Ross Burton [Tue, 29 Apr 2025 11:20:56 +0000 (12:20 +0100)]
meson: upgrade to 1.8.0
- New argument android_exe_type for executables
- Changes to the b_sanitize option
- New C standard c2y (and gnu2y)
- i18n module xgettext
- version_compare now accept multiple compare strings
- Improvements to Objective-C and Objective-C++
- Per project subproject options rewrite
- objects added correctly to Rust executables
- rust.test now supports link_whole
- Meson can run "rustdoc" on Rust projects
- The Wayland module is stable
- New swift_std compiler option
- New option to execute a slice of tests
- Valgrind now fails tests if errors are found
Full release notes: https://mesonbuild.com/Release-notes-for-1-8-0.html.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
binutils: Specify sysroot for libtool during build
libbfd is enabled and it invokes libtool relink step to get rid of
rpaths during install step. libtool 2.4 patches rightly prepend
lt_sysroot to target libdir which relink step would use, such a patch
is also upstreamed into libtool [1]
However, when we do not specify --with-libtool-sysroot, lt_sysoot prefix
turns out to be empty and relink step adds -L/usr/lib to linker command
line. it cause all sort of problems e.g. when the build host has zlib
installed then libbfd tries to link with /usr/lib/libz.so instead of the
one in target sysroot, fortunately OE linker reports host path contamination
and fails the build. Second problem seen when building target binutils on
musl, it links with libc.so correctly but libtool relink step resolves
libc.so in /usr/lib due to this path and expands it into libc.so.6 and
ld-linux-x86-64.so.2 ( glibc host's libc.so is a linker stub ) in
DT_NEEDED ELF section which does not work with
musl linker and build QA detects this anamoly as well.
ERROR: binutils-2.44-r0 do_package_qa: QA Issue: /usr/lib/libbfd-2.44.so contained in package libbfd requires libc.so.6(GLIBC_2.34)(64bit), but no providers found in RDEPENDS:libbfd? [file-rdeps]
This inconsistency may cause produced binaries mistakenly linked against
libraries from the host distro.
Add libtool sysroot to point libtool to correct sysroot location during
build.
This recipe takes longer time >20min when bitbake for package
write stage. When cross-verified for longer time duration, found
that do_check() stage taking 20min while other stages completes
before 6min.
This recipe gives only below two test binaries in the packages to
test (ptest: glibc-y2038-tests):
io/ftwtest
io/ftwtest-time64
The above test binaries are already included for testing in recipe
glibc-testsuite_2.41.bb.
It is by now well established that glibc itself works as it should,
that all affected 32 bit targets are configured to use 64 bit time_t,
and that any lingering y2038 issues are in components other than the c
library, and usually come from C programming mistakes (e.g. storing
timestamps in long). Maybe we can simply remove the recipe?
Review comments for fixing above longer time duration ended up in
removing this recipe as a proposal is below
https://lists.openembedded.org/g/openembedded-core/topic/112188476#msg214636
Removed lines having reference to glibc-y2038-tests in the files.
Signed-off-by: rajmohan r <semc.2042@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 30 Apr 2025 15:12:12 +0000 (16:12 +0100)]
recipes: Drop remaining md5sum checksums
We have long since obsoleted md5sum in favour of sha256sum. Drop the remaining
56 entries (which were showing many recipes hadn't been touched in a long time).
They all do have the corresponding sha256sum entries as is clear from the diff.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 29 Apr 2025 19:43:25 +0000 (20:43 +0100)]
autoconf: set PKGV to avoid version-goes-backwards
I previously upgrade autoconf 2.72e (the fifth release candidate) to the
final release 2.72, but unfortunately failed to notice that the version
appears to go backwards as the package managers sort 2.72e _after_ 2.72.
We could resolve this with an epoch (via PE) but epochs are forever and
this mistake is temporary. We could set a convoluted PV but that gets
messy as it then means SRC_URI needs to set manually. Instead, set a
convoluted PKGV to fix the sorting order in a way that only alters the
output packages and nothing else, which can be removed when the next
major release is made.
