Age | Commit message (Collapse) | Author |
|
* I have recipes which use variable inside SRC_URI, e.g.:
ROS_BRANCH ?= "branch=release/melodic/swri_nodelet"
SRC_URI = "git://github.com/swri-robotics-gbp/marti_common-release;${ROS_BRANCH};protocol=https"
and devtool modify works fine, but devtool finish fails with:
$ devtool finish --force-patch-refresh swri-nodelet meta-ros/meta-ros1-melodic/
...
Traceback (most recent call last):
File "/OE/openembedded-core/scripts/devtool", line 334, in <module>
ret = main()
File "/OE/openembedded-core/scripts/devtool", line 321, in main
ret = args.func(args, config, basepath, workspace)
File "/OE/openembedded-core/scripts/lib/devtool/standard.py", line 2082, in finish
updated, appendfile, removed = _update_recipe(args.recipename, workspace, rd, args.mode, appendlayerdir, wildcard_version=True, no_remove=False, no_report_remove=removing_original, initial_rev=args.initial_rev, dry_run_outdir=dry_run_outdir, no_overrides=args.no_overrides, force_patch_refresh=args.force_patch_refresh)
File "/OE/openembedded-core/scripts/lib/devtool/standard.py", line 1737, in _update_recipe
mode = _guess_recipe_update_mode(srctree, rd)
File "/OE/openembedded-core/scripts/lib/devtool/standard.py", line 1721, in _guess_recipe_update_mode
params = bb.fetch.decodeurl(uri)[5]
File "/OE/bitbake/lib/bb/fetch2/__init__.py", line 390, in decodeurl
raise MalformedUrl(url, "The URL: '%s' is invalid: parameter %s does not specify a value (missing '=')" % (url, s))
bb.fetch2.MalformedUrl: The URL: 'git://github.com/swri-robotics-gbp/marti_common-release;${ROS_BRANCH};protocol=https' is invalid: parameter ${ROS_BRANCH} does not specify a value (missing '=')
let it expand the SRC_URI before trying to decode it.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3535cfdbf3d77f550b804276f957acf859da484f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
* This reverts commit d9971f5dc8eb7de551fd6f5e058fd24770ef5d78.
* With the missing Subject line fixed in GitApplyTree.prepareCommit()
we should be able to revert, the fix which was trying to help it by
parsing GitApplyTree.patch_line_prefix ("%% original patch:") also
from Subject line, now GitApplyTree.patch_line_prefix should always
end on separate line which is then skipped when copying the lines to
resulting patch, see original commit message from Paul:
lib/oe/patch: fix handling of patches with no header
If a patch applied by a recipe has no header and we turn the recipe's
source into a git tree (when PATCHTOOL = "git" or when using devtool
extract / modify / upgrade), the commit message ends up consisting only
of the original filename marker ("%% original patch: filename.patch").
When we come to do turn the commits back into a set of patches in
extractPatches(), this first line ends up in the "Subject: " part of
the file, but we were ignoring it because the line didn't start with the
marker text. The end result was we weren't able to get the original
patch name. Strip off any "Subject [PATCH x/y]" part before looking for
the marker text to fix.
This caused "devtool modify openssl" followed by "devtool update-recipe
openssl" (without any changes in-between) to remove version-script.patch
because that patch has no header and we weren't able to determine the
original filename.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
* also remove the extra blank lines which is often added to patches
when refreshed with devtool (GitApplyTree.patch_line_prefix lines
are ignored when refreshing .patch files, but newly added blank
lines aren't - the leading blank line wasneeded for patches with
just the subject line (to prevent the GitApplyTree.patch_line_prefix
line ending appended to the commit summary), but we can add it
in prepareCommit instead
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
* this was discovered with
$ devtool finish --force-patch-refresh
where it was removing some patches and replacing them with
patch in filename called "patch:"
e.g. this .patch file:
https://github.com/OSSystems/meta-browser/blob/311067d2d8a50cee5c836892606444f63f2bb3ab/dynamic-layers/rust-layer/recipes-browser/firefox/firefox/fixes/fix-camera-permission-dialg-doesnot-close.patch
confuses devtool which results to create new .patch file called "patch:"
$ devtool finish --force-patch-refresh firefox meta-browser
NOTE: Starting bitbake server...
