| Age | Commit message (Collapse) | Author |
|---|
|
* especially when pushing longer history to slow remote git server or when
it timeouts during the push, it's useful to see where the time was actually
spent
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Currently my build shows two "meta" repositories: one from meta-poky and one
from openembedded-core. Have the code which prints the repositories into
metadata-revs show the parent directories when repositories with multiple
sub-layers are used.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
If a setscene task fails, the real task will be run instead. However,
in case the failed setscene task happened to log any errors, this will
still cause bitbake to return with an error code, even though
everything actually built ok. To avoid this, modify setscene to only
warn about errors.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* useful when distro wants to collect build statistics from
all users/developers without any manual interaction from them
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
CPE version could be '-' to mean no version info.
Current cve_check treat it as not valid and does not report these
CVE but some of these could be a valid vulnerabilities.
Since non-valid CVE can be whitelisted, so treat '-' as all version
and report all these CVE to capture possible vulnerabilities.
Non-valid CVE to be whitelisted separately.
[YOCTO #13617]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c69ee3594079589d27c10db32bc288566ebde9ef)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Since this file is written during recipe parsing, having it in the
${BUILDDIR}/conf directory, which is covered by an inotify watcher,
will trigger a re-parse the next time bitbake is run and the resident
bitbake server is enabled. This causes the sanity_info file to be
updated again, which triggers a new parse the next time bitbake is run
ad infinitum. Moving it to ${BUILDDIR}/cache should avoid this.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f98103b548aa7dba6b1be6c8e02ef41858a8e85c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Since the sanity_info file has moved from the conf directory to the
cache directory, there is no longer any need to clean it away
explicitly in clean_esdk_builddir() since the whole cache directory is
already cleaned away anyway.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 40c30990e1be72130819c040fe471e2bdc0c6e7d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
do_prepare_recipe_sysroot may perform groupadd, which requires pseudo.
However, do_prepare_recipe_sysroot does not depend on pseudo explicitly,
which sometimes causes a build error when building a recipe that adds
groups.
This issue only occurs when executing do_prepare_recipe_sysroot for a
recipe that adds groups before finishing a task that depends on pseudo
for a recipe that doesn't add groups.
Signed-off-by: Mattias Hansson <mattihn@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
|
|
Switch to recently released version 1.1 of NVD CVE JSON feed, as in
https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release
it is mentioned that
Due to changes required to support CVSS v3.1 scoring, the JSON
vulnerability feeds must be modified. This will require the consumers
of this data to update their internal processes. We will be providing
the JSON 1.1 schema on the data feeds page and the information below
to prepare for this transition.
...
The JSON 1.1 data feeds will be available on September 9th, 2019. At
that time the current JSON 1.0 data feeds will no longer available.
This change was tested briefly by issuing 'bitbake core-image-minimal'
with 'cve-check.bbclass' inherited via local.conf, and then comparing
the content between the resulting two
'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not
seem to contain any other change, except total of 167 entries like
CVSS v3 BASE SCORE: 0.0
were replaced with similar 'CVSS v3 BASE SCORE:' entries which had
scores that were greater than '0.0' (up to '9.8').
(From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323)
Signed-off-by: Niko Mauno <niko.mauno@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c92b8804d6e59b2707332859957f0e6a46db0a73)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This code used to construct a single SQL statement that fetched the NVD data for
every CVE requested. For recipes such as the kernel where there are over 2000
CVEs to report this can hit the variable count limit and the query fails with
"sqlite3.OperationalError: too many SQL variables". The default limit is 999
variables, but some distributions such as Debian set the default to 250000.
As the NVD table has an index on the ID column, whilst requesting the data
CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time
different is insignificant: 0.05s verses 0.01s on my machine.
(From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove obsolete Python 2 code, and use convenience methods for neatness.
(From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
A previous optimisation was premature and resulted in false-negatives in the report.
Rewrite the checking algorithm to first get the list of potential CVEs by
vendor:product, then iterate through every matching CPE for that CVE to
determine if the bounds match or not. By doing this in two stages we can know
if we've checked every CPE, instead of accidentally breaking out of the scan too
early.
