Age | Commit message (Collapse) | Author |
|
hashlib.md5() is not permitted on a FIPS enabled host system. This is due
to md5 not being an approved hash algorithm.
Instead use:
hashlib.new('MD5', usedforsecurity=False)
This is allowed, as it's clear the hash is used for a non-security purpose.
Using an md5 to identify when a license has changed is permitted, as we're
not using it for file integrity.
Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In commit ceda3238 (meta/meta-selftest/meta-skeleton: Update LICENSE
variable to use SPDX license identifiers) all LICENSE variables were
updated to only use SPDX license identifiers.
This does the same for comments and other variables where it is
appropriate to use the official SPDX license identifiers. There are
still references to, e.g., "GPLv3", but they are then typically in
descriptive text where they refer to the license in a generic sense.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The code doesn't work if the variable is unset, fix that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This helps bridge the old setuptools3 behavior.
FILES:${PN} has sane defaults in setuptools3-base
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Now that all of the functions in cve-check open the database read-only,
we can remove this lockfile.
This means cve-check can run in parallal again, improving runtimes
massively.
This reverts commit d55fbf4779483d2cfd71df78d0f733b599fef739.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes the name for native and nativesdk recipes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rather than only use PYPI_PACKAGE as a guess, fall back on PN for cases
where a recipe does not inherit pypi.
Wheels can only have alphanumeric characters in the 'distribution'
name [1]. Any other characters are replaced with an underscore. Provide a
function to replace dash with underscore.
[1] https://www.python.org/dev/peps/pep-0491/#escaping-and-unicode
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Almost everywhere those are the same, except when making a cross toolchain
where HOST_ is where it's going to run, and TARGET_ is what it's going to
produce.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This matters when cross-compiling a cross-toolchain:
we need to specify the system where the toolchain
will run, not the system it will produce output for.
For everything else, HOST and TARGET are the same.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
distutils has been deprecated in Python 3.10 and will be removed in
Python 3.12 (predicted release date October 2023). For now, move these
classes from oe-core to meta-python to allow users to migrate.
[YOCTO #14610]
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Depend on python3-wheel-native so that we can build with 'setup.py
bdist_wheel'.
Use pip_install_wheel class to install the built wheels with pip, as
intended by upstream Python.
[YOCTO #14638]
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This class uses the PEP 517 compliant setuptools.buil_meta to build
wheels.
[YOCTO #14638]
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Replace the use of --force-reinstall with --ignore-installed when running pip
install. It can detect currently installed modules in the wrong environment and
try to remove them currently which is not what is desired. Ignoring them is the
correct thing to do.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If we modify the file, we need to recompile the pyc files since the file
hash has changed. This would otherwise result in reproducibility failrues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Provide a helper class to use pip to install wheels built by either
bdist_wheel or a PEP-517 backend.
Set pip install arguments via PIP_INSTALL_ARGS, which can be overriden
by recipes.
Pass --root and --prefix to ensure that pip installs things into the
proper place in sysroot.
By passing --no-deps and --no-index we avoid finicky dependency
checking (pip expects wheels in its cache) and avoid trying to fetch
wheels from pypi.org. This is basically the same behavior we have now,
the dependencies should be declared in the recipe.
Also pass --force-reinstall to make sure built wheels are always installed
so that FILES gets properly populated.
Pass --no-cache to avoid a (harmless) warning about the pip cache in
$HOME be avoiding use of cache. We do not likely want wheels cached
anyway,
pip install changes the python interpreter in scripts installed in
${bindir}, e.g. to #!/usr/bin/nativepython3, correct the behavior after
install to #!/usr/bin/env python3.
[YOCTO #14638]
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some python packages now use pyproject.toml and declare
flit_core.buildapi as the build engine
Use pip_install_wheel class to install.
[YOCTO #14638]
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The overlayfs_qa_check in the rootfs-postcommands class throws an
exception if the overlayfs distro feature is enabled but no global
OVERLAYFS_MOUNT_POINT is specifived.