WARNING: Host distribution "ubuntu-20.04" has not been validated with this version of the build system; you may possibly experience unexpected failures. It is recommended that you use a tested distribution.
Loading cache: 100% |###################################################################################################################################################################################################################################| Time: 0:00:00
Loaded 2480 entries from dependency cache.
Parsing recipes: 100% |#################################################################################################################################################################################################################################| Time: 0:00:00
Parsing of 1718 .bb files complete (1717 cached, 1 parsed). 2480 targets, 68 skipped, 0 masked, 0 errors.
Summary: There was 1 WARNING message shown.
INFO: Updating patch 0001-Bug-1554949-Fix-WebRTC-build-failure-with-newer-linu.patch
...
INFO: Updating patch pre-generated-old-configure.patch
INFO: Adding new patch patch:
INFO: Updating recipe firefox_68.0esr.bb
INFO: Removing file /OE/build/test-oe-build-time/poky/meta-browser/dynamic-layers/rust-layer/recipes-browser/firefox/firefox/fixes/fix-camera-permission-dialg-doesnot-close.patch
INFO: Cleaning sysroot for recipe firefox...
INFO: Leaving source tree /OE/build/test-oe-build-time/poky/build/workspace/sources/firefox as-is; if you no longer need it then please delete it manually
this looked like incorrect parsing of the git format-patch
files exported from workspace/sources (the git format-patch
version of fix-camera-permission-dialg-doesnot-close.patch
starts like this:
$ head 0008-original-patch-fix-camera-permission-dialg-doesnot-c.patch
From 37dfa11961b48024bedcfb9336f49107c9535638 Mon Sep 17 00:00:00 2001
From: Takuro Ashie <ashie@clear-code.com>
Date: Mon, 20 Aug 2018 10:16:20 +0900
Subject: [PATCH 08/34] %% original patch:
fix-camera-permission-dialg-doesnot-close.patch
so first I've modified GitApplyTree.extractPatches() to be able to
parse the original patch name correctly even in this case where subject
is wrapped, but then it still wasn't right, because we ended with
correctly named .patch file, but all we could use for Subject line
was the name of the original .patch file (instead of the Subject
from metadata commit which introduced this .patch files as some other
.patch files get when refreshed with devtool.
In the end the issue happens even sooner in GitApplyTree.prepareCommit()
where it correctly found the Subject from metadata commit, but then
didn't apply it when there weren't any other outlines from patch headers.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
* especially when pushing longer history to slow remote git server or when
it timeouts during the push, it's useful to see where the time was actually
spent
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* since this change:
commit d2fcaeb153fdc3f8d7143ea823139f1537055ff1
Author: Douglas Royds <douglas.royds@taitradio.com>
Date: Thu Dec 20 11:59:47 2018 +1300
icecc: Don't generate recipe-sysroot symlinks at recipe-parsing time
the set_icecc_env function depends on KERNEL_CC variable even for recipes
like linux-libc-headers
* KERNEL_CC variable depends on STAGING_KERNEL_DIR:
Variable KERNEL_CC value is ${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}
List of dependencies for variable KERNEL_CC is {'STAGING_KERNEL_DIR', 'HOST_PREFIX', 'DEBUG_PREFIX_MAP', 'HOST_CC_KERNEL_ARCH', 'KERNEL_SRC_PATH'}
which depends on MACHINE:
Variable STAGING_KERNEL_DIR value is ${TMPDIR}/work-shared/${MACHINE}/kernel-source
List of dependencies for variable STAGING_KERNEL_DIR is {'MACHINE'}
* as detected with:
openembedded-core/scripts/sstate-diff-machines.sh --tmpdir=tmp-glibc --machines="qemux86 qemux86copy qemuarm" --targets=glibc --analyze
ERROR: linux-libc-headers different signature for task do_configure.sigdata between qemux86 and qemux86copy
NOTE: Starting bitbake server...
basehash changed from 3146f4ffeb002bd69fed7656a4b896365b2e2a00071c69e1afbb672889e754ee to f1a5160e39912e61389b6f9fe68d61146a2be91716ac37e4a32ecf4c09b2b5fa
Variable MACHINE value changed from 'qemux86' to 'qemux86copy'
$ bitbake-diffsigs /OE/build/oe-core/tmp-glibc/sstate-diff/1556122458/qemux86*/*/linux-libc-headers/*do_configure.sigdata*
NOTE: Starting bitbake server...