(From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The patch scanner works with patch files in the layer, not in the workdir, so it
doesn't need to unpack.
(From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVEs that are whitelisted or were not vulnerable when there are version
comparisons were not included in the report, so alter the logic to ensure that
all relevant CVEs are in the report for completeness.
(From OE-Core rev: 98256ff05fcfe9d5ccad360582c36eafb577c264)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It should have been removed in 3db9d865 (classes/package_rpm.bbclass:
Enhance diagnostic messages) when it was split in two new notes.
Also change the casing of two other notes to align them with the other
notes.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The options in ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS} are already passed
via ${CC}/${CXX} and there is no reason to pass them a second time. Thus
we can remove MESON_TOOLCHAIN_ARGS. And when it is removed, the other
MESON_*_ARGS variables revert to the standard CFLAGS, CXXFLAGS and
LDFLAGS, so just use them directly instead.
Apart from the obvious improvement with not passing a lot of options
twice, this also solves a problem where -pie would be passed on the
command line in a way that it would prevent building any dynamic
libraries using meson if using a toolchain that is not built with
--enable-default-pie and if security_flags.inc is used.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There's INITRAMFS_FSTYPES that can be set differently.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
As detailed at [1] the XML feeds provided by NIST are being discontinued on
October 9th 2019. As cve-check-tool uses these feeds, cve-check.bbclass will be
inoperable after this date.
To ensure that cve-check continues working, backport the following commits from
master to move away from the unmaintained cve-check-tool to our own Python code
that fetches the JSON:
546d14135c5 cve-update-db: New recipe to update CVE database
bc144b028f6 cve-check: Remove dependency to cve-check-tool-native
7f62a20b32a cve-check: Manage CVE_PRODUCT with more than one name
3bf63bc6084 cve-check: Consider CVE that affects versions with less than operator
c0eabd30d7b cve-update-db: Use std library instead of urllib3
27eb839ee65 cve-check: be idiomatic
09be21f4d17 cve-update-db: Manage proxy if needed.
975793e3825 cve-update-db: do_populate_cve_db depends on do_fetch
0325dd72714 cve-update-db: Catch request.urlopen errors.
4078da92b49 cve-check: Depends on cve-update-db-native
f7676e9a38d cve-update-db: Use NVD CPE data to populate PRODUCTS table
bc0195be1b1 cve-check: Update unpatched CVE matching
c807c2a6409 cve-update-db-native: Skip recipe when cve-check class is not loaded.
07bb8b25e17 cve-check: remove redundant readline CVE whitelisting
5388ed6d137 cve-check-tool: remove
270ac00cb43 cve-check.bbclass: initialize to_append
e6bf9000987 cve-check: allow comparison of Vendor as well as Product
91770338f76 cve-update-db-native: use SQL placeholders instead of format strings
7069302a4cc cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
78de2cb39d7 cve-update-db-native: Remove hash column from database.
4b301030cf9 cve-update-db-native: use os.path.join instead of +
f0d822fad2a cve-update-db: actually inherit native
b309840b6aa cve-update-db-native: use executemany() to optimise CPE insertion
bb4e53af33d cve-update-db-native: improve metadata parsing
94227459792 cve-update-db-native: clean up JSON fetching
95438d52b73 cve-update-db-native: fix https proxy issues
1f9a963b9ff glibc: exclude child recipes from CVE scanning
[1] https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
AArch64 images are not self-decompressing, thus usually much larger.
Boot times can be reduced by compressing them in FIT and uImages.
This commit is a backport of commit a725d188b5 (kernel-uboot: compress
arm64 kernels) and commit 60bc7e180e (kernel-uboot: remove useless
special casing of arm64 Image) from master. Both commit were melted
into one to avoid some useless churn.
Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The way this class uses overrides to support generation of multiple
sections is subject to two different issues: 1) labels that conflict
with existing override names causing the value for the conflicting label
to be set for all labels, and 2) reusing the override list through each
iteration, prepending each new label to the list of overrides makes
earlier labels' value take precedence over later labels, making later
labels virtually impossible to customize.
