_b.c") - if os.path.exists("makefile_test.a"): - os.remove("makefile_test.a") + if bb.utils.vercmp_string_op(version, "4.0", "<"): + return "Please install a make version of 4.0 or later.\n" if bb.utils.vercmp_string_op(version, "4.2.1", "=="): distro = oe.lsb.distro_identifier() - if "ubuntu" in distro or "debian" in distro: + if "ubuntu" in distro or "debian" in distro or "linuxmint" in distro: return None return "make version 4.2.1 is known to have issues on Centos/OpenSUSE and other non-Ubuntu systems. Please use a buildtools-make-tarball or a newer version of make.\n" return None @@ -882,7 +858,7 @@ def check_sanity_everybuild(status, d): mirror_vars = ['MIRRORS', 'PREMIRRORS', 'SSTATE_MIRRORS'] protocols = ['http', 'ftp', 'file', 'https', \ 'git', 'gitsm', 'hg', 'osc', 'p4', 'svn', \ - 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az' ] + 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az', 'ftps'] for mirror_var in mirror_vars: mirrors = (d.getVar(mirror_var) or '').replace('\\n', ' ').split() diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index 1c0cae4893..3513269bca 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -1,4 +1,4 @@ -SSTATE_VERSION = "8" +SSTATE_VERSION = "10" SSTATE_ZSTD_CLEVEL ??= "8" diff --git a/poky/meta/classes/staging.bbclass b/poky/meta/classes/staging.bbclass index 9fc8f4f283..bf8ca58b0b 100644 --- a/poky/meta/classes/staging.bbclass +++ b/poky/meta/classes/staging.bbclass @@ -352,7 +352,7 @@ python extend_recipe_sysroot() { #bb.note(" start is %s" % str(start)) # Direct dependencies should be present and can be depended upon - for dep in set(start): + for dep in sorted(set(start)): if setscenedeps[dep][1] == "do_populate_sysroot": if dep not in configuredeps: configuredeps.append(dep) @@ -404,7 +404,9 @@ python extend_recipe_sysroot() { # All files that we're going to be installing, to find conflicts. fileset = {} + invalidate_tasks = set() for f in os.listdir(depdir): + removed = [] if not f.endswith(".complete"): continue f = depdir + "/" + f @@ -414,6 +416,28 @@ python extend_recipe_sysroot() { sstate_clean_manifest(depdir + "/" + lnk, d, canrace=True, prefix=workdir) os.unlink(f) os.unlink(f.replace(".complete", "")) + removed.append(os.path.basename(f.replace(".complete", ""))) + + # If we've removed files from the sysroot above, the task that installed them may still + # have a stamp file present for the task. This is probably invalid right now but may become + # valid again if the user were to change configuration back for example. Since we've removed + # the files a task might need, remove the stamp file too to force it to rerun. + # YOCTO #14790 + if removed: + for i in glob.glob(depdir + "/index.*"): + if i.endswith("." + mytaskname): + continue + with open(i, "r") as f: + for l in f: + if l.startswith("TaskDeps:"): + continue + l = l.strip() + if l in removed: + invalidate_tasks.add(i.rsplit(".", 1)[1]) + break + for t in invalidate_tasks: + bb.note("Invalidating stamps for task %s" % t) + bb.build.clean_stamp(t, d) installed = [] for dep in configuredeps: diff --git a/poky/meta/classes/uboot-sign.bbclass b/poky/meta/classes/uboot-sign.bbclass index 4ca8118eb2..31ffe1f472 100644 --- a/poky/meta/classes/uboot-sign.bbclass +++ b/poky/meta/classes/uboot-sign.bbclass @@ -134,6 +134,8 @@ concat_dtb_helper() { if [ -n "${UBOOT_CONFIG}" ] then + i=0 + j=0 for config in ${UBOOT_MACHINE}; do i=$(expr $i + 1); for type in ${UBOOT_CONFIG}; do |