Age | Commit message (Collapse) | Author |
|
This command was dependent on the order of files on the disk and for multilib builds
could result in:
Error: Transaction check error:
file /etc/ca-certificates.conf conflicts between attempted installs of ca-certificates-20190110-r0.core2_32 and lib64-ca-certificates-20190110-r0.x86_64
Sorting the file makes things deterministic.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8f329fc562c9eecdcc1cb10d2c7661f44110fb4)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 73ebdcaedde460108f98971f037e50e9b15c9f0c)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
License-Update: URI fix
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 87acc51a7892524a22640bf9eba46c11701365d6)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
update-ca-certificates symlinks (trusted) certificates
from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR.
update-ca-certificates can call hook scripts installed
into /etc/ca-certificates/update.d. Those scripts are
passed the pem file in /etc/ssl/certs/ that was added or
removed in this run and those pem files are absolute
symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment.
When running update-ca-certificates during image build
time, they thusly all point into the host's file system,
not into the $SYSROOT. This means:
* the host's file system layout must match the one
produced by OE, and
* it also means that the host must have installed the same
(or more) certificates as the target in $CERTSDIR and
$LOCALCERTSDIR
This is a problem when wanting to execute hook scripts,
because they all need to be taught about $SYSROOT, and
behave differently depending on whether they're called
at image build time, or on the target, as otherwise they
will be trying to actually read the host's certificates
from $CERTSDIR or $LOCALCERTSDIR.
This also is a problem when running anything else during
image build time that depends on the trusted CA
certificates.
Changing the symlink to be relative solves all of these
problems. At the same time, we have to make sure to add
$CERTSDIR to SYSROOT_DIRS, so that the symlinks are still
valid when somebody DEPENDS on ca-certificates-native. As
a side-effect, this also fixes a problem in meta-java,
where some recipes (e.g. openjdk-8-native) try to access
certificates from $CERTSDIR to generate the java trustStore
at build time.
Do so.
Upstream-Status: Inappropriate [OE-specific]
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 09bb7718d74573be9a5db4d0737fb14126f6489c)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> [edited]
|
|
Debian anonscm service in Alioth is shutdown and thus
fetching ca-certificates sources fails.
https://wiki.debian.org/Alioth
"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit fc20ff2003cee7ee3b78ba3bc236a60a8caabc35)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Nativesdk package has a special arrangement where the same thing is done
in do_install(). It was assumed (in the comment) that postinsts don't run when
installing nativesdk packages, but this was incorrect: they are run, but
any failures were previously silently ignored. Now this missing failure reporting has
been fixed, and so we get to see the failures.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 8ebb695c1429f8d57d655072a362a4f176258699)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
This is actually the same version as previously; upstream didn't have
a tag for it before and now it does, so we can reduce confusion. The SRCREV
change is due to a few added commits which modify upstream's debian
packaging (not used by us).
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 8359730165908025b0762eaa25569e2fdcd9d086)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
We were relying on running ca-certificates from the -native version. This
meant the host and target path layouts had to match which might not be true,
it certainly isn't true for the sdk builds.
There was a dependency on run-parts which wasn't represented (we can get it
from busybox or debianutils).
Since this is an allarch script, call the script directly, making sure debianutils
and openssl are available as postinst rootfs time to resolve the issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d9575e05f2cb8bf293534c036ddc0d0336701256)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Upstream lacks a tag for this release, so make it a PR bump.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 0b0a716b243491f026cb7b15e8f546325d6fa760)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The postinstall needs ca-certificates-native, mark the dependency
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 723a924adf0661167690987acfc4213803ec3305)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
(From OE-Core rev: 81fa46071060920972f3dd1fe17c8dbada0c63b0)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c665f441a70cde8450544614d78fbb3bf1664c7)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit cc47bec99794c1ac7ad3cb16c3c087f659f10d7f)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Options and directory separator -- slipped past the patch removing
Debianims, thus resulting in failures on hosts running Fedora.
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit a8431689983f5860173548acd899e6806906e4d1)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
When running update-ca-certificates on the build host, as we do during
do_install for ca-certificates-native (and nativesdk-ca-certificates),
as of OE-Core commit cea46e7b8d9463306779301fa97f651d750f380f we now
need openssl-native so it can run c_rehash.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 523c99a2f12c20ce7bfa7755609f2c860dda6717)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The update-ca-certificates script uses the c_rehash utility which is
installed by openssl. Add openssl as a runtime dependency to fulfill
the utility requirement.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit a90ba07812444ebac93cd535d11dd54994897bfd)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
As now the c_rehash utility is available, we can use it. This removes
the patch to disable its usage allowing for a standard SSL behaviour.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cea46e7b8d9463306779301fa97f651d750f380f)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The libpostproc package has an explicit GPLv2+ license tag.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
FFmpeg has complicated licensing options, so it should also
have complicated license statements in its recipe.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Dynamic packaging isn't useful if every library needs to be
listed manually.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Currently systemd depends on systemd-container due to a dangling
symlink deployed with systemd.
Move the symlink to systemd-container.
| DEBUG: systemd contains dangling link /lib/systemd/system/systemd-machined.service
| DEBUG: target found in systemd-container
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit e12912ac7484654c201d167831b302a821e14972)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The manager_invoke_notify_message function in systemd 231 and earlier allows
local users to cause a denial of service (assertion failure and PID 1 hang)
via a zero-length message received over a notify socket.
The patch is a backport from the latest git repo.