The first issue is resolved by removing all label names from overrides
before iterating over labels. The second issue is resolved by
generating a fresh list of overrides with only the current label added.
The current label is also appended to the list of overrides instead of
prepended, which makes it the highest priority override. This is
matches the behavior of devtool-source.bbclass, which similarly
monkey-patches overrides.
Closes https://bugzilla.yoctoproject.org/show_bug.cgi?id=13469 .
Signed-off-by: Will Page <wpage@polysync.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The do_populate_sysroot task doesn't rerun if you change any of the USERADD_PARAM
or GROUPADD_PARAM variables, only do_package will.
If another task depends on the recipe, this means it won't see any updated changes.
This patch adds in the missing vardeps ensuring the code is deterministic.
[YOCTO #13232]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37d0382a3c67f47f8cfdd977a041069bf912b8c3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When mixing aarch64 and x86_64 host builds with common sstate, useradd failures
were found. This was due to references to:
/home/pokybuild/yocto-worker/qemuarm/build/build/tmp/sysroots-components/aarch64/pseudo-native/usr/bin/pseudo
or
/home/pokybuild/yocto-worker/qemuarm/build/build/tmp/sysroots-components/x86_64/pseudo-native/usr/bin/pseudo
on the wrong architecture within the useradd postinst files.
Instead of using COMPONENTS_DIR as the FIXME, use PSEUDO_SYSROOT which contains
the arch component as well to avoid this.
Add extra comments to cause the relavent sstate to be rebuilt.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0384622f72a6c0bd8225cf06f692340fdef67d4a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixed:
MACHINE = "qemux86-64"
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
$ bitbake core-image-minimal
update-alternatives: libtool has multiple providers with the same priority,
please check
/path/to/rootfs/usr/lib/opkg/alternatives/libtool for details
Both libtool and lib32-libtool have the same priority (as they're the same
recipe), so update-alternatives won't deterministically pick a provider. This
means you could end up with an image using a 32-bit pkgconfig and 64-bit
libtool, for example.
Make extended recipes reduce priority by 1 (or 2, 3 ... when there are multiple
variants in MULTILIB_VARIANTS) to fix the problem.
[YOCTO #13418]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
u-boot.bin with dtb & signature should be placed in ${B} so that
it can be deployed by u-boot as expected. Otherwise, the version
without signature is installed.
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
* this might be related to:
commit d2fcaeb153fdc3f8d7143ea823139f1537055ff1
Author: Douglas Royds <douglas.royds@taitradio.com>
Date: Thu Dec 20 11:59:47 2018 +1300
icecc: Don't generate recipe-sysroot symlinks at recipe-parsing time
* it's still a bit unclear when and why this happends, but I'm seeing
random tasks sometimes failing with:
WARNING: Exception during build_dependencies for set_icecc_env
WARNING: Error during finalise of /build/meta-oe/meta-python/recipes-devtools/python/python-markupsafe_1.0.bb
ERROR: Traceback (most recent call last):
File "/build/bitbake/lib/bb/data_smart.py", line 411, in expandWithRefs
s = __expand_python_regexp__.sub(varparse.python_sub, s)
File "/build/bitbake/lib/bb/data_smart.py", line 136, in python_sub
value = utils.better_eval(codeobj, DataContext(self.d), {'d' : self.d})
File "/build/bitbake/lib/bb/utils.py", line 421, in better_eval
return eval(source, ctx, locals)
File "Var <set_icecc_env>", line 1, in <module>
File "/build/oe-core/meta/classes/icecc.bbclass", line 287, in icecc_get_and_check_tool
link_path = icecc_get_tool_link(t, d)
File "/build/oe-core/meta/classes/icecc.bbclass", line 246, in icecc_get_tool_link
return subprocess.check_output("readlink -f %s" % tool, shell=True).decode("utf-8")[:-1]
File "/usr/lib/python3.6/subprocess.py", line 336, in check_output
**kwargs).stdout
File "/usr/lib/python3.6/subprocess.py", line 418, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command 'readlink -f /build/BUILD/work/qemux86-oe-linux/python-markupsafe/1.0-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/x86_64-oe-linux-g++' returned non-zero exit status 1.
