Age | Commit message (Collapse) | Author |
|
Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.
However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.
A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument
With a recent enough swtpm, one can create a TPM device like this:
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
TPM is listening on TCP port 34613.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET
- runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
--tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
-tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
tpm-tis,tpmdev=tpm0" ...
Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.
swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).
With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It always fail to check the file generated by configure
when running ptest on the target since it's cross-compiling,
so remove the check from the Makefile for ptest.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For cross-canadian builds, we were accidentally using
the crosssdk C compiler when building the Go compiler
bootstrap. Add a patch to the make script to let us
use BUILD_CC, and prepend do_compile to set it in
the local environment to ensure that the trailing
blank gets stripped, since that confuses Go.
[YOCTO #12341]
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
override correctly busybox's applet when CONFIG_FLASH_ERASEALL=y is set
Error: update-alternatives: not linking /builds/image/1.0-r0/rootfs/usr/
sbin/flash_eraseall to /bin/busybox.nosuid since /builds/image/1.0-r0/
rootfs/usr/sbin/flash_eraseall exists and is not a link
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove two unneeded hacks. The first hack ("setup.py: no host headers
libs" patch) is not needed because we use cross-compiler (e.g.
i586-oe-linux-gcc) which has not been configured with any host system
include or library directories, and thus, we don't get any host system
directories when running "gcc -E -v".
The second hack becomes useless after the first hack has been removed
and we get the standard include and lib directories normally from gcc.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upstream has fixed their use of aclocal.m4 vs acinclude.m4, so now we can remove
some hacks that were previously required.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This greatly reduces the amount of recipes for which upstream
version check fails: from about 30 to about 8.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
qemuppc boots are occasionally hanging on the autobuilder. This adds a
patch which fixes the issue in local testing. Its being discussed with
upstream qemu.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Rebase Makefile-ptest.patch
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Rebase debian-742262.patch for new source.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove reproducible-doc.patch which is already in the source.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
autoconf-archive is a set of common m4 macros, it should be allarch,
just like it is on other distros.
Also fix package splitting. With current package splitting,
autoconf-archive itself contains almost nothing, the m4 macros are
contained in its dev package. However, autoconf-archive should
contain those m4 marcos itself.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a patch to fix miscompilation on mips64.
We've observed strange behaviour of `systemctl status <xxx> on qemumips64.
The output of the command is like `systemctl show <xxx>', which is incorrect.
The problem is due to the miscompilation of gcc for mips64 platform, thus
backporting patch from upstream to fix this problem.
[YOCTO #12266]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This reverts commit b656fd9267b1f36d46ca20a1c0bcfaedbf7df438.
|
|
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82445
Fixes [YOCTO 12297]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
As there are no alternative providers for virtual/db, just depend directly on
db.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Valadoc has been merged into the main vala tree, so
add necessary patches to disable it.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
So incorrect acknowledgement of it being unknown can be deleted.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
We've observed strange behaviour of `systemctl status <xxx> on qemumips64.
The output of the command is like `systemctl show <xxx>', which is incorrect.
This patch is from gcc bugzilla's attachment.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81803
The patch hasn't been merged into gcc. But it does solve the above problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove several Makefiles containing build host references.
While at it, also remove some additional files not needed for
testing.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
All CVE patches removed because these are already integrated in 2.10.1.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
We do not want to specify --sysroot when defining __cc
used on a target.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix segfaults if Tcl is built with stubs and Expect clib function is used
directly from C program.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The bsddb module is deprecated and requires an old version of Berkeley DB that
some may be unhappy with even shipping, so expose a way to disable the module.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The dbm module uses gdbm by default which is also a build dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The bsddb module was removed in Python 3 and the dbm module doesn't support
Berkeley DB as an option, so this build dependency can be removed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This upgrades CMake from 3.8.2 to 3.9.3 release. The Copyright.txt
file checksum change was due the addition of a new contributor on the
contributors list.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Both python-scons and python-scons-native need to be upgraded to latest
upstream version.
LIC_FILES_CHKSUM changed due to updated year in date, but rest of file
remain the same.
Following dependencies were added to enable appropriate package usage:
python-shell, python-pprint and python-importlib.
A patch was taken from upstream to support python2 print statements
in SConscripts. This should be included in next version.
These changes were tested in qemux86 with core-image-minimal.
Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
python3-six needs to be updated to latest stable version.
Change in LIC_FILES_CHKSUM due to updated Copyright year,
rest of file remains the same.
This update was tested in qemux86 running core-image-minimal.
Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Both python-setuptools and python3-setuptools must be updated
to latest stable release.
These changes were tested on qemu with core-image-minimal
Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
python3-numpy needs to be upgraded to latest stable version.
This change was tested on qemux86 running core-image-minimal.
Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|