[1] oe-core 11ff8dba0ce ("autoconf: upgrade to final 2.72 release")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Add meson to ptest RDEPENDS in the recipe;
- Add python3-unittest-automake-output as a ptest RDEPENDS;
- Convert run-ptest to a shell script that sets PYTEST_DEBUG_TEMPROOT to
a directory inside the same path that contains the script, create that
directory, and then invoke the tests with `pytest --automake` pointed
at the numpy path in site-packages (copying the tests into the normal
PTEST_DIRECTORY seems to cause module import breakages in some tests).
This also includes skipping two problematic tests which require a C
compiler and use up a lot of space, respectively;
- Set 'IMAGE_ROOTFS_EXTRA_SPACE = "3048576"' for python3-numpy in
core-image-ptest.bb;
- Also set 'QB_MEM:virtclass-mcextend-python3-numpy = "-m 4096"' in
core-image-ptest.bb;
- Move python3-numpy from the PTESTS_PROBLEMS list to the PTESTS_SLOW
one.
If extra-utils package is not included in the image, you'll always see a
warning that password agent is missing whenever you start/stop a service:
Failed to execute /usr/bin/systemd-tty-ask-password-agent: No such file or directory
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below commits on binutils-2.44 stable branch are updated.
fe459e33c67 PR 32603, revert message changes in 0b7f992b78fe and 31e9e2e8d109 37d12dd25d8 gdb/compile: add missing entry in bfd_link_callbacks array 31e9e2e8d10 PR 32603, more ld -w misbehaviour 0b7f992b78f PR 32603, ld -w misbehaviour 8cb98edf123 s390: Add support for z17 as CPU name ed70d86b491 x86: Remove AVX10.2 256 bit rounding support e1af7e590a5 elf: Clear the SEC_ALLOC bit for NOLOAD note sections 35db8c6dd2f ld: Pass -Wl,-z,lazy to compiler for i386 lazy binding tests cc7ec316a45 Updated translations for bfd and gold bf088ee09a7 PR 32731 ub sanitizer accessing filenames_reversed 78082591ec7 score-elf gas SEGV d4c7ee9fbc1 gas: fix rs_fill_nop listing a68d096a0ab Open the 2.44 branch for further development
Dropped: 0015-CVE-2025-1153.patch
Testing was done and there were no regressions found
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 29 Apr 2025 15:29:30 +0000 (16:29 +0100)]
python3: backport the full fix for importlib scanning invalid distributions
Even with our fixes in deterministic_imports.patch the
importlib.metadata package scan was still returning Distribution objects
for empty directories. This interacts badly with rebuilds when recipes
are changing as when a recipe is removed from the sysroot directories
are not removed[1].
In particular this breaks python3-meson-python-native rebuilds when
Meson upgrades from 1.7 to 1.8: the site-packages directory has an empty
meson-1.7.dist-info/ and populated meson-1.8.dist-info/. Whilst it's
deterministic to return the empty 1.7 first, this breaks pypa/build as
it looks through the distributions in order.
We had discussed this with upstream previously and there's a more
comprehensive fix upstream (actually in importlib_metadata, not cpython)
which ensures that valid distribution objects are listed first. So we
can drop our patch and replace it with a backport to fix these rebuilds.
kernel-arch.bbclass: Do not use weak assignment for TOOLCHAIN
If a distro sets TOOLCHAIN with ?= or = then it overrides this
too, however, we demand GCC to be in there due to KERNEL_CC etal
Make it hard assignment, it can still be overturned via a bbappend
in that case it is intentional to use non-gcc compiler for kernel
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
sstatesig: Handle special case of llvm-project-source shared-workdir
bitbake-dumpsig or bitbake-diffsig tools do not work on any of tasks
exposed by llvm-project-source recipe. This is due to it being a
shared-workdir recipe.
Fixes
bitbake-diffsigs -t llvm-project-source-20.1.2 do_preconfigure
NOTE: Starting bitbake server...
