Age | Commit message (Collapse) | Author |
|
LTO likely doesn't buy us much here, disable it to allow the binaries
to be reproducible.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add sorting to the globbing within the Makefile to make the output
reproducible.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove hardcoding the build configuration into the help/version output
from swig to make the binaries reproducible.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add sorting to wildcard expansion in the makefile to make builds
reproducible.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The library hardcodes paths to the python library internally and currently
these are build paths. Fix this to use the correct target path and
fix reproducibility in the process.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to use CFLAGS with the correct WORKDIR in them, replace those
in the sysroot file with the ones appropriate to the current recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Configure was swallowing our cflags meaning the resulting binaries were
not reproducible. Tweak configure not to do that and fix reproducibility.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a configuration option to pass in srcdir, removing hard coded
build paths from the binaries.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The compressed docs contained a timestamp of the original file which
meant the SDE clamping during package creation didn't work. The
benefits of compression are minor, decompress the files to avoid
the reproducibility issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Calling sync between each file compare is horrible performance wise
as we compare thousands of files. We don't care about IO latency here
so disable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't use tbe BUILDINFO line of host information in the Makefile
so remove it for reproducibility.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't want to encide BUILD_ROOT into target packages. This is used
for build time tests but in our case those would be on target anyway
do use the target paths.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
config_data was including a build system path to pkg-config, fix
this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
configure inspects the host's /etc/group for these configuration
options, fix this to the correct values by using configure options.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rpm packaging has shown good numbers wrt reproducible builds as well
when testing core-image-minimal locally:
Reproducibility summary for rpm: same=4671 different=0 missing=0 total=4671
Thus enable it in the autobuilder to be more widely tested.
(From OE-Core rev: 84d3a90557444d8cd83d780b1c3f2b278ab07af2)
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rpm uses "XXX-VERSION" compared to deb/ipk which use "XXX_VERSION"
which breaks the go package exclusion. Work around with both go_
and go- for now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
dep tool is now deprecated and its replaced with go modules so using
this as sample for testing is also getting arcane. Replace it with
another project direnv[1] which is quite active and uptodate
[1] https://github.com/direnv/direnv
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
git, libproxy, libcap-ng(-python), babeltrace2, rsync and groff
have their reproducibility issues fixed, remove from the exclusion
list. Also fix whitespace.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Das U-Boot 2021.4-rc1 has the following commit:
commit 3f04db891a353f4b127ed57279279f851c6b4917
Author: Simon Glass <sjg@chromium.org>
Date: Mon Feb 15 17:08:12 2021 -0700
image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for
this and disallow it.
CVE-2021-27138
Adjust the kernel-fitimage.bbclass accordingly to not use unit
addresses. This changte is required before we can bump U-Boot to 2021.4.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
handling changes
With the separate of the "-only" and "-or-later" licenses, we need to
update the tests to match the messages now given in the output.
Also use a mix of canonicalised and non-canonlised names in the
reference recipes to help test those cases and ensure coverage.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit 84d3a90557444d8cd83d780b1c3f2b278ab07af2.
This shouldn't have been merged, its not ready yet.
|
|
rpm packaging has shown good numbers wrt reproducible builds as well
when testing core-image-minimal locally:
Reproducibility summary for rpm: same=4671 different=0 missing=0 total=4671
Thus enable it in the autobuilder to be more widely tested.
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes reproducibility when build acpica yacc sources by instructing
bison on how to do the file prefix mapping
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add ruby-ri-docs and meson back as not reproducible, remove watchdog,
xorg-minimal-fonts and xmlto as issues fixed.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The reproducible build tests can take a long time, so having more
logging messages at various points in the build can help debug where the
build is taking a long time.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The SSTATE_MIRRORS variable was misspelled, which allowed the "clean"
test build to pull from the mirror.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It appears these exclusions are no longer needed with master, drop
them and improve our reproducibilty metrics.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This makes comparisions between lists easier.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This helps with trimming down the list, and towards 100% reproducibility :)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
files in wic tmp directory can be usefull for debugging, so do not remove
tmp directory when wic create run with debugging mode (-D or --debug).
also update wic.Wic.test_debug_short and wic.Wic.test_debug_long to
check for tmp directory.