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/build/bitbake/bin/bitbake-worker", line 239, in child
the_data = bb_cache.loadDataFull(fn, appends)
File "/build/bitbake/lib/bb/cache.py", line 327, in loadDataFull
bb_data = self.load_bbfile(virtualfn, appends, virtonly=True)
File "/build/bitbake/lib/bb/cache.py", line 340, in load_bbfile
datastores = parse_recipe(bb_data, bbfile, appends, mc)
File "/build/bitbake/lib/bb/cache.py", line 303, in parse_recipe
bb_data = bb.parse.handle(bbfile, bb_data)
File "/build/bitbake/lib/bb/parse/__init__.py", line 107, in handle
return h['handle'](fn, data, include)
File "/build/bitbake/lib/bb/parse/parse_py/BBHandler.py", line 142, in handle
return ast.multi_finalize(fn, d)
File "/build/bitbake/lib/bb/parse/ast.py", line 386, in multi_finalize
finalize(fn, d)
File "/build/bitbake/lib/bb/parse/ast.py", line 351, in finalize
bb.parse.siggen.finalise(fn, d, variant)
File "/build/bitbake/lib/bb/siggen.py", line 147, in finalise
taskdeps = self._build_data(fn, d)
File "/build/bitbake/lib/bb/siggen.py", line 118, in _build_data
tasklist, gendeps, lookupcache = bb.data.generate_dependencies(d)
File "/build/bitbake/lib/bb/data.py", line 388, in generate_dependencies
deps[dep], values[dep] = build_dependencies(dep, keys, shelldeps, varflagsexcl, d)
File "/build/bitbake/lib/bb/data.py", line 317, in build_dependencies
value, parsedvar = d.getVarFlag(key, "_content", False, retparser=True)
File "/build/bitbake/lib/bb/data_smart.py", line 802, in getVarFlag
parser = self.expandWithRefs(value, cachename)
File "/build/bitbake/lib/bb/data_smart.py", line 424, in expandWithRefs
raise ExpansionError(varname, s, exc).with_traceback(tb) from exc
File "/build/bitbake/lib/bb/data_smart.py", line 411, in expandWithRefs
s = __expand_python_regexp__.sub(varparse.python_sub, s)
File "/build/bitbake/lib/bb/data_smart.py", line 136, in python_sub
value = utils.better_eval(codeobj, DataContext(self.d), {'d' : self.d})
File "/build/bitbake/lib/bb/utils.py", line 421, in better_eval
return eval(source, ctx, locals)
File "Var <set_icecc_env>", line 1, in <module>
File "/build/oe-core/meta/classes/icecc.bbclass", line 287, in icecc_get_and_check_tool
link_path = icecc_get_tool_link(t, d)
File "/build/oe-core/meta/classes/icecc.bbclass", line 246, in icecc_get_tool_link
return subprocess.check_output("readlink -f %s" % tool, shell=True).decode("utf-8")[:-1]
File "/usr/lib/python3.6/subprocess.py", line 336, in check_output
**kwargs).stdout
File "/usr/lib/python3.6/subprocess.py", line 418, in run
output=stdout, stderr=stderr)
bb.data_smart.ExpansionError: Failure expanding variable set_icecc_env, expression was if [ "${@use_icecc(bb, d)}" = "no" ]
then
return
fi
ICECC_VERSION="${@icecc_version(bb, d)}"
if [ "x${ICECC_VERSION}" = "x" ]
then
bbwarn "Cannot use icecc: could not get ICECC_VERSION"
return
fi
ICE_PATH="${@icecc_path(bb, d)}"
if [ "x${ICE_PATH}" = "x" ]
then
bbwarn "Cannot use icecc: could not get ICE_PATH"
return
fi
ICECC_BIN="${@get_icecc(d)}"
if [ -z "${ICECC_BIN}" ]; then
bbwarn "Cannot use icecc: icecc binary not found"
return
fi
if [ -z "$(which patchelf patchelf-uninative)" ]; then