File: '/home/stefan/dalos-linutronix/poky/meta/classes/rootfs-postcommands.bbclass', lineno: 389, function: overlayfs_qa_check
0385: searchpaths = [oe.path.join(imagepath, d.getVar("sysconfdir"), "systemd", "system"),
0386: oe.path.join(imagepath, d.getVar("systemd_system_unitdir"))]
0387:
0388: allUnitExist = True;
*** 0389: for mountPoint in overlayMountPoints:
0390: path = d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint)
0391: unit = mountUnitName(path)
0392:
0393: if not any(os.path.isfile(oe.path.join(dirpath, unit))
Exception: TypeError: 'NoneType' object is not iterable
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By renaming LICENSE_EXCLUSION to _exclude_incompatible, it makes it
clear that this is an internal variable.
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db. However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nativesdk is a cross compiled target and therefore should use the target
config, not the native one. Copy the target entries accordingly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
meta-openembedded has gtk4 which has its own version of
gtk-update-icon-cache. Allow programs that want to use gtk4
use the proper version of the gtk-update-icon-cache utility
and the proper build and runtime dependencies.
Also use a more readable syntax for conditional values in DEPENDS.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, SPDX SBOMs are only created for images. Add support for
SDKs.
Signed-off-by: Andres Beltran <abeltran@linux.microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
'class' is already taken as keyword and python doesn't like this:
ERROR: Error in compiling python function in oe-core/meta/classes/icecc.bbclass, line 151:
The code lines resulting in this error were:
0020: check_pn = set([pn, bpn])
0021:
0022: class_disable = (d.getVar('ICECC_CLASS_DISABLE') or "").split()
0023:
*** 0024: for class in class_disable:
0025: if bb.data.inherits_class(class, d):
0026: bb.debug(1, "%s: class %s found in disable, disable icecc" % (pn, class))
0027: return "no"
0028:
SyntaxError: invalid syntax (icecc.bbclass, line 151)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add further tweaks to comments and variable names for license variable change.
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The SYSTEM and USER seperation between variables seems odd and not necessary,
drop it. Avoid the use of whitelist/blacklist and also change "packages" to
"recipes" since that misuse causes confusion.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a more descriptive variable name updated in base.bbclass
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove the old class and rename VarFlag to SKIP_RECIPE, handling this
in base.bbclass for efficiency. This means a separate inherit is no longer
needed.
This change better describes what the VarFlag is doing since it
is implemeted with the SkipRecipe() function.
By moving this into base.bbclass we simplify the distro inherit.
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After other variables were renamed in bitbake, update OE-Core to match.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After the change to bitbake, update the references in OE-Core to match the updates.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is useful when needing to test layer's recipes, where this special
bbclass can define a global python function that gets called on each
recipe parsing during "bitbake -S none world" signature dump and be able
to fail layer's check accordingly.
First test being added is to detect recipes skipping "installed-vs-shipped"
QA check. As "installed-vs-shipped" is a packaging QA check, it happens very
late in the build process and failing it could mean some potential issues
with packaging, especially when recipe uses BBCLASSEXTEND="nativesdk" and
resulting package is used in an SDK.
In OE-Core failing this QA check leads to an error, but other layers can
suppress it or change it to a warning. Detecting weird packaging problems
with SDKs is quite difficult and time consuming. Also, waiting for the
actual "installed-vs-shipped" packaging QA check to fail means that all
recipes in the layer under test have to run through all standard tasks in
the build chain, equivalent to a multi-hour world-build.
Hence yocto-check-layer takes a shortcut and only detects a mere attempt
at skipping "installed-vs-shipped" QA check in the INSANE_SKIP list during
initial parsing when dumping the signature information for the layer.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As kernel modules depend on the base kernel package, and the base kernel
recipe depends on the kernel image, it's impossible to build file system
images which contain kernel modules but not the kernel itself, such as
an initramfs.
