Martin Jansa [Thu, 2 Apr 2026 00:14:58 +0000 (02:14 +0200)]
native/cross: ar wrapper: don't prepend 'D' when @<file> is used
In some cases bazel-native build calls ar with
@<file> - read options from <file>
syntax, where the ar params are generated in *.param file by
separate bazel action before ar is called.
Unfortunately this intercept breaks that syntax by prepending D like:
Don't try to inject D into first line of @<file>, lets assume the caller
uses D already (bazel uses 'rcsD' by default).
* Ar flags for combining object files into archives. If this is not set, it
* defaults to "rcsD".
* TODO(b/37271982): Remove after blaze with ar action_config release
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sets the correct license for the libgcc-src package. Note that even
though the package is not in PACKAGES, it is implicitly added when
PACKAGE_DEBUG_SPLIT_STYLE is "debug-with-srcpkg" (the default). This
was likely not noticed sooner because the fix to allow the code to
detect this was relatively recent in 1816c5a5e7 ("lib/package: Check
incompatible licenses at packaging time")
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Apr 2026 16:23:37 +0000 (17:23 +0100)]
busybox: fix DISTRO_FEATURES detection
Changes to how DISTRO_FEATURES is evaluated meant that busybox was using
a partial DISTRO_FEATURES and thus disabling features it should not be.
This is due to the use of immediate assignments which are evaulated
before the final value is calculated (by anonymous Python in base.bbclass).
Remove entirely DO_IPv4/DO_IPv6 as they're used once, replacing with
inline bb.utils.contains_any().
Remove the immediate assignments to OE_FEATURES/OE_DEL so that they are
evaluated on use. The evaluation is expensive, but it only happens once.
[1] oe-core 159148f4de ("meta: Support opting out of any distro features")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Apr 2026 21:02:26 +0000 (22:02 +0100)]
classes/sbom-cve-check-recipe: add recipe-scanning class
Add a second sbom-cve-check class that scans the recipe-SBOM, unlike
sbom-cve-check.bbclass which scans specifically an image's SBOM.
In most cases, image-derived SBOM scanning is preferred as this is able
to analyse the actual content of the image, e.g. reporting just the
kernel issues that have actually been compiled into the image (for
linux-yocto 6.18.19, this reduces the CVE count from 108 to 52).
However, for metrics or other specific purposes it might be useful to
scan a recipe-SPDX, so add a class that can do this.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Apr 2026 21:02:25 +0000 (22:02 +0100)]
classes/sbom-cve-check: extract common functionality to a -common.bbclass
Extract the common configuration variables and run_sbom_cve_check() that
actually invokes sbom-cve-check to a separate class, so that other
classes that are not tied to image generation can use the same logic.
No code changes, just movement.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Benjamin Robin [Tue, 7 Apr 2026 21:02:21 +0000 (22:02 +0100)]
sbom-cve-check-update-db: Fix unpack removing other databases
Previously, `UNPACKDIR` was set to `${SBOM_CVE_CHECK_DEPLOY_DB_DIR}`,
which points to the `./databases/` directory and may contain multiple
databases. Since `do_unpack` cleans the `${UNPACKDIR}` directory,
`UNPACKDIR` must only contain a single database.
To address this, set `UNPACKDIR` to
`${SBOM_CVE_CHECK_DEPLOY_DB_DIR}/${SBOM_CVE_CHECK_DB_NAME}` and
configure `destsuffix` to an empty string. However, it is currently not
possible to set `BB_GIT_DEFAULT_DESTSUFFIX` to an empty string, so
`destsuffix` is configured through the SRC_URI instead.
Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com> Tested-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The `do_populate_lic` task was failing because it runs after `do_patch`,
but the indirect dependency on `do_unpack` was lost when the `do_patch`
task was deleted.
It is safe, and even preferable, to retain the `do_patch` task, as this
allows users to apply patches to their CVE databases.
When "wic create ..." is invoked with a bare *wks name (i.e. without the
`.wks` extension), wic calls engine.py:find_canned_images() to find the
fully qualified *wks file. This function searches every directory formed by:
- permutating all BBLAYERS with `/wic`
- permutating all BBLAYERS with `/scripts/lib/wic/canned-wks`
- checking `<scripts_path>/lib/wic/canned-wks`
Where `<scripts_path>` is the directory containing the wic program.