bbwarn "Cannot use icecc: patchelf not found"
return
fi
# Create symlinks to icecc in the recipe-sysroot directory
mkdir -p ${ICE_PATH}
if [ -n "${KERNEL_CC}" ]; then
compilers="${@get_cross_kernel_cc(bb,d)}"
else
compilers="x86_64-oe-linux-gcc x86_64-oe-linux-g++"
fi
for compiler in $compilers; do
ln -sf ${ICECC_BIN} ${ICE_PATH}/$compiler
done
ICECC_CC="${@icecc_get_and_check_tool(bb, d, "gcc")}"
ICECC_CXX="${@icecc_get_and_check_tool(bb, d, "g++")}"
# cannot use icecc_get_and_check_tool here because it assumes as without target_sys prefix
ICECC_WHICH_AS="${@bb.utils.which(os.getenv('PATH'), 'as')}"
if [ ! -x "${ICECC_CC}" -o ! -x "${ICECC_CXX}" ]
then
bbwarn "Cannot use icecc: could not get ICECC_CC or ICECC_CXX"
return
fi
ICE_VERSION=`$ICECC_CC -dumpversion`
ICECC_VERSION=`echo ${ICECC_VERSION} | sed -e "s/@VERSION@/$ICE_VERSION/g"`
if [ ! -x "/build/BUILD/work/qemux86-oe-linux/python-markupsafe/1.0-r0/recipe-sysroot-native/usr/bin/icecc-create-env" ]
then
bbwarn "Cannot use icecc: invalid ICECC_ENV_EXEC"
return
fi
ICECC_AS="`${ICECC_CC} -print-prog-name=as`"
# for target recipes should return something like:
# /OE/tmp-eglibc/sysroots/x86_64-linux/usr/libexec/arm920tt-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/4.8.2/as
# and just "as" for native, if it returns "as" in current directory (for whatever reason) use "as" from PATH
if [ "`dirname "${ICECC_AS}"`" = "." ]
then
ICECC_AS="${ICECC_WHICH_AS}"
fi
if [ ! -f "${ICECC_VERSION}.done" ]
then
mkdir -p "`dirname "${ICECC_VERSION}"`"
# the ICECC_VERSION generation step must be locked by a mutex
# in order to prevent race conditions
if flock -n "${ICECC_VERSION}.lock" \
/build/BUILD/work/qemux86-oe-linux/python-markupsafe/1.0-r0/recipe-sysroot-native/usr/bin/icecc-create-env "${ICECC_CC}" "${ICECC_CXX}" "${ICECC_AS}" "${ICECC_VERSION}"
then
touch "${ICECC_VERSION}.done"
elif ! wait_for_file "${ICECC_VERSION}.done" 30
then
# locking failed so wait for ${ICECC_VERSION}.done to appear
bbwarn "Timeout waiting for ${ICECC_VERSION}.done"
return
fi
fi
# Don't let ccache find the icecream compiler links that have been created, otherwise
# it can end up invoking icecream recursively.
export CCACHE_PATH="$PATH"
export CCACHE_DISABLE="1"
export ICECC_VERSION ICECC_CC ICECC_CXX
export PATH="$ICE_PATH:$PATH"
bbnote "Using icecc path: $ICE_PATH"
bbnote "Using icecc tarball: $ICECC_VERSION"
which triggered exception CalledProcessError: Command 'readlink -f /build/BUILD/work/qemux86-oe-linux/python-markupsafe/1.0-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/x86_64-oe-linux-g++' returned non-zero exit status 1.
ERROR: Task (virtual:multilib:lib32:/build/meta-oe/meta-python/recipes-devtools/python/python-markupsafe_1.0.bb:do_patch) failed with exit code '1'
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
populate_packages relies on ``mkdir`` to both create a directory and set
its permissions. However, ``mkdir`` honors the ``umask`` value.
Therefore, some bits may be lost in the operation. In our case, the
setgid bit on the directories were lost.
This commit fixes this by having a distinct call to create the directory
and to set the permissions.