ERROR: No sigdata files found matching llvm-project-source-20.1.2 do_preconfigure
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cmake.bbclass: Enhance to emit a native toolchain cmake file
Some components e.g. clang and its runtime needs the native toolchain
defines especially when doing nativesdk builds it uses
CROSS_TOOLCHAIN_FLAGS_NATIVE to pass native toolchain file, which is
then used to build native llvm tools needed during nativesdk builds
Moreover this would enable using OE built native toolchain e.g.
clang-native to build cmake based packages. e.g. libcxx and other llvm
runtime plus it can be used for build native packages which require clang
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Hochstein [Thu, 17 Apr 2025 18:08:28 +0000 (13:08 -0500)]
meson: Allow user to override setup command options
The user cannot override the setup command options --cross-file and
--native-file because the meson-wrapper places these options on the
command line after the user options. This problem was noticed when
trying to build with an SDK using a custom cross-file.
Signed-off-by: Tom Hochstein <tom.hochstein@oss.nxp.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Tue, 22 Apr 2025 13:07:02 +0000 (21:07 +0800)]
icu: set ac_cv_path_install to ensure install tool reproducibility
icu will check program install path during do_configure, eg:
checking for a BSD-compatible install... /path/to/install -c
And this path will be writen into pkgdata.inc:
INSTALL_CMD=$(INSTALL-L)
Decided by if install is installed into recipe-sysroot-native during
do_configure stage, the INSTALL_CMD could be
/build/tmp/work/corei7-64-wrs-linux/icu/76-1/recipe-sysroot-native/usr/bin/install
or /build/tmp/hosttools/install if the build is rerun after the sysroot was
extended.
set ac_cv_path_install to install under hosttools to make a deterministic
result of INSTALL_CMD, avoid vary caused by the execute sequence of
another task which DEPENDS on coreutils-native and independent with
do_configure
[RP: Removed paths from ac_cv_path_install to simplify and avoid QA error too] Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The wic test_exclude_path_with_extra_space test succeeds on non-debian AB
workers. Add PATH handling so parted from the wic-tools can be found on
debian-based AB workers.
Fixes [YOCTO #15838]
Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
syslinux: improve isohybrid to process extra sector count for ISO 9660 image
Due to commit [cdrtools-native: fix booting EFI ISO live failed]
applied to improve mkisofs to fix nsectors exceeds 0xffff situation
which set selection criteria type = 2 and save extra nsectors to
vendor unique selection criteria
In following case, add 64MB extra space to bootable image efi.img,
and the partition table of EFI is truncated to 32M
$ echo 'IMAGE_FSTYPES:pn-core-image-minimal = " live"' >> conf/local.conf
$ echo 'MACHINE_FEATURES:append = " efi pcbios"' >> conf/local.conf
$ echo '# 64MB extra space to bootable image efi.img' >> conf/local.conf
$ echo 'BOOTIMG_EXTRA_SPACE = "65535"' >> conf/local.conf
$ bitbake core-image-minimal
$ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso
...
Device Boot Start End Sectors Size Id Type
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 65654 65535 32M ef EFI (FAT-12/16/32)
After applying this patch to process extra sector count, the partition
table of EFI is 90.3M
$ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso
...
Device Boot Start End Sectors Size Id Type
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 185151 185032 90.3M ef EFI (FAT-12/16/32)
In ISO live, if the size of efi.img > 32MB, and copy EFI application
(bootx64.efi) to efi.img behind of kernel and initrd, UEFI system
could not find EFI application bootx64.efi
Using QEMU+OVMF to boot ISO live image, press ESC to enter UEFI shell:
...
Shell> ls FS0:\
Directory of: FS0:\
04/05/2011 23:00 12,985,344 bzImage
04/05/2011 23:00 <DIR> 2,048 EFI
04/05/2011 23:00 20,494,696 initrd
04/05/2011 23:00 26 startup.nsh
3 File(s) 33,480,066 bytes
1 Dir(s)
In following case, add 64MB extra space to bootable image efi.img,
and the partition table of EFI is truncated to 26.3M
$ echo 'IMAGE_FSTYPES:pn-core-image-minimal = " live"' >> conf/local.conf
$ echo 'MACHINE_FEATURES:append = " efi pcbios"' >> conf/local.conf
$ echo '# 64MB extra space to bootable image efi.img' >> conf/local.conf
$ echo 'BOOTIMG_EXTRA_SPACE = "65535"' >> conf/local.conf
$ bitbake core-image-minimal
$ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso
...