When wic is part of oe-core, the last search path succeeds in finding
the canned *wks files in `<topdir>/scripts/lib/wic/canned-wks` (since
the wic program is found in oe-core's `<topdir>/scripts` directory, and
`<topdir>/scripts` is not a BBLAYER).
However, once wic is removed from oe-core, this algorithm will not find
these bare *wks files in any of the above-mentioned search paths since
the oe-core layer will no longer be the home of the wic program, and the
canned *wks files are not located in any directory relative to BBLAYERS.
Since these *wks files are specific to oe-core's meta layer, they should
stay with this layer. Therefore move the *wks files so they exist in one
of the locations searched relative to oe-core/meta's BBLAYERS.
NOTE: this patch is in preparation for removing wic from oe-core
the wic oe-selftests work fine with this patch being added now
[RP: Updated meta/wic -> meta/files/wic] Reviewed-by: Bruce Ashfield <bruce.ashfield@gmail.com> Reviewed-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 5 Apr 2026 07:05:09 +0000 (08:05 +0100)]
image_types_wic: Add files/wic to the search path for wks files
With the move of wic to a standalone tool, "files/wic" makes the most
logical place to look for files in the standard layer structure. Add
this to the search path.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The wic utility will no longer be integrated into the oe-core
repository. However, the wic utility will continue to exist under The
Yocto Project umbrella. This will allow wic to be more easily used
independently of bitbake and oe-core.
The primary repository for standalone wic will be:
https://git.yoctoproject.org/wic
Reviewed-by: Bruce Ashfield <bruce.ashfield@gmail.com> Reviewed-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Delete the wic.Wic2.test_sparse_copy test since it tests code that is
internal to wic itself. Once wic is removed from oe-core it will not be
possible to test this function from this layer.
NOTE: this patch is in preparation for removing wic from oe-core
the wic oe-selftests work fine with this patch being added now
Reviewed-by: Bruce Ashfield <bruce.ashfield@gmail.com> Reviewed-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The wic oe-selftest defines its own class (WicTestCase) for handling
setup, teardown, and various other pieces needed to run the individual
wic oe-selftests. As part of oe-core, the wic.CLITests do not need
setup and teardown. However, once wic is no longer part of oe-core, the
oe-selftests will need to know where to find wic that comes from a
recipe. Update PATH so wic will be available.
NOTE: this patch is in preparation for removing wic from oe-core
the wic oe-selftests work fine with this patch being added now
AI-Generated: codex/gpt-5.4 (high) Reviewed-by: Bruce Ashfield <bruce.ashfield@gmail.com> Reviewed-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a recipe for the external wic utility from
https://git.yoctoproject.org/wic. Add wic to the list of native
wic-tools, and make it a dependency of the image bbclass for wic images.
Add myself as maintainer for this new recipe, as well as the wic-tools
recipe (which did not have a maintainer).
NOTE: this patch is in preparation for removing wic from oe-core
the wic oe-selftests work fine with this patch being added now
Reviewed-by: Bruce Ashfield <bruce.ashfield@gmail.com> Reviewed-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
weston-init: add repaint-window=10 to [core] config
Weston's default repaint-window is 7ms. At 60 fps the vsync interval is
~16ms. Under load (multi-surface composition or 4K fullscreen
weston-simple-egl), the compositor cannot complete repaints within this
window, causing up to 50% FPS drops.
Changing repaint-window to 10ms gives the compositor sufficient time to
complete repaints before vblank while retaining a 6ms buffer acquisition
window, improving frame delivery consistency without introducing additional
frame latency.
Signed-off-by: Yash Gupta <ygupt@qti.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 2 Apr 2026 10:42:45 +0000 (11:42 +0100)]
conf/packagegroups: Drop usbhost/usbgadget from DISTRO_FEATURES to MACHINE_FEATURES
Whilst the intention was good, nobody really needs to exclude usbhost/usbgadget from a distro
level any more, it is sufficient to have it as a machine feature which configuraitons
could disable.
At the distro level it just confuses people and looks very dated, so
drop it to a machine feature only.
Instead, for distro level control you could simply now do:
MACHINE_FEATURES:remove = "usbgadget usbhost"
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 2 Apr 2026 10:37:12 +0000 (11:37 +0100)]
conf/packagegroups: Drop pcmcia from DISTRO_FEATURES to MACHINE_FEATURES
Whilst the intention was good, nobody really needs to exclude "pcmcia" from a distro
level any more, it is sufficient to have it as a machine feature which configuraitons
could disable.
