Mingli Yu [Mon, 6 Jun 2022 10:50:59 +0000 (18:50 +0800)]
ccache: Fix build with gcc-12
Fix the build failure when debug build is enabled.
Add DEBUG_BUILD = "1" in conf/local.conf.
$ bitbake ccache
| /buildarea/tmp/work/core2-64-poky-linux/ccache/4.6.1-r0/ccache-4.6.1/src/third_party/xxhash.h:3932:1: error: inlining failed in call to 'always_inline' 'XXH3_accumulate_512_sse2': function not considered for inlining
3932 | XXH3_accumulate_512_sse2( void* XXH_RESTRICT acc,
| ^~~~~~~~~~~~~~~~~~~~~~~~
/buildarea/tmp/work/core2-64-poky-linux/ccache/4.6.1-r0/ccache-4.6.1/src/third_party/xxhash.h:4369:9: note: called from here
4369 | f_acc512(acc,
| ^~~~~~~~~~~~~
4370 | in,
| ~~~
4371 | secret + n*XXH_SECRET_CONSUME_RATE);
Ming Liu [Mon, 6 Jun 2022 09:33:14 +0000 (11:33 +0200)]
udev-extraconf: let automount base directory configurable
Dont hard-code automount base directory to '/run/media', introduce a
variable MOUNT_BASE to let it configurable, like in udisks2 the mount
base is also configurable by setting option: --enable-fhs-media.
Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pavel Zhukov [Fri, 3 Jun 2022 06:41:22 +0000 (08:41 +0200)]
bitbake.conf: Make TCLIBC and TCMODE lazy assigned
This allows two level of overriding (distro level and local.conf/shell
variable). Previous settings blocked shell variables overring
if it was overriden on distro level.
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
linux-firmware: add support for building snapshots
In some cases it is useful to be able to test the snapshot of
linux-firmware (e.g. to test if the updated firmware works on the
particular hardware). Allow building the linux-firmware snapshots.
To switch to the most recent branch, add the following lines to the
local.conf file:
Richard Purdie [Sat, 4 Jun 2022 22:50:43 +0000 (23:50 +0100)]
perl: Add dependency on make-native to avoid race issues
Make 4.1 has race issues with double colon usage in makefiles which are common
in MakeMaker generated code in perl. Add a dependency on make-native to avoid
this as it is relaitvely low overhead.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 4 Jun 2022 22:47:55 +0000 (23:47 +0100)]
sanity: Switch to make 4.0 as a minimum version
We can't build glibc without make 4.0 and we don't work on older distros with
older versions of make without buildtools tarball so increase the minimum
version to 4.0.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sean Anderson [Tue, 31 May 2022 15:10:52 +0000 (11:10 -0400)]
rootfs.py: find .ko.zst kernel modules
With CONFIG_MODULE_COMPRESS_ZSTD enabled, kernel modules will have a
.ko.zst extension. This fixes depmod not being run.
Fixes: 1b696a45ddb ("rootfs.py: Add check for kernel modules before running depmod") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
license.bbclass: Bound beginline and endline in copy_license_files()
Ensure that begin_idx (i.e., beginline - 1) and end_idx (i.e.,
endline) are positive numbers in copy_license_files(). This makes sure
the same lines are copied as populate_lic_qa_checksum() uses when it
calculates the checksum. Before, beginline=0 would typically lead to
that no lines were copied at all.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously, only the first line of the LICENSE file was included,
which only covered the license name and thus would not detect a change
to the version (or anything else for that matter).
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-update-db-native: make it possible to disable database updates
Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.
Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-check: write empty fragment files in the text mode
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.
However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.
Fix it by always writing a fragment file, even if empty.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 5 Jun 2022 12:23:30 +0000 (13:23 +0100)]
populate_sdk_ext: Fix second bb_unihashes reference
A previous fix for zero length bb_unihashes.dat files wasn't complete
as there is a second copy of the unihashes file made. Change this second
call site to match the first to fully fix the zero length file issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Wiehler [Thu, 2 Jun 2022 09:45:14 +0000 (11:45 +0200)]
kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
Several tasks deactivate exiting on non-zero return codes via set +e because
they run subcommands that have legitimate non-zero return codes. However when
appending to those tasks, this behavior is not expected and can lead to builds
silently proceeding in case of an error. Therefore reset the default behavior
at the end of the respective tasks via set -e.