Device Boot Start End Sectors Size Id Type
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 54079 53960 26.3M ef EFI (FAT-12/16/32)
According to page 11: `Figure 5 - Section Entry' in El Torito Bootable
CD-ROM Format Specification [1]. The sector count takes 2 byte which
means max sector count is 0xffff (65535), for 512-byte sector, the
size of bootable image is no more than 32MB (65536 * 512 / 1024 / 1024)
This commit truncate to 32MB if image size larger than 32MB, and
report a warning, then save the extra image sector count to
vendor unique selection criteria
After apply this commit, the partition table of EFI is truncated to 32M
$ fdisk -l tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso
...
Device Boot Start End Sectors Size Id Type
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso1 * 0 376831 376832 184M 0 Empty
tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.iso2 120 65654 65535 32M ef EFI (FAT-12/16/32)
Mikko Rapeli [Mon, 28 Apr 2025 12:32:43 +0000 (15:32 +0300)]
lttng-modules: fix build failure on genericarm64
Workaround to unblock genericarm64 builds.
Upstream is working on a better fix
https://bugs.lttng.org/issues/1426
Fixes: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15840 Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
linux-firmware: fix FILES to drop RDEPENDS on full package
linux-firmware-rtl8723 and linux-firmware-adsp-sst
contain symlinks to files that were previously
packaged only in the main linux-firmware package.
This caused both subpackages to inherit an unintended
RDEPENDS on the full package. This change resolves the
issue by ensuring all required files are correctly
included in their respective subpackages.
Thanks to Peter Kjellerstedt for figuring out the rootcause.
This sample ESP partition is used mostly for testing purposes.
It's not expected to host multiple UKI binaries for example.
Thus reduce size from 500 Mb to size of needed boot binaries
72 Mb plus around 20% free space 88Mb. This is enough for
all test cases and fits to RAM when using PMEM memory based
block device on real target boards with just a few Gb of RAM.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ptest-cargo: fix incorrect FAIL count when multiple tests are run
When using the ptest-cargo class with multiple Rust test binaries, ptest-runner
may report FAIL: 0 even if one of the tests fails, as long as the last test passes.
This happens because the run-ptest script, as generated by the class, does not
track failures and simply returns the exit code of the last test.
To fix this, each test binary is checked individually for failure. If any test fails,
a non-zero exit code is returned.
This ensures that test failures are not silently ignored and are properly reported
by ptest-runner in multi-test scenarios.
Ross Burton [Wed, 23 Apr 2025 17:26:41 +0000 (18:26 +0100)]
uninative: show errors if installing fails
We call the installer script but if it fails the user doesn't see the
reason, which makes resolving the problem hard. Capture both stdout and
stderr as text, and display it to the user when it fails.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Niko Mauno [Sun, 27 Apr 2025 12:10:08 +0000 (12:10 +0000)]
dbus: Remove 'dbus-x11' from RPROVIDES
Since runtime dependencies to the old 'dbus-x11' compatibility label
are now no longer used in either poky or meta-openembedded provided
layers, we can remove it.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Sun, 27 Apr 2025 09:43:02 +0000 (11:43 +0200)]
linux/cve-exclusion: do not shift first_affected
Stop shifting first_affected if backport is indicated. This does not
have effect on generated list, but makes the logic cleaner as it will
not shift it to "first affected on our branch" and also make it behave
like in defaultStatus==affected case.
Cc: daniel.turull@ericsson.com Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Sun, 27 Apr 2025 09:43:01 +0000 (11:43 +0200)]
linux/cve-exclusion: update exclusions after script fixes
This will shift fixed version of many CVEs, it does not change status of
any CVE.
Note that the current format of cvelistV5 does not allow us to determine
real value of "fixed_in" without also checking the hashes, but the
result are still fine.
The reason is that many entries are missing original_commit_for_fix
field and thus we see the final "fixed_in" version to be set to backport
to previous branch (e.g. 6.12.23 instead of 6.13).
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Current code takes the first version found as "fixed-version".
That is not correct as it is almost always only the oldest backport.
Fix it by unconditionally shift the assigmnet of variable "fixed" so
that we take last instead of first version.