basehash changed from f1a5160e39912e61389b6f9fe68d61146a2be91716ac37e4a32ecf4c09b2b5fa to 3146f4ffeb002bd69fed7656a4b896365b2e2a00071c69e1afbb672889e754ee
Variable MACHINE value changed from 'qemux86copy' to 'qemux86'
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Provide many more details concerning the repositories that are used in a
particular build: the remote information, the layer, the local branch, the
remote branch the local branch tracks (if any), and the HEAD commit.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Currently my build shows two "meta" repositories: one from meta-poky and one
from openembedded-core. Have the code which prints the repositories into
metadata-revs show the parent directories when repositories with multiple
sub-layers are used.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* useful when distro wants to collect build statistics from
all users/developers without any manual interaction from them
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
(From OE-Core rev: 2cca75155baec8358939e2aae822e256bed4cfe0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adding back the python wrapper and adding a patch to use OEPYTHON3HOME
instead of PYTHONHOME if set, for python3.
If we add back the wrapper as is, we would see the following error that
we also see in Thud:
ImportError: No module named site
OpenEmbedded requires 'python' to be python v2 (>= 2.7.3), not python
v3.
Please upgrade your python v2
This is because python3 would've set PYTHONHOME to use nativesdk
python3 libraries but when the oe-buildenv-internal script tries to call
python2 for the py_v27_check, there will be no python2 libraries in the
PYTHONHOME directory.
In other words, bitbake needs host python2 and the env variable set from
the wrapper contaminates the env and host python2 won't be able to find
its libraries
Creating another variable OEPYTHON3HOME and using this in the python3
wrapper to allow for a way to set a different paths for python3 and
python2
[YOCTO #13208]
(From OE-Core rev: 75d2a85e24ef9a2bf0e218521944523f0ff281e0)
Signed-off-by: Jaewon Lee <jaewon.lee@xilinx.com>
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandr@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: a6e098e2e5932781b9c1012825bc86bc08382931)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e16ef0c2e0ec2bbb862231cd84e7650bd5789af)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
|
|
Currently in NVD DB an item popped up, which hasn't set baseMetricV2.
Let the parser handle it as an optional item.
In case use baseMetricV2 before baseMetricV3
(From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Similarly to 04ee0e8b95cd8ed890374e0007f976684206b630, ensure only full
build paths are replaced in the environment to avoid breaking buildtools.
(From OE-Core rev: be07d93a4f59d4563f2d064be1997b39f05e9f0e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 4281342a04078990bb0a110760ff2dc053eccc93)
(From OE-Core rev: 665ef4274e0261bb8351c8d4fd2c8496a2dc27e7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61d4d3d5a9f27e0fbf1d7ed6db818a779643b8f3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
traceback2 adds traceback for python2. Rather than depend on traceback2, we're
python3 only so just use traceback.
This caused breakage in oe-selftest -j which uses testtools on the autobuilder
using buildtools-tarball.
[YOCTO #13652]
(From OE-Core rev: ee80a06c107375e3cf0d246ea17c09dda4536dab)
(From OE-Core rev: ee82e3c24fe5727ce81e972cadedca431d6086c5)
(From OE-Core rev: be4470c9590183b388d9ff176331d0c50984dec8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_install fails on newer versions of make with interesting and hard to
debug errors. Disablle parallle make install as a workaround. Later verisons
of attr in newer releases don't have the issue.
(From OE-Core rev: 6043b9a2ea879f8960897b11eb947801508a94da)
(From OE-Core rev: f06861bbe402fff3f370687585e43c0270609d00)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This supports glibc upto 2.32 which is now rolling into distributions
(From OE-Core rev: 622371678ddb013fc456eaf75def26fc4e142d15)
(From OE-Core rev: 4543eeacd65eebe74ff3a44182915a732ba26e47)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
virtual/crypt-native is assume provided in bitbake.conf, so
buildtools-extended-tarball shoud provide crypt since it doesn't
use the host's headers/libraries.
[YOCTO #13714]
(From OE-Core rev: da948b25d5ef452fb35275d108e18d2a2829f4fb)
(From OE-Core rev: bc42406d83310398bc4d4db4244252411eff117d)
(From OE-Core rev: 6f6d7278358b042aca3e911aefd0d6128480f32d)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The locale binary reported incorrect locale lists in relocated toolchains
as some path references were not relocated by this patch. Fix this missing
relocations so the locale binary correctly reports the locales.