Signed-off-by: Stefan Wiehler <stefan.wiehler@nokia.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These explicit tracepoints aren't really used and show sign of aging.
It's work to keep these up to date, and before I attempted to keep them
up to date, they weren't up to date, which indicates that they're not
really used. These days there are better ways of introspecting anyway.
Which causes the following build failure
lttng-modules-2.13.3/src/probes/lttng-probe-random.c:18:10: fatal error: trace/events/random.h: No such file or directory
| 18 | #include <trace/events/random.h>
| | ^~~~~~~~~~~~~~~~~~~~~~~
| compilation terminated.
Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mingli Yu [Thu, 2 Jun 2022 05:46:40 +0000 (13:46 +0800)]
perl: Fix build with gcc-12
Fix the build failure when debug build is enabled.
Add DEBUG_BUILD = "1" in conf/local.conf.
$ bitbake perl
| In function 'dynprep',
inlined from 'S_sortsv_flags_impl' at pp_sort.c:358:20,
inlined from 'sortsv_amagic_i_ncmp' at pp_sort.c:572:5:
| pp_sort.c:1232:1: error: inlining failed in call to 'always_inline' 'S_amagic_i_ncmp': function not considered for inlining
| 1232 | S_amagic_i_ncmp(pTHX_ SV *const a, SV *const b)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Permission model of overlayfs uses permissions/ownership from the upper
layer after mounting. Fix up UID/GID of the upper layer, when lower
layer already uses something custom.
Signed-off-by: Vyacheslav Yurkov <v.yurkov@precitec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
files: rootfs-postcommands: move helper commands to script
OverlayFS systemd helper unit might require more pre-processing
commands. It gets more complicated to embed them in a unit file, because
systemd shell subset is limited and might require additional escaping.
Move the command to a separate script, thus simplifying systemd unit.
Signed-off-by: Vyacheslav Yurkov <v.yurkov@precitec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 1 Jun 2022 18:17:42 +0000 (19:17 +0100)]
populate_sdk_ext: Fix race condition on bb_unihashes.dat
There is a race were the bb_unihashes.dat file may end up zero sized due to
concurrent builds. Use recently added API within bitbake to copy the file
safely. Also use the opportunity to remove hardcoded filepaths internal to
bitbake from OE-Core.
Bump the minimum bitbake version to match the API being used.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jeremy Puhlman [Wed, 1 Jun 2022 23:02:15 +0000 (19:02 -0400)]
gcc: depend on zstd-native
Sharing sstate cache binaries between two systems, one with libzstd installed
and the other without, leads to various gcc components being linked against
the system libzstd and failing to run on the system with out it installed.
Make zstd-native from our system available.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 2 Jun 2022 07:57:55 +0000 (08:57 +0100)]
openssl: Backport fix for ptest cert expiry
ptests in in openssl have started failing as one of the test certificates has
expired. Backport a fix for this from upstream, replacing the test
certificate to allow the ptests to pass again.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wangmy [Mon, 30 May 2022 06:40:47 +0000 (14:40 +0800)]
logrotate: upgrade 3.19.0 -> 3.20.1
Changelog:
=========
drop world-readable permission on state file even when ACLs are enabled (#446)
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wangmy [Mon, 30 May 2022 06:38:40 +0000 (14:38 +0800)]
cups: upgrade 2.4.1 -> 2.4.2
Changelog:
==========
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The cupsFileOpen function no longer opens files for append in read-write
mode (Issue #291)
- The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
closing the connection (Issue #365)
- Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
- IPP Everywhere queue (Issues #340, #343)
- The lpstat command now reports when the scheduler is not running
(Issue #352)
- Updated the man pages concerning the -h option (Issue #357)
- Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
"cupsd.conf" file (Issue #371)
- Updated the scheduler to set "auth-info-required" to "username,password" if a
backend reports it needs authentication info but doesn't set a method for
authentication (Issue #373)
- Updated the configure script to look for the OpenSSL library the old way if
pkg-config is not available (Issue #375)
- Fixed the prototype for the httpWriteResponse function (Issue #380)
- Brought back minimal AIX support (Issue #389)
cupsGetResponse did not always set the last error.
- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
interface.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Sun, 29 May 2022 02:34:05 +0000 (04:34 +0200)]
patch.py: make sure that patches/series file exists before quilt pop
* Since quilt upgrade to 0.67 some recipes sometimes fail in do_patch with
errors like:
ERROR: Applying patch 'GPLv2.patch' on target directory '/OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/keymaps/1.0-r31'
CmdError('quilt --quiltrc /OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/keymaps/1.0-r31/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout:
stderr: File series fully applied, ends at patch GPLv2.patch
')
* It affects only recipes with S = "${WORKDIR}", which wipe only
${S}/patches, because in other cases whole ${S} is wiped when
do_unpack is re-executed.
this is now causing issues to quilt-0.67 because it checks that
${S}/patches/series exists during 'quilt pop -a -f' which we call
from QuiltTree.Clean to undo patches possibly already applied
in ${S} in previous do_patch execution.
* There are couple recipes affected by this e.g. keymaps (.patch already
removed in oe-core), makedevs (.patch removal sent to ML yesterday
https://lists.openembedded.org/g/openembedded-core/message/166172),
devmem2
(https://lists.openembedded.org/g/openembedded-devel/message/97270), but
there are other recipes with S = "${WORKDIR}" where you can trigger this
e.g. by having a .patch file in DISTRO layer .bbappend (e.g. tzdata with
webOS
https://github.com/webosose/meta-webosose/blob/06e5298d9f5c47679b679081d9930f8d1c776142/meta-webos/recipes-extended/tzdata/tzdata.bbappend#L10)
The shortest sequence to reproduce this is just
bitbake keymaps -c patch
bitbake keymaps -c unpack -f
bitbake keymaps -c patch
with
https://git.openembedded.org/openembedded-core/commit/?id=17d981005a0c0c97702ad88602b7181b69bcc9eb
reverted.
And the change in quilt behavior is causing QuiltTree.Clean (quilt pop -a -f) in:
https://git.openembedded.org/openembedded-core/tree/meta/lib/oe/patch.py?id=17d981005a0c0c97702ad88602b7181b69bcc9eb#n601
to silently fail with "No series file found" before undoing the
patches in ${S} and then quilt push failing, because all the
patches are _still_ applied in ${S}.
Removing ".pc" doesn't help, because we really
need quilt's help to undo the patches (in this case to delete COPYING
file from WORKDIR before applying the .patch which tries to add it
again), because do_unpack cannot just wipe S and start over (because S
== WORKDIR) - nor selectively removing the files listed in SRC_URI,
because COPYING file isn't listed there.
Using skip_series_check in 'quilt pop' (partially reverting the change
from upstream) does fix this as well and it's simple one line patch
(just adding skip_series_check=1 in pop.in), but might be difficult
to upstream, because it's this strange OE specific behavior that we
remove 'patches' directory and then still need quilt pop to work.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Fri, 27 May 2022 07:07:11 +0000 (00:07 -0700)]
systemd: Set RebootWatchdogSec to 60s as watchdog
The systemd-shutdown sets watchdog timeout to 10m (600 seconds) which is too
large, and caused errors when reboot on boars such as rpi4:
systemd-shutdown[1]: Failed to set timeout to 10min: Invalid argument
The watchog's default value is 60s, so set RebootWatchdogSec to 60s to fix the
errors. And <machin.conf> can set WATCHDOG_TIMEOUT when needed, for example,
the max timeout of rpi4 is 15 seconds.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 29 May 2022 10:51:59 +0000 (11:51 +0100)]
cve-check: Allow warnings to be disabled
When running CVE checks in CI we're usually not interested in warnings on the
console for any CVEs present. Add a configuration option CVE_CHECK_SHOW_WARNINGS
to allow this to be disabled (it is left enabled by default).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dmitry Baryshkov [Fri, 27 May 2022 17:22:55 +0000 (20:22 +0300)]
go.bbclass: fix path to linker in native Go builds
Building native Go tools results in the tool pointing to the wrong
location of dynamic linker (see below). The linker is looked up in the
temporary dir, which can be removed if rm_work is inherited. This
results in being unable to execute the program with the 'No such file or
directory' error. Override linker specificiation for native recipes (and
let Go build environment to pick up a correct one on it's own).
The error is observed in case the distro doesn't use uninative.bbclass.
If uninative.bbclass is used, the binary will be patched automatically
to use the uninative loader instead of the system one.