Signed-off-by: Jean-Tiare Le Bigot <jean-tiare.le-bigot@easymile.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Its possible in cases with multiple shlib providers we were not being
deterministic. Add in a couple of sorted() calls to fix the shlibs and
pkgconfig cases with this potential issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This introduces a variable, PKGDATA_VARS, that contains the names of
the variables that are to be output in the runtime pkgdata files.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Previously the subprocess command to run dtc was not properly displaying
the error on console. Combining stderr into stdout for the dtc subprocess
so the actual error can be seen on console without having to open the
do_compile log.
For example, previously on a dtc error, just the following stack trace
and dtc command was being shown on console:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:devicetree_do_compile(d)
0003:
File:
function: devicetree_do_compile
0127: if not(os.path.isfile(dtspath)) or
not(dts.endswith(".dts") or devicetree_source_is_overlay(dtspath)):
0128: continue # skip non-.dts files and non-overlay
files
0129: except:
0130: continue # skip if can't determine if overlay
*** 0131: devicetree_compile(dtspath, includes, d)
...
Exception: subprocess.CalledProcessError: Command '['dtc', '-R', '8',
'-b', '0', '-p', '0x1000', '-i', '${INCLUDES}, '-o', 'system-top.dtb',
'-I', 'dts', '-O', 'dtb', 'system-top.dts.pp']' returned non-zero exit
status 1
with this patch, the actual error from the dtc command will be appended
like the following:
Subprocess output:
Error: Label or path not found
FATAL ERROR: Syntax error parsing input tree
Signed-off-by: Jaewon Lee <jaewon.lee@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* both use KERNEL_IMAGETYPE variable which is MACHINE specific
* fixes:
=== Comparing signatures for task do_configure.sigdata between hammerhead and mako ===
ERROR: grub-bootconf different signature for task do_configure.sigdata between hammerhead and mako
basehash changed from 710332f3ec15670302dd690708730c9e418d53790ce36d6a91b049ae4f7069b1 to c9a46e58b4634b5fd47d20683f8320e15f5c4cb7628e3a62ed97d8528d7aabd2
Variable KERNEL_IMAGETYPE value changed from 'zImage-dtb' to 'zImage'
ERROR: systemd-bootconf different signature for task do_configure.sigdata between hammerhead and mako
basehash changed from 2abbaf6d7760696fbf1ff5df5705239b475ccbf6f0c831fc4031984c0ce0e9f2 to 24f1e7886dee02b04bc180acc1c946ad82ce842655e5a5f4a8006f4a8490f985
Variable KERNEL_IMAGETYPE value changed from 'zImage-dtb' to 'zImage'
detected with:
openembedded-core/scripts/sstate-diff-machines.sh --targets=world --tmpdir=tmp-glibc/ --analyze --machines="hammerhead mako qemux86"
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
As of commit 898490c010b [moduleparam: Save information about built-in
modules in separate file] (kernels v5.2-rc1+), modules.builtin.modinfo
is generated as part of the kernel build process.
We package it along with the other module artifacts, so it can be used
by scripts/other build steps.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 29fc9210b973be68de474e75068e4c72371afe5a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes [YOCTO #11028]
When dealing with node modules which use "node-gyp" [1] to build native
addons to node. Some temporary build files stay in the image: object
files, static library files, dependency files, ...
This commit does not keep only the required files, but remove the files
which can leads to QA issues (staticdev with static library files).
[1]: https://github.com/nodejs/node-gyp
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes [YOCTO #13349]
When dealing with node modules which have declared "bin" files [1], npm
will create a link in '/usr/bin' with a relative link to
'../lib/node_modules/<module bin file>'.
The commits e9270af4296ce2af292059617a717e42fc17425c and
2713d9bcc39c712ef34003ce8424416441be558e explicitely use
'/usr/lib/node/' as install directory, but does not care about the "bin"
symbolic linked files.
In order to keep valid links, and to keep it as simple as possible, the
path '/usr/lib/node_modules/' is used as install directory for npm. And
a symbolic link is created to have a valid '/usr/lib/node/' path, needed
for node.