(From OE-Core rev: f7a6a72880009380ae81bc7fc863921a26811c8c)
(From OE-Core rev: e4c4337e642f565e9988a4a2c50a995090d1f49e)
(From OE-Core rev: c9e8b7a40b2628331c7cb564aa3f3d9e1822fe36)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6467eb4461f3cab16cab2ba63154c92fc2adacef)
(From OE-Core rev: 848c61a07f691638fa529bbe0f0ff1dfded4a967)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The autobuilder has been experiencing SSL: CERTIFICATE_VERIFY_FAILED
errors during error report uploads when using buildtools due to looking
for certs in /opt/poky
(From OE-Core rev: 197f1d5d14b8e57295f5a81c03c86abba5328614)
(From OE-Core rev: 35c6ab2501672083cf8b974d8b9c3daa3202de36)
(From OE-Core rev: 0cb479a5e99289b75e89b2ed5058f33605f15936)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
export OPENSSL_CONF to aviod SDK openssl can not find openssl.cnf.
(From OE-Core rev: 0aaf3dd17dcde959e9c0d62543cb91c9b33551b4)
(From OE-Core rev: 63d8569b2c9f66e8123e2672a7f8fb8e7cc1f0b4)
(From OE-Core rev: e733a5f3b0e3c3b8a830db5ae99b3fc6b7e56921)
Signed-off-by: Liwei Song <liwei.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Builds like native-openjdk, really wants a to link
some tools against the static version. Since when
using the extended tarball, its the only place to
get it, add the library.
(From OE-Core rev: 59c4a3fdbbfd5a6aaba7e0a1675dcd5866a7f3a4)
(From OE-Core rev: 152709dec03bbac582ca63b65f2efb835e0b33fb)
(From OE-Core rev: 5e3664e5f9a0dde07b0f8a56cdce1321456abaa5)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* For buildtools-extended-tarball, where we are adding all of build-essentials
to the nativesdk, we need additional perl modules for autoconf and automake.
(From OE-Core rev: f0f766160663407ea7683d31bbf5f011accc9ba2)
(From OE-Core rev: e7ade58a7da52ebb40120020dd86dd3ae9b2148e)
(From OE-Core rev: ed9d60fb5d471b4ec472088cc9307fd8575b187a)
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The eSDK installation code checks installed locales with the locale command which is
from glibc-utils. Add this so that we find the correct locales from the buildtools.
(From OE-Core rev: 7d35e4bc6ff94a2d03c48827d7d60a6855c9029d)
(From OE-Core rev: d99b6432decec0964ac0e08698abc782c9b114f5)
(From OE-Core rev: 3562a6848aa3e866ad8e2d3caed3211971817234)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In the SDK we need the plain symlinks and don't use alternative providers.
When these are missing the toolchain can work incorrectly so fix this.
(From OE-Core rev: 0c06cfaa016d06cc56d80dc1c244a938f3d38a3c)
(From OE-Core rev: 0d299c5dc04407d2d54574157f4014f50f2d0468)
(From OE-Core rev: aa37b5fe0620122e47f36165f5c7a07d3328dba3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to search our own libdirs, then fall back to the system ones as our
customised dynamic loader will. Have ld.so.conf reflect that.
This ensures that binutils finds libraries here when linking too.
(From OE-Core rev: ab729c362684474a8346e5256d636200826feb47)
(From OE-Core rev: 8de0aee6befc0541fa40563f63dfe1cc36f064fe)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* For some aging distros, such as CentOS 7, the native version
of gcc is simply too ancient and is a constant source of
headaches for moving forward.
* Add an extended version of buildtools-tarball which adds all
of build-essential, so that the host is now modernized and
capable of compiling the latest versions of components.
Fixes [YOCTO #13714]
(From OE-Core rev: f0377af2325613b63716b0bb4db1ab253d79f388)
(From OE-Core rev: bb4979f0e8367b475cc9a5274933a61bb0eb64b3)
(From OE-Core rev: f492e172e133a4b52dbe818d806cab783204e575)
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need binutils to look at our ld.so.conf file within the SDK to ensure
we search the SDK's libdirs as well as those from the host system.