At the distro level it just confuses people and looks very dated, so
drop it to a machine feature only.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Fri, 3 Apr 2026 08:38:33 +0000 (09:38 +0100)]
oelib: utils: Support opting out of all features
If '*' is present as a separate token in DISTRO_FEATURES_OPTED_OUT or
MACHINE_FEATURES_OPTED_OUT, interpret this as opting out of all default
features.
If '*' is part of a larger word, this is not treated specially - 'FOO*'
will not trigger removal of all features.
This is implemented in set_difference() so that the behaviour can be
reused in other similar processing we may need to do in the future.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Fri, 3 Apr 2026 08:38:32 +0000 (09:38 +0100)]
bitbake.conf: Document renamed default machine/distro features vars
Adding support for opting out of any machine/distro features has
obsoleted a few variables, add them to BB_RENAMED_VARIABLES so that
users get an error if they try to use the old names.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Fri, 3 Apr 2026 07:37:15 +0000 (08:37 +0100)]
checklayer: Fix current_tune tracking
Previous attempts to fix get_signatures() (see fixes tags below) were
misguided.
SIGGEN_UNIHASHMAP was added by commit 11373def3171
("sstatesig/populate_sdk_ext: Improve unihash cache handling"), and
exists to map taskhashes to unihashes for use by other code.
Importantly, entries in the list are duplicates of entries in
SIGGEN_LOCKEDSIGS_t-* lists but are not split by tune here.
The code in get_signatures() was not updated to handle SIGGEN_UNIHASHMAP
and so was accidentally treating these as additional signatures to check
for conflicts. However, current_tune was stuck at the value of the last
SIGGEN_LOCKEDSIGS_t-* assignment seen, typically x86-64 due to sorting.
So, we got nonsensical errors like the following (split for
readability):
The error only occurred with a hash equivalence server running, since
without one SIGGEN_UNIHASHMAP is empty. It was also non-deterministic -
a task only appears in the unihash map after the hashequiv server has
recorded a mapping for it, which may not happen on the first build after
a metadata change.
After this change, the locked-sigs.inc parser in yocto-check-layer is
still somewhat fragile and we need to be careful with future changes
that modify the locked sigs output. However, we can at least track which
variable we are looking at now :)
Fixes: 225923f3bfec ("checklayer: Really fix regex in get_signatures") Fixes: a2f7052cf832 ("checklayer: Fix regex in get_signatures") Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Fri, 3 Apr 2026 11:54:35 +0000 (12:54 +0100)]
sanity: Require tar 1.35 or later on rhel9-alike distros
tar 1.34 (and possibly earlier versions) is unable to extract tarballs
containing read-only files with xattrs. This was fixed upstream, but
it's unlikely at this point that the fix will be backported to RHEL9
related distros (CentOS Stream 9, AlmaLinux 9, Rocky Linux 9). The issue
affects these distros specifically because they have selinux enabled by
default and this uses xattrs.
The specific failure we've seen is with the /usr/lib/udev/hwdb.bin file
installed by the systemd recipe - this file is chmod 0444. This leads to
the following error, typically during do_image_wic (shortened and split
to make it readable):
subprocess.CalledProcessError: Command
'tar --xattrs --xattrs-include='*' -cf - -S -C .../tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0/rootfs -p . |
tar --xattrs --xattrs-include='*' -xf - -C .../tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0/tmp-wic/rootfs2'
returned non-zero exit status 2.
That error message is likely to confuse users, and the fix is not
obvious. So, error out if tar 1.34 or earlier is present on affected
distros and recommend upgrading or using the buildtools tarball.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ptest-packagelists.inc: add missing whitespace for :append
Noticed while reviewing the log, let's fix those before they create
unexpected problems in the future.
Fixes: 388cd4770e04 ("ptest-packagelists: Exclude ptests from musl which are known to fail") Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxcrypt: Use configure knob to disable warnings as errors
Passing Wno-error via environment flags for target and nativesdk
is intended but is not effective due to command line ordering and
as a result some patches have been added to disable particular kind
of warning as error. Given the scenario, warnings as errors should
be disabled for all builds, this makes it portable across hosts and
across compilers ( gcc, clang ) and glibc versions.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adam Duskett [Tue, 31 Mar 2026 09:57:10 +0000 (11:57 +0200)]
librepo: add PACKAGECONFIG[sequoia]
Currently, librepo compiled with -DUSE_GPGME=ON (the default setting)
causes dnf5 to fail importing repository keys. A very long writeup
of the issue is linked below. [1]
Add a new PACKAGECONFIG[sequoia] option which sets -DUSE_GPGME=OFF
and adds rpm and rpm-sequoia to the dependency list which ensures
dnf5 works with repository signing.