Without this patch:
$ ldd tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man
linux-vdso.so.1 (0x00007ffe945ec000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3a7490e000)
/home/lumag/Projects/RPB/build-rpb/tmp-rpb-glibc/work/x86_64-linux/go-md2man-native/1.0.10+gitAUTOINC+f79a8a8ca6-r0/recipe-sysroot-native/usr/lib/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 (0x00007f3a74d13000)
$ tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man --help
-bash: tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man: No such file or directory
With the patch
$ ldd tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man
linux-vdso.so.1 (0x00007ffd19dbf000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2d44181000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2d44586000)
$ tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man --help
Usage of tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man:
-in string
Path to file to be processed (default: stdin)
-out string
Path to output processed file (default: stdout)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 27 May 2022 16:05:44 +0000 (17:05 +0100)]
python3: Ensure stale empty python module directories don't break the build
There are two issues inside importlib. Firstly, the modules are accessed in
on disk order. This means behaviour seen on one system might not reproduce
on another and is a real headache.
Secondly, empty directories left behind by previous modules might be looked
at. This has caused a long string of different issues for us.
As a result, patch this to a behaviour which works for us. Upstream discussion
can follow later, this is breaking builds for too many people to leave unpatched.
[YOCTO #14816]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 27 May 2022 10:43:36 +0000 (11:43 +0100)]
python3: Remove problematic paths from sysroot files
In the native sysroot we should never have paths to the python3-native
build directory. These may or may not exist at the time some dependency
is building and nothing should rely upon them.
I suspect nothing is relying on this at the moment but clean up
just to be sure.
The various config copies are adjusted to be modified consistently as some
copies were and some were not. The Makefile has the "bad" ${B} paths
replaced with a dummy placeholder too.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 24 May 2022 12:03:07 +0000 (13:03 +0100)]
lzo: Add further info to a patch and mark as Inactive-Upstream
Add some further info to the patch based on upstream changes. Given the last release
in 2017 and glaring issues on at least armv5, it does raise the question on whether
we should drop this. There are probably better compression tools now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tobias Schmidl [Wed, 25 May 2022 12:25:26 +0000 (14:25 +0200)]
wic/plugins/images/direct: Allow changes in fstab on rootfs
Allow wic to also manipulate the rootfs entry in fstab, which it
currently refuses to write. Reasons one might want to do that include
using systemd-growfs via --fsoptions on /
With this change / is now handled exactly the same as other
mountpoints, the former exception seemingly was not even documented.
Richard Purdie [Wed, 25 May 2022 16:49:12 +0000 (17:49 +0100)]
cve-extra-exclusions: Add kernel CVEs
For OE-Core our policy is to stay as close to the kernel stable releases
as we can. This should ensure the bulk of the major kernel CVEs are fixed
and we don't dive into each individual issue as the stable maintainers are
much more able to do that.
Rather than just ignore all kernel CVEs which is what we have been doing,
list the ones we ignore on this basis here, allowing new issues to be
visible. If anyone wishes to clean up CPE entries with NIST for these, we'd
welcome than and then entries can likely be removed from here.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Wed, 25 May 2022 05:55:56 +0000 (22:55 -0700)]
libsdl2: add back xvm and xinerama options
When building libsdl2-native, and I met a do_configure error as below.
| CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
| Please set them or make sure they are set and tested correctly in the CMake files:
| XINERAMA_LIB
This error appears on hosts with libxinerama-dev installed.
leimaohui [Wed, 25 May 2022 03:48:09 +0000 (11:48 +0800)]
gnutls: Added fips option.
- Added a patch to avoid excute fipshmac command. Because *.hmac
file should be created on target instead of on build environment.
- Added pkg_postinst_ontarget to make sure necessary files are
created on target.
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Naveen Saini [Wed, 25 May 2022 02:43:29 +0000 (10:43 +0800)]
pciutils: avoid lspci conflict with busybox
if virtualization is enabled as DISTRO_FEATURES, then meta-virtualization layer
enables CONFIG_LSPCI=y for busybox, which in result have conflicts with pciutils
update-alternatives: Error: not linking ..core-image-base/1.0-r0/rootfs/usr/bin/lspci
to /bin/busybox.nosuid since
..core-image-base/1.0-r0/rootfs/usr/bin/lspci exists and is not a link
So marking it as ALTERNATIVE with ALTERNATIVE_PRIORITY set to 100
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