Cc: daniel.turull@ericsson.com Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Include bidi mirroring variants of the requested codepoints when subsetting. The new HB_SUBSET_FLAGS_NO_BIDI_CLOSURE can be used to disable this behaviour.
Various bug fixes.
Various build fixes and improvements.
Various test suite improvements.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Sat, 26 Apr 2025 17:08:23 +0000 (19:08 +0200)]
bash: use -std=gnu17 also for native CFLAGS
* fixes builds on host with gcc-15:
http://errors.yoctoproject.org/Errors/Details/853016/
../../bash-5.2.37/builtins/mkbuiltins.c:268:29: error: too many arguments to function ‘xmalloc’; expected 0, have 1
268 | error_directory = xmalloc (2 + strlen (argv[arg_index]));
| ^~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Sat, 26 Apr 2025 13:41:53 +0000 (15:41 +0200)]
pkgconfig: fix build with gcc-15
* on hosts with gcc-15 or whenever glib PACKAGECONFIG isn't enabled
and pkgconfig uses own old bundled glib
* fixes:
http://errors.yoctoproject.org/Errors/Details/853015/
../../../git/glib/glib/goption.c:169:14: error: two or more data types in declaration specifiers
169 | gboolean bool;
| ^~~~
../../../git/glib/glib/goption.c:169:18: warning: declaration does not declare anything
169 | gboolean bool;
| ^
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 25 Apr 2025 11:43:21 +0000 (12:43 +0100)]
libunwind: fix build when unused sections are garbage collected
poky-tiny uses gcsections.inc to strip unused sections from the
binaries. However, on qemuarm5/qemuarm64 with poky-tiny this appears to
result in too much being removed and the link fails:
ld: .libs/Gtest-trace: hidden symbol `__aarch64_cas8_acq_rel' in
libgcc.a(cas_8_4.o) is referenced by DSO
Work around this by disabling gcsections.inc.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
https://www.alsa-project.org/wiki/Changes_v1.2.13_v1.2.14 Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
https://www.alsa-project.org/wiki/Changes_v1.2.13_v1.2.14 Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Volk [Thu, 24 Apr 2025 21:40:44 +0000 (23:40 +0200)]
default-providers.inc: add entries for virtual/libsdl2
virtual/libsdl2 can be provided by 'libsdl2' and 'libsdl2-compat' where the latter
is a replacement for libsdl2 that uses libsdl3 behind the scenes and should
be favored if applicable.
Signed-off-by: Markus Volk <<a href="mailto:f_l_k@t-online.de">f_l_k@t-online.de</a>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The linux-firmware Makefile defines an 'install-zst' rule, but currently
fw_compr_suffix() return the '-zstd' suffix when FIRMWARE_COMPRESSION is
set to 'zstd' which produces:
make: *** No rule to make target 'install-zstd'.
Return '-zst' instead to properly run 'make install-zst'.
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Daniel Turull [Sat, 26 Apr 2025 16:19:29 +0000 (18:19 +0200)]
cve-exclusions: correct cve status for 5 entries
In commit 8a7af09feb the CVE_STATUS was copy from the old data
for 6.6 kernel, which had backport information.
Correcting status to when the fix was introduced and adding
references to the fixes.
Fixes: 8a7af09febc28477094de0999ab6321d910811b2 Reported-by: Peter Marko <Peter.Marko@siemens.com> Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Tue, 22 Apr 2025 12:29:51 +0000 (14:29 +0200)]
ptest-cargo: handle packageconfig arguments
Align cargo options between ptest-cargo and cargo classes.
After oe-core commit 16745b20452de60ae2474433cc1a2fb1ed9f6a64 there is
a discrepancy between cargo arguments in compile and compile-ptest-cargo
steps when packageconfig is used for cargo based recipes.
Currently we have to do something like following code to build ptest
enabled cargo based recipe:
CARGO_BUILD_FLAGS:append:task-compile-ptest-cargo = " ${PACKAGECONFIG_CONFARGS}"
Otherwise the options are either doubled in compile step or completely
missing in compile-ptest-cargo step.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Fri, 18 Apr 2025 11:39:34 +0000 (19:39 +0800)]
dpkg: drop suffix from version number
The current dpkg runtime version is generated by 'git describe' command
in build-aux/get-version. But since we have made changes to git repo
locally, it adds a -dirty suffix to the version number.