Ross Burton [Mon, 30 Mar 2026 13:28:23 +0000 (14:28 +0100)]
diffstat: change configure.in to use standard autoconf
diffstat uses a fork of autoconf which we don't package, but we need to
autoreconf the configure.in because it has buggy macros. The new version
of autoconf however notices that AC_OUTPUT is being called with invalid
arguments and refuses to run.
Luckily it's easy to use standard autoconf: delete the hand-coded
config_h.in so that autoheader runs, and use the standard form of
AC_OUTPUT to generate the Makefile and config.h.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
HOSTCC is used for linking as well but does not use any flags that
we can manipulate to add only during link step, we do depend on
what runtime to link to when using clang for host compiler which is
controlled via BUILD_LDFLAGS, therefore add that option to hostcc
This helps building busybox with TOOLCHAIN_NATIVE is set to clang
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
inetutils: Disable format-security warning as error with clang
GCC treats returns from _() as special since they are checked by
msgfmt-c and it knows this can be ignored, clang however does
not have this construct [1] and with latest clang-22 finds more
warnings and since in OE we turn these warnings into errors the
build fails.
Given that this is an addressed case, let clang not treat these
warnings as errors, we still see the diagnostic we just don't
break the build.
binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed
Both CVEs are disputed by third parties. The observed behavior
(double free / invalid pointer free in readelf) only occurred in
pre-release code and did not affect any tagged version [1][2].
CVE_STATUS[CVE-2025-69650] = "disputed: observed behavior only in pre-release code, does not affect any tagged version"
CVE_STATUS[CVE-2025-69651] = "disputed: observed behavior only in pre-release code, does not affect any tagged version"
U-Boot and barebox both have the vulnerability (signature verification
with FIT images).
Barebox published an advisory[0] linking to the fixing U-Boot commit.
The commit is on U-Boot v2026.04-rc4 and had to be adjusted for v2026.01.
Removed the check for a non-existent property since it was not
supported in v2026.01.
patchtest/selftest: Update selftest to handle non-zero exit code
Use subprocess.run() instead of subprocess.check_output(),
supbrocess.run() return CompletedProcess instance who provide:
- returncode
- stdout and stderr with stderr=subprocess.STDOUT argument
Update callers of test() to capture the return code returned by patchtest along
with the command output.
Include the command return code in analyze_result() and use it to validate test
for XPASS, XFAIL and XSKIP.
This allows selftest to take the command exit status into account when
analyzing results.
Signed-off-by: Naftaly RALAMBOARIVONY <naftaly.ralamboarivony@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Wed, 1 Apr 2026 17:41:58 +0000 (18:41 +0100)]
meta: Support opting out of any machine features
Add default values to MACHINE_FEATURES using the new
filter_default_features() function.
This change obsoletes the variables MACHINE_FEATURES_BACKFILL and
MACHINE_FEATURES_BACKFILL_CONSIDERED. Instead, all defaults are added
via MACHINE_FEATURES_DEFAULTS and users can opt out of any of these
using MACHINE_FEATURES_OPTED_OUT. Hopefully the variable naming here is
easier for people to understand and remember.
Migration notes:
- MACHINE_FEATURES will now get the default features added
automatically. You will need to review these and add any features you
do not want to use to MACHINE_FEATURES_OPTED_OUT.
- If you previously set MACHINE_FEATURES_BACKFILL_CONSIDERED, use the new
variable MACHINE_FEATURES_OPTED_OUT instead.
- If you previously modified MACHINE_FEATURES_BACKFILL, don't do that.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Wed, 1 Apr 2026 17:41:57 +0000 (18:41 +0100)]
meta: Support opting out of any distro features
Add default values to DISTRO_FEATURES using the new
filter_default_features() function.
This change obsoletes the variables DISTRO_FEATURES_BACKFILL and
DISTRO_FEATURES_BACKFILL_CONSIDERED. Instead, all defaults are added via
DISTRO_FEATURES_DEFAULTS and users can opt out of any of these using
DISTRO_FEATURES_OPTED_OUT. Hopefully the variable naming here is easier
for people to understand and remember.
Migration notes:
- If you have previously assigned DISTRO_FEATURES without using
DISTRO_FEATURES_DEFAULT, you will now get the default features added
automatically. You will need to review these and add any features you
do not want to use to DISTRO_FEATURES_OPTED_OUT.