There add a patch which passes in the directory to the code using a define,
then add it to a section we relocate in a similar way to the way we relocate
the gcc internal paths. This ensures that ld works correctly in our buildtools
tarball.
Standard sysroot relocation doesn't work since we're not in a sysroot,
we want to use both the host system and SDK libs.
(From OE-Core rev: f6c1089642934ad93056ef19a0888965486ee030)
(From OE-Core rev: 09a2b16ac2bd1e3e415131e46315c851373aa7e0)
(From OE-Core rev: d0b7811b0e8654cf83d1b0f8256c7941fc3d9c41)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is race condition when multi qemu starting with slirp,
add lockfile for each port to avoid problem like:
runqemu - ERROR - Failed to run qemu: qemu-system-x86_64: Could not set up host forwarding rule 'tcp::2323-:23'
[YOCTO #13364]
(From OE-Core rev: ceb3555a40ba06e58914465376aaf41392c12a7c)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Trying to create a clean PATH breaks cases where we install a buildtools tarball
on hosts to provide newer versions of gcc. Rework the fix for #8698 to clean up
directories in PATH which don't exist isntead. Do it with python as the shell
version was too fraught with corner cases.
(From OE-Core rev: 7674b63819aa7ca95ca5ca5477a5cce32e9691eb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We should be using python3 here, it was missed in the conversion. Spotted on
autobuilder tests failing on systems with python missing.
(From OE-Core rev: db07b09196022078346aadd565760240b7da6a71)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We no longer expect a "python" binary in PATH so update the eSDK's
expectations to match. This was the only failure on autobuilder test
systems with python missing.
(From OE-Core rev: 946ce21b10dcad506edcaadb4e4242c049e4c316)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We want to test the SDK with PATH from the original host, not with our own
tools injected via HOSTTOOLS. It even uses some tools which aren't in
HOSTTOOLS.
This is necessary after changing the SDK to not reset PATH to the system
default which is bad for other reasons and brings the testing into sync
with that change.
(From OE-Core rev: 87c9602fd0dedc7bcf75b822aaf5f6ebfc17737c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This avoids the seeing broken replacements like:
oe-selftest-centos/build/build-st-926tools/sysroots/x86_64-pokysdk-linux/etc/ssl/certs/ca-certificates.crt
which understandably break builds.
(From OE-Core rev: 04ee0e8b95cd8ed890374e0007f976684206b630)
(Cherry-picked from f930e2cadb9ee69759720b6c49aeeb6dd43a7edd but adjusted for thud)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Allow sstate use in Tumbleweed and other distros as they update glibc.
(From OE-Core rev: ccb374c279b260b1fd3460f6bfd1567240816055)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Utils can not detect GCC 10 correctly due to wrong regex.
It generates this error "ERROR: Can't get compiler version from gcc --version output"
Sub-version numbers should be 1 or more digits instead of 1 only.
(From OE-Core rev: 1d6f50a5e58f46f8af6e83c4e288d93a717187ea)
Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@mind.be>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 186fe4a3d390a52b87282c3e694ce3251e45ee78)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Somehow the patch for this CVE only included one of the four required patches.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This code used to construct a single SQL statement that fetched the NVD data for
every CVE requested. For recipes such as the kernel where there are over 2000
CVEs to report this can hit the variable count limit and the query fails with
"sqlite3.OperationalError: too many SQL variables". The default limit is 999
variables, but some distributions such as Debian set the default to 250000.
As the NVD table has an index on the ID column, whilst requesting the data
CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time
different is insignificant: 0.05s verses 0.01s on my machine.
(From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove obsolete Python 2 code, and use convenience methods for neatness.
(From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A previous optimisation was premature and resulted in false-negatives in the report.
Rewrite the checking algorithm to first get the list of potential CVEs by
vendor:product, then iterate through every matching CPE for that CVE to
determine if the bounds match or not. By doing this in two stages we can know
if we've checked every CPE, instead of accidentally breaking out of the scan too
early.
(From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.
(From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Create an index on the PRODUCTS table which contains a row for each CPE,
drastically increasing the performance of lookups for a specific CVE.
(From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Don't hardcode the database filename, there's a variable for this in
cve-check.bbclass.
(From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.
(From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The patch scanner works with patch files in the layer, not in the workdir, so it
doesn't need to unpack.
(From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|