[1]: https://docs.npmjs.com/files/package.json#bin
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes [YOCTO #12534]
When using npm packages with exotic names, like "JSONSelect" (with
uppercase) or "@angular/cli" (with at sign and slash), there are three
different names:
- the recipe name ("jsonselect" or "angular-cli")
- the npm module name ("JSONSelect" or "@angular/cli")
- the npm pack name ("JSONSelect" or "angular-cli")
The commit fa9c077068a2acea04389fa2b44eb2e93548fce2 allow to have
different recipe name and npm module name by setting the NPMPN variable.
This commit allows to have yet another npm pack name. The pack filename
is now dynamically retrieved from the 'npm pack' command.
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Many different ptests are breaking as they assume that ${PN}-ptest
depends on ${PN}. It doesn't currently but should. If we fix this, many
different ptests start passing when they previously failed.
It does depend on fixing an issue in the dbus-test recipe which is done
in the preceeding patch (mentioned in case this gets backported).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
do_bundle_initramfs does not have to depend on
${INITRAMFS_IMAGE}:do_image_complete if INITRAMFS_IMAGE_BUNDLE is not
set.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Without this, the user has no idea what went wrong.
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When using u-boot-nodtb, the symlink didn't install correctly to the
${DEPLOYDIR}. This commit fixes this bug.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When UBOOT_DTB_BINARY is empty and because the code now changes
directory into ${B}, the test for the existence becomes `[ -f ]` which
succeeds and subsequently the install fails.
Reorder the code so it's clear that UBOOT_DTB_BINARY empty is an
expected configuration and then quote UBOOT_DTB_BINARY everywhere so
no one trips over this again.
Fixes: bacb59079eb6 ("uboot-sign: add support for different u-boot configurations")
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is done by concatenating the DTB with the kernels public key
to all built u-boot binaries. Furthermore the installation of all
the binaries is required.
Signed-off-by: Andreas Obergschwandtner <andreas.obergschwandtner@skidata.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Whenever cml1 do_configure is used with a defconfig, oldconfig waits for
input. This silently fails on recent kconfig projects with:
"Error in reading or end of file."
We cannot use a more up to date kconfig target such as olddefconfig,
because busybox does not support it.
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The python distutils generate a python wrapper script for each package,
containing shebang lines pointing to the python executable.
In our case, this is a fully-qualified path to python-native in the
recipe-sysroot-native.
Ubuntu 18.04 restricts the useful length of the shebang line to 125
characters, and Ubuntu 16.04 restricts it to 77. In both cases, the
staged python script fails to run due to the length of the path to
the python-native executable.
Replace the shebang line with nativepython or nativepython3 as appropriate.
The nativepython symlink is installed by the python-native recipe:
#!/usr/bin/env nativepython
We were already doing this for on-target distutils components.
This change applies the sed-line to -native distutils components as well.
In this way, -native clients of these components can invoke the wrapper scripts
directly, without themselves needing to inherit pythonnative.
This works around a known setuptools issue:
https://github.com/pypa/setuptools/issues/494
Even once this issue has been resolved upstream,
we will still need to replace `python` with `nativepython`
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Because our clones use the host git, on (say) Ubuntu 18.04, the local
git directories acquire perl scripts such as fsmonitor-watchman.sample.
During packaging, this leads to failures:
ERROR: go-hsperfdata-1.0.3+gitAUTOINC+b58598ac84-r0 do_package_qa: QA Issue: /usr/lib/go/pkg/dep/sources/https---github.com-nsf-termbox--go/.git/hooks/fsmonitor-watchman.sample contained in package go-hsperfdata-staticdev requires /usr/bin/perl, but no providers found in RDEPENDS_go-hsperfdata-staticdev? [file-rdeps]
ERROR: go-hsperfdata-1.0.3+gitAUTOINC+b58598ac84-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
ERROR: go-hsperfdata-1.0.3+gitAUTOINC+b58598ac84-r0 do_package_qa:
ERROR: go-hsperfdata-1.0.3+gitAUTOINC+b58598ac84-r0 do_package_qa: Function failed: do_package_qa
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
native clashing
The rmt in cpio-native and tar-native is clashing, since
tar-native has set var-NATIVE_PACKAGE_PATH_SUFFIX, we move rmt
to sbindir, and add suffix NATIVE_PACKAGE_PATH_SUFFIX to sbindir
could avoid the clashing.