- DISTRO_FEATURES_DEFAULT is now unused, the new variable name is
slighlty different to ensure that it is not accidentally used if a
layer hasn't been modified to adapt to the new naming.
- If you previously set DISTRO_FEATURES_BACKFILL_CONSIDERED, use the new
variable DISTRO_FEATURES_OPTED_OUT instead.
- If you previously modified DISTRO_FEATURES_BACKFILL, don't do that.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adam Duskett [Tue, 31 Mar 2026 09:57:11 +0000 (11:57 +0200)]
meta/lib/oe/rootfs.py: assign warn_check regex string to a variable
DNF5 has a hardcoded warning when gpg checks are disabled.
As such, the rpm rootfs.py PkgRootfs class needs to have a
a negative lookahead filter specific for the following warning:
"Warning: skipped OpenPGP checks" if RPM_SIGN_PACKAGES != 1.
This filter is added in the next patch.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 1 Apr 2026 21:27:45 +0000 (22:27 +0100)]
archiver: Don't try to preserve all attributes when copying files
Similar to https://git.openembedded.org/bitbake/commit/?id=2f35dac0c821ab231459922ed98e1b2cc599ca9a
there is a problem in this code when copying from an NFS mount.
We currently use cp -p, which is a shortcut for --preserve=mode,ownership,timestamps.
We shouldn't need to preserve mode/ownership, only timestamps. Update the code
in the same way the bitbake fetcher was fixed for consistency.
This fixes build failures on OpenSUSE 16.0.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 31 Mar 2026 13:24:28 +0000 (14:24 +0100)]
classes/sbom-cve-check: remove references to vex.bbclass
This is effectively a no-op change, as the recommended way to run
sbom-cve-check is with SPDX_INCLUDE_VEX="all", which includes all of the
data in the SPDX that the vex class would have generated.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jörg Sommer [Sat, 28 Mar 2026 21:18:57 +0000 (22:18 +0100)]
rpcbind: Remove IPv6 listener, if ipv6 not in DISTRO_FEATURES
Remove in all systemd socket files all Listen on IPv6 addresses, if IPv6 is
not available. Otherwise systemd warns about "Binding to IPv6 address not
available since kernel does not support IPv6."
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Le Qi [Fri, 27 Mar 2026 08:47:54 +0000 (16:47 +0800)]
alsa-ucm-conf: da7213: Add ADC switch in HeadphoneMic2 sequences
Enable and disable the ADC switch in HeadphoneMic2EnableSeq.conf and
HeadphoneMic2DisableSeq.conf to ensure headset microphone audio works
properly on Talos EVK with DA7213 codec.
Without this change, the headset mic path remains muted and capture
does not function.
but until now we haven't had the dependency when building only Vulkan
drivers. It was brought in by the gallium PACKAGECONFIG, which is by
default in mesa and mesa-gl recipes' PACKAGECONFIG but nothing forbids
us from removing it if we only need Vulkan drivers for some reason.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Quentin Schulz [Thu, 26 Mar 2026 11:05:50 +0000 (12:05 +0100)]
mesa: fix building imagination Vulkan driver
The imagination Vulkan driver requires a precomp-compiler from
mesa-tools-native since we've decoupled libclc from target mesa in
commit ac5e0160df78 ("mesa: depend on mesa-tools-native for less
expensive libclc dependency"). This is achieved by building the
imagination precomp-compiler tool in mesa-tools-native and making use of
it via the libclc PACKAGECONFIG for the Vulkan driver such that
mesa-tools-native dependency (and its imagination precomp-compiler) are
brought in.
Fixes: ac5e0160df78 ("mesa: depend on mesa-tools-native for less expensive libclc dependency") Reported-by: Ernest Van Hoecke <ernestvanhoecke@gmail.com> Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Quentin Schulz [Thu, 26 Mar 2026 11:05:49 +0000 (12:05 +0100)]
mesa: fix missing dependency for libdrm for panfrost tools
mesa-tools-native builds the panfrost tools but if wayland is not in
DISTRO_FEATURES, libdrm dependency is missing and mesa-tools-native will
fail with:
../sources/mesa-26.0.2/src/panfrost/lib/kmod/pan_kmod.c:7:10: fatal error:
xf86drm.h: No such file or directory
7 | #include <xf86drm.h>
| ^~~~~~~~~~~
Note the mesa-26.0.2 in the path. It's simply because the tarball
sources contain this name as root directory, it can be a bit misleading
when looking at mesa-tools-native logs and seeing this error.
u-boot: Fix indentation in do_deploy SPL binary block
Normalize leading whitespace on the 'if [ -n "${SPL_BINARY}" ]' and
matching 'then' lines in do_deploy to be consistent with the surrounding
code. Spaces-only change, no logic change.
Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@amd.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mikko Rapeli [Mon, 30 Mar 2026 10:35:02 +0000 (13:35 +0300)]
uki.bbclass: fix UKI_DEVICETREE usage
Set KERNEL_DEVICETREE to empty string with weakest assignment
if machine does not set this. This changes UKI_DEVICETREE
to an empty string by default and fixes genericarm64 uki image builds:
Also remove UKI_DEVICETREE setting in wic and uki oeqa selftests since the
class now handles it correctly.
Tested-by: Jon Mason <jon.mason@arm.com> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changqing Li [Wed, 4 Feb 2026 05:26:38 +0000 (13:26 +0800)]
lto.inc: add DEBUG_PREFIX_MAP back to TARGET_LDFLAGS
DEBUG_PREFIX_MAP is appended to TARGET_LDFLAGS in commit [1] for fixing
reproducible issue when LTO is enabled. It is removed in comit [2] since
this commit causes cgo binary not reproducible. But actually, we still
need this DEBUG_PREFIX_MAP in LDFLAGS when LTO enabled. So, only appened
it when LTO is enabled. Refer [3] for the history, with this patch,
patch [4] is also needed for cgo + lto enabled.
Thomas Perrot [Sat, 28 Mar 2026 15:34:13 +0000 (16:34 +0100)]
lto: disable sqlite3 to fix buildpaths QA failure
With LTO enabled, GCC performs a link-time recompilation pass where
DW_AT_comp_dir is set to the build directory. The -ffile-prefix-map
flags from DEBUG_PREFIX_MAP are not applied to this attribute during
LTO recompilation, leaving a raw TMPDIR path in the split debug
symbols of libsqlite3.so.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Sat, 28 Mar 2026 09:49:59 +0000 (09:49 +0000)]
meson: Disable exe_wrapper for allarch recipes
Arch-independent recipes should not require execution of programs
compiled for the target during the build, as there shouldn't be anything
compiled for the target.
Removing the dependency on MACHINE_FEATURES for allarch recipes which
use meson fixes several signature conflicts reported by
yocto-check-layer.
Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Barker [Sat, 28 Mar 2026 09:49:58 +0000 (09:49 +0000)]
checklayer: Really fix regex in get_signatures
The previous attempt to fix the regex in get_signatures was only a
partial success. We should just be comparing unihash values, inclusion
of the taskhash value in our comparison adds no benefit. Inclusion of
the task hash also results in invalid bitbake-diffsigs commands being
recommended if there are conflicting signatures.
Fixes: a2f7052cf832 ("checklayer: Fix regex in get_signatures") Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Shotaro Uchida [Fri, 27 Mar 2026 23:15:18 +0000 (16:15 -0700)]
insane: appendVarFlags must be preceded by a whitespace
appendVarFlags is not automatically adding a whitespace, user must add a
white space before the value to be added. Current usage may break
INSANE_SKIP:${PN} vardeps flag value by adding QAPATHTEST functions
immediately without a whitespace. e.g. It will become something like
INSANE_SKIP:${PN}package_qa_check_shebang_size
The test coverage is the same since the logic there is not touched
but the output is different. The return value from oeqa are the same
as before.
Now it is a json file with the results, which is machine readable
without any extra parsing. Two files are created by test suite
<test>.json and <test>-raw.log
With these configs we didn't see any testimage failures with kirk and
run completes.
If we revert the ltp disable patches below, the testimage does not fail
but it gives warnings, since the ssh connection gets droped from the DUT
because of the OOM killer. Then in continues with the next testsuite.
Benjamin Robin [Tue, 24 Mar 2026 10:28:36 +0000 (11:28 +0100)]
sbom-cve-check: Add class for post-build CVE analysis
By default, the sbom-cve-check class generates these export files:
- A JSON in `cve-check` format, named `${IMAGE_NAME}.cve-check.json`
- An SPDX 3.0 SBOM, named `${IMAGE_NAME}.cve-check.spdx.json`.
A user can add or remove export file formats by using the
`SBOM_CVE_CHECK_EXPORT_VARS` variable.