[YOCTO#14216]
Signed-off-by: Lee Chee Yang <Chee.Yang.Lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
existing test case test_permissions use Wic command as standalone
tools to create wic image and check that wic image for permissions.
add extra steps to the test case to also check against image build
using bitbake do_image_wic.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
add CVE_VERSION_SUFFIX to indicate the version suffix type, currently
works in two value, "alphabetical" if the version string uses single
alphabetical character suffix as incremental release, blank to not
consider the unidentified suffixes. This can be expand when more suffix
pattern identified.
refactor cve_check.Version class to use functools and add parameter to
handle suffix condition.
Also update testcases to cover new changes.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If recipe uses only file:// fetcher devtool unpacks sources under
oe-local-files/ and adds symlink in source root directory. We need to
verify if the symlink in subdirectory has correct path.
See [YOCTO #13738] for details.
Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The way distutils.version.LooseVersion compare version are tricky, it treat
all these ( "1.0-beta2", "1.0-rc1", "1.0A", "1.0p2" and "1.0pre1") as greater
version than "1.0". This might be right for "1.0A" and "1.0p1" but not for
the rest, also these version could be confusing, the "p" in "1.0p1" can be
"pre" or "patched" version or even other meaning.
Replace Looseversion with custom class, it uses regex to capture common
version format like "1.1.1" or tag format using date like "2020-12-12" as
release section, check for following known string/tags ( beta, rc, pre, dev,
alpha, preview) as pre-release section, any other trailing characters
are difficult to understand/define so ignore them. Compare release
section and pre-release section saperately.
included selftest for the version class.
[YOCTO#14127]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The test would timeout on autobuilders. This patch increases the
timeout to 60s
The test will now also exit as soon as we receive the 2 expected events
Expected runtime is around 1s if successful
Bug 14158
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The binutils-cross-x86_64 is not avaliable for non x86-64 machines.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bash 5.1 inserts escape sequences into its output (specifically
disabling bracketed paste mode via \x1b[?2004l). I am not sure
if somehow terminal detection isn't working correctly there,
but in any case the marker is still in the output, but needs to
be checked by 'in' rather than exact equivalence.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This commit provides a testcase for the initramfs bundle support implemented
in kernel-fitimage.bbclass
The testcase verifies the content of the initramfs bundle node in the FIT
Image Tree Source (its).
The testcase is self-contained and the configurations are set by the test case itself.
To verify the initramfs bundle support, the testcase uses beaglebone-yocto machine.
This testcase can be run through the following command:
oe-selftest -r fitimage.FitImageTests.test_initramfs_bundle
Change-Id: I8ab8abf2c150ea515fd439784eb20c6b092bfbc5
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since host's ccache is not reliable, so disable ccache for native recipes and
use ccache-native for other types of recipes. We need disable ccache for native
recipes is because ccache-native now depends on cmake-native which causes
circular dependencies, and it's not easy to break the circular.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit f5b29367af4d8e5daea5771264774aa49519f9a8.
Will use ccache-native which is more reliable.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The oe-selftest code already keeps the selftest build directory in place
if any tests failed. By default the build directory is deleted if all
tests pass but there may be cases where it's desirable to keep this
directory around, for example to compare intermediate files between
passing and failing test runs.
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A test is implemented on poky/meta/lib/oeqa/selftest/pkgdata.py to test
the scenario when oe-pkgdata-util is executed without parameters and
help is displayed.
See [YOCTO #10726] for detailed bug information.
Signed-off-by: Milan Shah <mshah@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ccache 4.x has hard dependencies on cmake-native (used as
build system) and zstd, which means inserting ccache-native
as DEPENDS into everything creates circular dependencies which
are impossible to break.
ccache 3.x did not have this problem as it used plain makefiles
and an in-tree copy of zlib.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Its surprising we've made it this far without this, add in some specific
uid/gid settings to ensure these don't cause false positives to the tests.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Verify that fifos are properly handled by the build system.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|