And in Ubuntu, rmt is in sbindir
$ which rmt
/usr/sbin/rmt
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In case, kernel config enables compressed modules, support of
splitting via split_kernel_module_packages won't find any module.
So, first expand module pattern regex to recognize compressed
modules and then objcopy on temporary extacted to extract module
information.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Some CI pipelines might perform further processing of the test output
(for instance, to plot some metrics into a chart). However, Since `thud`
we switched away from the XML-based jUnit reporting, and at the same
time we lost the ability of collecting the stdout and stderr of the
various tests.
We now restore this functionality by adding `stdout` and `stderr` keys
to the JSON reports. This behavior is off by default; in order to enable
it, one must set the `TESTREPORT_FULLLOGS` variable in the bitbake
configuration.
Signed-off-by: Alberto Mardegan <amardegan@luxoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* since this change:
commit d2fcaeb153fdc3f8d7143ea823139f1537055ff1
Author: Douglas Royds <douglas.royds@taitradio.com>
Date: Thu Dec 20 11:59:47 2018 +1300
icecc: Don't generate recipe-sysroot symlinks at recipe-parsing time
the set_icecc_env function depends on KERNEL_CC variable even for recipes
like linux-libc-headers
* KERNEL_CC variable depends on STAGING_KERNEL_DIR:
Variable KERNEL_CC value is ${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}
List of dependencies for variable KERNEL_CC is {'STAGING_KERNEL_DIR', 'HOST_PREFIX', 'DEBUG_PREFIX_MAP', 'HOST_CC_KERNEL_ARCH', 'KERNEL_SRC_PATH'}
which depends on MACHINE:
Variable STAGING_KERNEL_DIR value is ${TMPDIR}/work-shared/${MACHINE}/kernel-source
List of dependencies for variable STAGING_KERNEL_DIR is {'MACHINE'}
* as detected with:
openembedded-core/scripts/sstate-diff-machines.sh --tmpdir=tmp-glibc --machines="qemux86 qemux86copy qemuarm" --targets=glibc --analyze
ERROR: linux-libc-headers different signature for task do_configure.sigdata between qemux86 and qemux86copy
NOTE: Starting bitbake server...
basehash changed from 3146f4ffeb002bd69fed7656a4b896365b2e2a00071c69e1afbb672889e754ee to f1a5160e39912e61389b6f9fe68d61146a2be91716ac37e4a32ecf4c09b2b5fa
Variable MACHINE value changed from 'qemux86' to 'qemux86copy'
$ bitbake-diffsigs /OE/build/oe-core/tmp-glibc/sstate-diff/1556122458/qemux86*/*/linux-libc-headers/*do_configure.sigdata*
NOTE: Starting bitbake server...
basehash changed from f1a5160e39912e61389b6f9fe68d61146a2be91716ac37e4a32ecf4c09b2b5fa to 3146f4ffeb002bd69fed7656a4b896365b2e2a00071c69e1afbb672889e754ee
Variable MACHINE value changed from 'qemux86copy' to 'qemux86'
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[commit in warrior]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Martin Jansa
Trevor Woerner
Peter Kjellerstedt
Lee Chee Yang
Mattias Hansson
Niko Mauno
Ross Burton
Dmitry Eremin-Solenikov
Andrii Bordunov via Openembedded-core
Bedel, Alban
Will Page
Richard Purdie
Robert Yang
Jun Nie
Joël Esponde
Jaewon Lee
Bruce Ashfield
Jean-Marie LEMETAYER
Ming Liu
Max Kellermann
Ying-Chun Liu (PaulLiu)
Alex Kiernan
Andreas Obergschwandtner
Stefan Müller-Klieser
Douglas Royds
Hongxu Jia
Jens Rehsack
Mardegan, Alberto