By default, the CVE databases are downloaded using the following
recipes:
- sbom-cve-check-update-cvelist-native.bb
- sbom-cve-check-update-nvd-native.bb
The database fetch and deploy logic is implemented in
sbom-cve-check-update-db.inc. The CVE databases are deployed in
`${DEPLOY_DIR}/sbom-cve-check/databases/`. This can be configured
by the `SBOM_CVE_CHECK_DEPLOY_DB_DIR` variable defined in
meta/recipes-core/meta/sbom-cve-check-config.inc.
The CVE git databases are fetched using the Bitbake fetcher. Currently,
Bitbake fetcher does not support a shallow clone that can be updated.
While `BB_GIT_SHALLOW` exists, it creates multiple tarballs in the
download directory, which is inefficient for updates. For now, the git
database is fully fetched.
The `SRCREV` of the git database is set to a fixed version. A user can
override this by specifying any other version, or `AUTOREV` can be
specified.
To simplify the activation and configuration of sbom-cve-check, a
configuration fragment is provided with recommended default values.
`sbom-cve-check` is configured to run without requiring network access.
The CVE analysis runs only if either the original SBOM changes or the
CVE databases are updated. In the two CVE database-fetching recipes, a
file in the sysroot is written, containing the Git revision of the
fetched CVE database.
`sbom-cve-check` is executed with the generated VEX manifest only if
enabled and if `SPDX_INCLUDE_VEX` is set to a value other than "all".
When `SPDX_INCLUDE_VEX=all`, the SPDX 3.0 file already contains all the
necessary information for CVE analysis, making the VEX manifest
redundant.
Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhang Peng [Thu, 26 Mar 2026 12:22:30 +0000 (20:22 +0800)]
texinfo: fix texindex awk path on target
The sed command in do_install strips ${HOSTTOOLS_DIR} from the awk
path in texindex, but misses the trailing slash, turning
"${HOSTTOOLS_DIR}/awk" into "/awk" instead of "awk".
This causes a runtime error on target:
/bin/texindex: line 116: /awk: No such file or directory
Add the trailing slash to the sed pattern so the result is the bare
"awk" command, resolved via $PATH at runtime.
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Tue, 24 Mar 2026 23:08:32 +0000 (16:08 -0700)]
clang: Do not package clang-offload-packager
It has been renamed to llvm-offload-binary and is built
as part of llvm package, in OE we build llvm via its own
recipe and its packaging uses greedy enough regexp to package
it already
Khem Raj [Tue, 24 Mar 2026 23:08:31 +0000 (16:08 -0700)]
clang/llvm: Upgrade to 22.x major release
Includes support for new Intel (Wildcat Lake, Nova Lake with APX and AVX10.2)
Arm (C1 Nano, Pro, Premium, Ultra) processors. It also features performance
optimizations for AMD Zen 4 and Zen 5 architectures.
Integrated Distributed ThinLTO is more mature, with enhancements
like cache support for incremental builds and robust handling of temporary artifacts.
LLDB added first-class WebAssembly debugging support, including breakpoints and variable inspection.
Support for Google Native Client (NaCl) is dropped in this release.
Trevor Woerner [Thu, 26 Mar 2026 00:11:50 +0000 (20:11 -0400)]
wic: re-implement sector-size support
The previous implementation had the following limitations:
- required the variable WIC_SECTOR_SIZE either be defined in a
configuration file or be defined in a --vars file
- this means that every invocation of "wic ls", "wic cp", or "wic rm"
needed this variable defined (config or --vars)
- required the user to create separate *wks files for every sector size
they wanted to use
- required the user to specify the --mkfs-extraopts by hand to specify the
correct sector size: e.g.
bootloader --ptable gpt
part --fstype vfat --label emptyfat --mkfs-extraopts "-S 4096"
part --fstype ext4 --source rootfs --label rofs-a --mkfs-extraopts "-b 4096"
part --fstype ext4 --source rootfs --use-uuid --mkfs-extraopts "-b 4096"
- it would not be possible to generate images with different sector
sizes in the same build since the configuration and *wks files would
need to change and the build re-run for each size
The new implementation handles the sector-size via a CLI argument, while
preserving the previously implemented variable definitions:
- the sector-size may now be provided on the cmdline to the "wic ls",
"wic cp", "wic rm", and "wic create" commands: default = 512
- this means the configuration and/or --vars file does not need to be
changed in order to perform those operations on images with different
sector sizes
- support is provided implicitly for mkdosfs and ext[234] partitions
- the user no longer needs to know and supply the sector-size magic in
--mkfs-extraopts (thereby clobbering the other defaults)
As before, if the --sector-size command-line argument is not given,
allow the sector-size to be provided via the WIC_SECTOR_SIZE bitbake
variable. The user is warned that this behavior is deprecated. If both
are given, warn the user that the cmdline argument takes precedence.