Change the RDEPENDS to RRECOMMENDS so that the disk images can set
PACKAGE_EXCLUDE = "kernel-image-*" to remove the kernel.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The threading code here can race as the fetcher changes the environment which is
shared between the threads. By setting it up in advance, it isn't changed and
therefore no longer races.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A regression form cpio CVE-2021-38185 caused the tool to hang for paths
greater than 128 character long. It was reported here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992098
We were able to reliable reproduce this with dunfell, meta-freescale
recipe imx-boot
https://github.com/Freescale/meta-freescale/blob/dunfell/recipes-bsp/imx-mkimage/imx-boot_1.0.bb
Using relative path on the affected host fixes the issue as this is
always short, being in the same work dir. It would be harmless, and
useful to generally use the relative path for sysroot_stage_dir()
Signed-off-by: Ahsan Hussain <ahsan_hussain@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
example.com is proving unreliable at present so switch to our own connectivity
page instead. That page is very simple avoiding app overhead on our web server
which was an original reason for switching to example.com.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For $UBOOT_ENV file to appear in sysroot, virtual/bootloader
must populate sysroot first. Add the missing dependency.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
I got this error on current master:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_write_qemuboot_conf(d)
0003:
File: '.../layers/openembedded-core/meta/classes/qemuboot.bbclass', lineno: 141, function: do_write_qemuboot_conf
0137: else:
0138: val = d.getVar(k)
0139: # we only want to write out relative paths so that we can relocate images
0140: # and still run them
*** 0141: if val.startswith(topdir):
0142: val = os.path.relpath(val, finalpath)
0143: cf.set('config_bsp', k, '%s' % val)
0144:
0145: # QB_DEFAULT_KERNEL's value of KERNEL_IMAGETYPE is the name of a symlink
Exception: AttributeError: 'NoneType' object has no attribute 'startswith'
Do nothing if "val" is None, which may happen for k = "UNINATIVE_LOADER".
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CMake includes a FetchContent module, which will download further
source code at configure time. With the network isolation this will now
fail, but as not all environments support network isolation we can tell
cmake to not download either for extra safety.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch will read the begining of source files and try to find
the SPDX-License-Identifier to populate the licenseInfoInFiles
field for each source file. This does not populate licenseConcluded
at this time, nor rolls it up to package level.
We read as binary file since some source code seem to have some
binary characters, the license is then converted to ascii strings.
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is also covered in documentation since:
https://git.yoctoproject.org/yocto-docs/commit/?id=3f3e5574ac9801ad92940168b61b532e0bd53a80
[YOCTO 14605]
Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This should print the actual stack trace, for real :)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Autobuilder has been showing things like:
Checking sstate mirror object availability...ERROR: SState: cannot test file://universal/d9/bc/sstate:xz-native:x86_64-linux:5.2.5:r0:x86_64:8:d9bced04b194d5fc8d778eb8a0d674fa7375a42c8c50a9237e6d7672e9e7a00c_deploy_source_date_epoch.tar.zst: TimeoutError('timed out')
ERROR: SState: cannot test file://37/a0/sstate:libgcc-initial:core2-64-poky-linux:11.2.0:r0:core2-64:8:37a0a5aec105a0822df098f15ff2b67d0e7220204742b5d2b1f7958dda6fa5ce_deploy_source_date_epoch.tar.zst: TimeoutError('timed out')
ERROR: SState: cannot test file://universal/11/a4/sstate:libpciaccess-native:x86_64-linux:0.16:r0:x86_64:8:11a4d6c3a2e147ef7dd5f31c0ff2a91271dad49b561d8aa24849115081cf1842_deploy_source_date_epoch.tar.zst: TimeoutError('timed out')
done.
which is not helpful. To find out what really happened and where, the original
traceback is needed too.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was prompted by ltp's unreasonably long package_qa times; it has
a massive amount of executables and insane runs objdump for all of
them, serially.
This reduces the time from 4 minutes to 1m20s on my machine.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- build some packages with icecc enabled is not supported
because of the folling that disables the icecc:
DEBUG: while parsing set_icecc_env, unable to handle non-literal command '$ICECC_CC'
- it can be replicated with:
bitbake make && bitbake make -c cleansstate && bitbake make -DD
grep ICECC_CC tmp/log/cooker/qemux86-64/console-latest.log
- bash command substitution backquote deprecated
https://www.gnu.org/software/bash/manual/html_node/Command-Substitution.html
https://mywiki.wooledge.org/BashFAQ/082
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use double quotes("") rather than single quotes('') for PS1 in
EXPORT_SDK_PS1 which will be exported in SDK environment file. Then it
could set PS1 for SDK env with some variables in host env, such as the
original PS1. The SDK PS1 could be some distinct words plus original PS1
rather than replace the whole original PS1. For example, it could set in
local.conf with
SDK_PS1 = "(oesdk) \${PS1}"
then it just prepends '(oesdk) ' before original PS1 after source the
SDK environment file.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some of the host distributions build the drivers in a way (RPATH/RUNPATH)
that tricks uninative loader into loading pieces of the host libc, if
the same pieces haven't been previously loaded by native binaries. Mixing
the two libc versions leads to failures.
This change ensures that the correct (uninative) versions are always in use.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|