Add a .dist-version file in the source directory. Then get-version can
determine the version through .dist-version instead of "git describe"
command, thus removing the -dirty suffix.
Before the fix:
$ dpkg --version
Debian 'dpkg' package management program version 1.22.11-dirty (amd64).
After the fix:
$ dpkg --version
Debian 'dpkg' package management program version 1.22.11 (amd64).
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
image/populate_sdk.bbclass: drop qemuwrapper-cross from DEPENDS
For packages that need qemuwrapper-cross, they should have it
in PAKAGE_WRITE_DEPS.
Now that we've used 'qemuwrapper-cross' to replace 'qemu-native'
for recipes that need qemu-native for their postinsts, and we've
now mapped PACKAGE_WRITE_DEPS for nativesdk recipes, these
qemuwrapper-cross dependencies can be dropped from image.bbclass
and populate_sdk.bbclass.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Thu, 17 Apr 2025 09:34:57 +0000 (11:34 +0200)]
spdx: extend CVE_STATUS variables
If spdx is generated without inheriting cve/vex classes (which is poky
default), only explicitly set CVE_STATUS fields are handled.
Calculated ones (e.g. from CVE_STATUS_GROUPS) are ignored.
Fix this by expanding the CVE_STATUS in spdx classes.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Thu, 17 Apr 2025 09:34:56 +0000 (11:34 +0200)]
cve-check: extract extending CVE_STATUS to library function
The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and
CVE_STATUS_GROUPS is used on multiple places.
Create a library funtion to have the code on single place and ready for
reuse by additional classes.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Olga Denisova [Tue, 15 Apr 2025 16:35:27 +0000 (19:35 +0300)]
pybootchartgui: visualize /proc/net/dev network stats in graphs
This patch adds support for parsing and visualizing network interface statistics from /proc/net/dev in pybootchartgui. It introduces a new NetSample class to hold per-interface metrics, including received/transmitted bytes and their deltas over time.
The data is drawn using line and box charts in draw.py and helps to monitor
network usage during the boot process for each interface individually.
Olga Denisova [Tue, 15 Apr 2025 16:16:15 +0000 (19:16 +0300)]
buildstats.py: Add tracking of network I/O per interface
This patch extends SystemStats to collect and store data from /proc/net/dev.
It extracts per-interface received and transmitted bytes, calculates deltas
between samples, and stores them for further analysis.
Useful for identifying network bottlenecks during long-running builds.
buildstats.py: extend diskstats support for NVMe and flexible token count
Added support for NVMe devices in the diskstats regex pattern to ensure stats are properly collected from devices like nvme0n1.
Relaxed the check for the number of fields in /proc/diskstats from an exact match (14) to a minimum check (at least 14), to handle kernel variations and additional fields gracefully.
Changqing Li [Tue, 15 Apr 2025 10:56:07 +0000 (18:56 +0800)]
buildtools-tarball: Make buildtools respects host CA certificates
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.
nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work
nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work
nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works
nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpm-sequoia-crypto-policy: Fix build failure on Debian 12+Strongswan
rpm-sequoia-crypto-policy tries to validate the configuration files
using host tools. For the Strongswan policy, it uses
"ipsec readwriteconf" which is not available on Debian 12 with
Strongswan installed.
To fix this, add and use an option to skip the problematic validation.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 22 Apr 2025 19:00:52 +0000 (20:00 +0100)]
systemd: always depend on the explicit serial console units
The systemd-serialgetty recipe generates explicit units for consoles
that are defined in SERIAL_CONSOLES, and if that variable is not defined
then just produces an empty package.
Even when systemd has been configured to use the getty generator, if
there are explicit consoles defined then we should respect them. Don't
conditionalise the dependency on systemd-serialgetty so that we always
pull in the explicit consoles.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 22 Apr 2025 19:00:51 +0000 (20:00 +0100)]
systemd: enable getty generator by default
Until recently, even when the getty generator was disabled in the
systemd recipe it was actually still active. This was because the old
behaviour was to delete the serial-getty template unit if the generator
was disabled, but the systemd-serialgetty package shipped then shipped
the same files so the generator continued to run. This was a bug in the
original commit[1] so this behaviour has been present since 2016.