AI-Generated: codex/gpt-5.1-codex-max Signed-off-by: Trevor Woerner <twoerner@gmail.com>
- restore environ test case, as it is still supported (but obsolete)
- revised commit message above
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 27 Mar 2026 13:14:12 +0000 (13:14 +0000)]
libssh2: Fix config options to use STAGING_DIR_HOST
The previous cleanup was a bit too ambitious, add back the configure options
to use STAGING_DIR_HOST since otherwise it will look at the host system and cause
failures if it happens to be partly compatible.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
min_free_kbytes: Connection to 192.168.7.2 closed by remote host.
NOTE: test_ltp_runltp_cve (ltp.LtpTest.test_ltp_runltp_cve)
NOTE: ... skipped "Test case ltp.LtpTest.test_ltp_runltp_cve depends on ltp.LtpTest.test_ltp_groups but it didn't pass/run."
Test case ltp.LtpTest.test_ltp_runltp_cve depends on ltp.LtpTest.test_ltp_groups but it didn't pass/run.
NOTE: ======================================================================
NOTE: FAIL: test_ltp_groups (ltp.LtpTest.test_ltp_groups)
NOTE: ----------------------------------------------------------------------
Signed-off-by: Pratik Farkase <pratik.farkase@est.tech> Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sunil Dora [Fri, 27 Mar 2026 13:46:35 +0000 (19:16 +0530)]
license.py: Drop visit_Str from SeenVisitor in selftest
ast.Str was deprecated in Python 3.8 and removed in Python 3.14.
In [1], visit_Str was already removed from the LicenseVisitor
subclasses (FlattenVisitor, ListVisitor) in oe/license.py since
bitbake now requires Python 3.8+.
However, the test-only SeenVisitor class in the selftest was
missed at that time and still uses visit_Str/node.s. On Python
3.14, ast.Str is fully removed so visit_Str is never called,
causing test_single_licenses to return [] instead of the
expected license list.
Replace visit_Str/node.s with visit_Constant/node.value in
SeenVisitor.
Adam Duskett [Thu, 26 Mar 2026 11:46:06 +0000 (12:46 +0100)]
libsolv: add fix for musl segfaults
By default, musl has a stack size of 128K, while the compress_buf
method uses 256KB of stack space, causing a segfault when the
repopagestore_compress_page method is called.
ukify has never used the pyzstd module. It originally used the zstd
module[1], switched to zstandard[2], and as of systemd 259 will use
the standard compression.zstd if available[3].
Our Python is 3.14 which has comoression.zstd, so we don't need any
dependencies.
[1] systemd 483c9c1b8a ("ukify: try to find the uname string in the linux image if not specified")
[2] systemd fbc6fecf1a ("ukify: switch from zstd to zstandard")
[3] systemd 1e5498e237 ("ukify: prefer compression.zstd when available")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This recipe gained a build dependency on _target_ python3-setuptools
recently[1], but this shouldn't be needed. If setuptools is needed for
build, then the correct dependency would be python3-setuptools-native.
The dependency on target python3 is redundant as the python3targetconfig
class pulls this in already.
[1] oe-core 57a5dfd3785 ("gobject-introspection: split tools and giscanner into a separate package")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Wed, 25 Mar 2026 17:16:31 +0000 (11:16 -0600)]
Remove SPDX 2.2 support
Removes SPDX 2.2 support in favor of SPDX 3 support being the only
option. The SPDX 3 data is far superior to SPDX 2.2 and thus more useful
for SBoM uses cases.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefano Tondo [Tue, 24 Mar 2026 17:15:02 +0000 (18:15 +0100)]
oeqa/selftest: Add tests for source download enrichment
Add two new test methods to SPDX30Check:
test_download_location_defensive_handling:
Builds m4 and verifies that SPDX generation succeeds and any
external references present are properly structured with valid
types and locator strings.
test_version_extraction_patterns:
Builds opkg-utils (a Git-based recipe) and verifies that source
download packages carry the full SHA-1 commit hash as their
software_packageVersion.
Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