Please see the link below for more information.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795
(From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit df3f4785fc69d3ddbd30ccd954aad3d3618c5916)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
It provides udev, but doesn't install udev.pc, which causes other
recipes failed to figure out udevdir.
Fixed when systemd in DISTRO_FEATURES:
$ bitbake pcmciautils (or btrfs-tools):
Package udev was not found in the pkg-config search path.
Perhaps you should add the directory containing `udev.pc'
to the PKG_CONFIG_PATH environment variable
No package 'udev' found
Their udev rules file may not be installed according to each pkg's
implementation.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
(cherry picked from commit a32dac24808bf8621fdbbecb654eff784acee47e)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 170157602932aa454e721ea849fbf1679b573618)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
(cherry picked from commit 3fa84900b0a008993dfbf0d5af12416f4bc3980f)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
At this time systemd journald uses the /run tmpfs to store logs
by default systemd uses 15% of available space [1] of the /run
partition, when the space runs out journald starts to vaccum/store
the logs into /var/log [1].
It causes two problems one of them is timeout dev-ttySN.device's
when enable debug and use journal as systemd.log_target [2] the other
is related to don't find syslog entries into the journal log [3].
This problems are now more evident because i recently enabled the
systemd debug option in testimage [4].
One area of improvement will be add support in systemd journald to
read these parameters from the kernel cmdline like systemd.log_target,
if the support exists we could add that parameter at level of testimage.
[1] https://www.freedesktop.org/software/systemd/man/journald.conf.html#SystemMaxUse=
[2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=8142#c19
[3] https://bugzilla.yoctoproject.org/show_bug.cgi?id=10128#c4
[4] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=a86a1b2703372c12e7fca18918695d093ea6ee53
[YOCTO #10128]
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 808952bf6d2b7549b456293ead4728b4dbf0d89b)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Split container/vm related units into a new package, systemd-container.
The split mainly references Fedora 24, with a few differences.
Apart from the bash and zsh completion files, the differences include
adding systemd-spawn@.service into the systemd-container package.
[YOCTO #9835]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 2a4bf6e4c96a8104733add315166210f04c02caf)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Even though we are just a script, we do depend on
systemd being on the target and need an RDEPENDS
which means we cannot also be allarch.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ef5be3c8256419d5abec566ce266718fe317417e)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
This recipe only makes sense when systemd is enabled and otherwise causes
world build failures.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5dca6cc2fcdb2799c19b1697f0647a16ce296290)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The test for various files is wrong and will always be
true, even if init.d does not exist.
Exit if init.d does not exist, and correctly test for
file existence otherwise.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 8183309080aee45746daaff46b0506b09b5bd269)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The patch 0015-systemd-user-avoid-using-system-auth.patch
makes PAM session for systemd-user include common-account file
which doesn't contain any session related lines and that breaks
launching "systemd --user" with the error:
Jul 29 13:03:24 intel-corei7-64 systemd[691]: user@0.service: Failed
at step PAM spawning /lib/systemd/systemd: Operation not permitted
This change fixes the patch by including common-session file
instead.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ecff74ab68ffca27ed856be6117124b8bc1ef2d6)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Patches are rebased or removed for the latest version.
Python testing scripts are removed for systemd-ptest as systemd is
configured with '--without-python'.
systemd-bootchart is now seprated from systemd, thus removing the
related configuration items. And we add systemd-bootchart recipe.
[ systemd-bootchart: add missing distro features check - RB ]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 70d782eee573fe46ec512bf59ac6f41e53a99b1b)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Python tests are not actually used, because systemd is configured
using --without-python
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit acea8caa0ce4f8fd1a0d33c01c12d4b5a81508d8)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The "systemd-boot" is gummiboot now included into systemd project.
The old gummiboot project supported in OE is dead.
Our intention is to get a gummiboot-like EFI bootloader without
much dependency on systemd and its features.
This work is largely derived from the existing bbclass and recipes
of gummiboot and systemd.
(commit tip: ee25d0e3987d7732a2e46e1640693b4cf419a9fc)
Please refer to the history up to the tip for authorship and
credit information for the original works.
To enable the systemd-boot in build, add this line
EFI_PROVIDER = "systemd-boot" in your machine conf file.
Signed-off-by: Jianxun Zhang <jianxun.zhang@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9add1cd01e498d2aa52528ec52342cae48a387a)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
With MountFlags=slave, those mounts then become private to the systemd-udevd
namespace and are no longer accessible from outside the namespace, which is
not expected
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 73f43d857fe0102033f25491007b6dbe3d5fa8ee)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
If /etc/exports contains paths that don't exist during boot, the
server failed to start, because of the exit code of exportfs.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
|
|
If GLIBC_SPLIT_LC_PACKAGES is set to a non-zero value, convert
glibc-binary-localedata-XX-YY to be a meta package depending on
glibc-binary-localedata-XX-YY-lc-address and so on. This enables
saving quite some space if someone doesn't need LC_COLLATE for
example.
Some regex code was removed from output_locale_binary_rdepends,
because legitimize_package_name already converts to lowercase.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Pressing the tab key on an empty line triggered an error message:
| bash: words: bad array subscript
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
nfs-server failed to start after install.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
This conflicts with KERNEL_MODULE_AUTOLOAD += "nfsd".
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
mips
The target directory didn't exist.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
nativesdk-dpkg depends on it.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Let util-linux-bash-completion depend on it, because it uses it.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Busybox may offer a bash applet. If enabled, the alternatives mechanism
avoids breaking logins if bash gets deinstalled while /bin/bash is configured
as a login shell.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|