My recent fixes[2] changed this: if the getty generator was disabled
then the generator itself is deleted. This makes the actual behaviour
match the intention, but the consequence was to demonstrate that some
modern platforms were relying on this unexpected behaviour: specifically
the genericarm64 BSP which intends to support a number of virtual and
physical boards with a number of serial console ports that are not
really suitable to be hardcoded into SERIAL_CONSOLES:
- ttyS0
- ttyAMA0 (AMBA PL011 uart)
- ttyS2 (BeagleBone Play, S0 and S1 are internal)
- hvc0 (KVM)
- ttyPS1 (AMD KV260)
- And most likely more
Restore the existing behaviour by explicitly enabling the serial getty
generator: this means that systemd will automatically bring up a getty
on the first serial console it finds.
In the future we should extend some level of dynamic console-finding to
sysvinit-based systems by searching for a console device in inittab, but
for now this reverts the unintentional regression.
[1] oe-core 2a8d0df47c9 ("systemd: make systemd-serialgetty optional")
[2] oe-core 2beb3170af6 ("systemd: if getty generator is disabled remove
the generator, not the units")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some unit tests were previously marked as ignored due to failures in earlier
versions of Rust. With the upgrade to Rust 1.85.1, these tests are now passing
consistently. They've been re-enabled and verified to run successfully on the
latest version.
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In order to properly generate Rust bindings for the target systems, we
need to pass '-taget foo-linux-gnueabi' flags and a correct include
target include path (${STAGING_INCDIR}) to the bindgen. Add those
flags to the generated meson target file.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bitbake.conf: Switch prefix mapping to use -ffile-prefix-map
-ffile-prefix map is more comprehensive when it comes to reproducible
builds and its superset of all prefix-mapping options in compilers
This makes is cleaner and workable across gcc and clang, clang does not
support -fcanon-prefix-map and it has to be explicitly omitted when using
clang.
There are lambdas generated in templates by clang which still get the
absolute paths despite -fdebug-prefix-map, this helps with that as well.
nasm is an outlier and we have fixed it by adding -fdebug-prefix-map option
luckily we do not pass DEBUG_PREFIX_MAP to nasm, in all recipes which use
nasm either pass -fdebug-prefix-map explicitly to nasm or they rewrite it
to use nasm flags syntax.
classes/recipes: remove unnecessary qemu inherit and use qemuwrapper-cross
These classes/recipes inherit qemu.bbclass but do not use anything from it.
What they use is qemuwrapper-cross, which is needed at do_rootfs time and
needs to be pulled-in by PACKAGE_WRITE_DEPS.
Also, in meta/conf/layer.conf, exclude qemuwrapper-cross deps for all arch
recipes that depend on it. This it ensure allarch recipes have the same
signature across different machines.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
commit [cfg/intel.scc: Include iommu.scc for Arrowlake boot support]
moves the iommu configuration to a location that is included by more
BSPs and kernel types.
One of those kernel types is the -tiny kernel, which uses a allnoconfig
base. Due to the allnoconfig, there are missing dependencies to allow
the desired options to be enabled in the final .config
Those missing options throw configuration audit warnings
By adding the required dependencies to the fragment, it is now
standalone and can be included from anywhere without configuration
audit warnings being triggered.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Fri, 18 Apr 2025 19:54:46 +0000 (15:54 -0400)]
linux-yocto/6.12: cfg: Include iommu.scc for Arrowlake boot support
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Yogesh Tyagi
Email: yogesh.tyagi@intel.com
Subject: cfg/intel.scc: Include iommu.scc for Arrowlake boot support
Date: Mon, 14 Apr 2025 11:55:45 +0530
Move features/iommu/iommu.scc from bsp/intel-common/intel-corei7-64.scc and
bsp/intel-x86/intel-x86.scc to cfg/intel.scc to eliminate redundancy and ensure
IOMMU support (CONFIG_INTEL_IOMMU=y, etc.) is enabled for genericx86-64
on Intel Arrowlake, resolving boot issues.
This changes is needed in 6.12 as well as master branch.
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
