Age | Commit message (Collapse) | Author |
|
Fixes some security vulnerabilities such as CVE-2021-3421 and
CVE-2021-20271.
Rebase 0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
to avoid fuzz warnings.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit 25fe972c4aa6ea640b1cdcd1624108f70e539586)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Having all the rpm build related tools in the main package requires
adding runtime dependencies on perl and python3-core, so adding
rpm to a target image can pull quite many unneeded packages to satisfy
the dependencies.
This splits all the build related tools into rpm-build and moves the
bash, perl and python3-core runtime dependencies to that package.
Also, the rpmsign tool is split into rpm-sign and rpm2archive (only
built if archive is in PACKAGECONFIG) into rpm-archive. These are
separate packages since they are not really related to building, so
do not belong in rpm-build, but are not necessarily wanted in
target images when rpm is included.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RPM 4.16 uses libgcrypt by default[1], so change our build to follow.
[1] https://github.com/rpm-software-management/rpm/commit/5c0801a1a3cba56d5c7e379323242e26f33f0729
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Ignoring configure fragments when error.h does not exist on system
leaves eflutils half configured, which is seen when gold linker is
enabled because librpm does not have proper dependencies added,
therefore add error.h for non-glibc case and include it when glibc is
not used.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upstream has switched from libmagic to elfutils to determine
file 'colors', and so this adapts the existing patch accordingly.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop backports.
Drop 0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch as
enabling compression support in libmagic finally allows us to use
parallel file classification.
Add a backported patch that fixes musl builds.
License-Update: formatting
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RPM ships a systemd inhibit plugin, that will tell systemd to inhibit a
reboot or sleep during a package upgrades.
For native RPM this is entirely useless, and for target it's only useful
if you're using systemd+logind+rpm.
This plugin uses DBus which means it depends on expat -> cmake-native ->
libarchive-native curl-native, which is quite a dependency tree to need
in early build (required to build packages via rpm-native).
It was previously forcibly disabled for native packages but the build
dependency on DBus remained. Add a PACKAGECONFIG for the plugin that is
only enabled for target builds with systemd and explicitly disabled for
native/nativesdk builds, but also keep the explicit disabling of all
plugins as the prioreset plugin also behaves badly inside a build.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libarchive is only needed for the rpm2archive tool, as this is of
limited use and libarchive is a non-trivial build dependency make this
optional and disabled by default.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
While installing/extracting SDK to a non-default dir(not /opt),
run rpm failed:
$ python3 -c "import rpm"
|error: Unable to open /opt/windriver/wrlinux-graphics/20.31/sysroots/
x86_64-wrlinuxsdk-linux/usr/lib/rpm/rpmrc for reading: No such file or
directory.
This patch adds a flexible way to configure RPM_CONFIGDIR in SDK.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For now, the nativesdk-rpm's %_var in /usr/lib/rpm/macros is
'/var'. This is causing error when running `rpm -qplv A.rpm'.
error: cannot open Packages index using db5 - Permission denied (13)
error: cannot open Packages database in /var/lib/rpm
The rpm in SDK should be using its own database. So we should remove
this configure option, letting the SDK's native sysroot prefix to be
there in %_var. In fact, '%_usr' in macros has already got the prefix.
After this change, we have in the macros file lines like below.
"""
%_usr /opt/windriver/wrlinux/20.29/sysroots/x86_64-wrlinuxsdk-linux/usr
%_usrsrc %{_usr}/src
%_var /opt/windriver/wrlinux/20.29/sysroots/x86_64-wrlinuxsdk-linux/var
"""
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since commits [Place file signatures into the signature header where they
belong][1] applied, run `rpm -Kv **.rpm' failed if signature header
is larger than 64KB. Here are steps:
1) A unsigned rpm package, the size is 227560 bytes
$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
-rw-------. 1 mockbuild 1000 227560 Jun 3 09:59
2) Sign the rpm package
$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm
3) The size of signed rpm is 312208 bytes
$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
-rw-------. 1 mockbuild 1000 312208 Jun 3 09:48
4) Run `rpm -Kv' failed with signature hdr data out of range
$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm
xz-src-5.2.5-r0.corei7_64.rpm:
error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of
bytes(88864) out of range
>From 1) and 3), the size of signed rpm package increased
312208 - 227560 = 84648, so the check of dl_max (64KB,65536)
is not enough.
As [1] said:
This also means the signature header can be MUCH bigger than ever
before,so bump up the limit (to 64MB, arbitrary something for now)
So [1] missed to multiply by 1024.
[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The following error occurred when prefer_color set to 2:
Error: Transaction check error:
file /sbin/ldconfig conflicts between attempted installs of
ldconfig-2.31+git0+71f2b249a2-r0.mips64_n32 and
lib32-ldconfig-2.31+git0+71f2b249a2-r0.mips32r2
file /usr/bin/gencat conflicts between attempted installs of
lib32-libc6-utils-2.31+git0+71f2b249a2-r0.mips32r2
...
This was because:
transactions_color = 001 (ELF32) & 010 (ELF64) & 100 (ELF32 N32 MIPS64)
FColor = Current file color (001) & transaction_color (111)
oFcolor = Previous file color (100) & transaction_color (111)
when "neither preferred" happened, handled as conflicts. this is too
restrictive for three way conflicts(mips64/mips64 n32/mips(32)).
Fixed by perform a 'last-in-wins' resolution when "neither is preferred".
refer:
https://github.com/rpm-software-management/rpm/issues/193
https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/rpm?id=36c225704daa58b98a4b7f2ef315eb944d8628b5
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop patches that were merged upstream.
0001-mono-find-provides-requires-do-not-use-monodis-from-.patch
modifies a file that was removed upstream.
Add a 0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch
as unfortunately the new parallel file classification feature from
upstream trips over somewhere in libmagic when inspected files are
compressed:
https://github.com/rpm-software-management/rpm/issues/756
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nss is a problematic library in many ways, but openssl
seems to work just fine.
rpm was the only user of nss in oe-core, which opens
the possibility of moving it out.
Add a backported patch to enable builds with latest openssl.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is perhaps not the most elegant patch but it be dropped
once rpm is updated to the soon-to-be-released version 4.15
where upstream has removed mono dependency resolution altogether.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A couple have still been missed in the past despite multiple
attempts at doing so (or simply have re-appeared?).
Search & replace made using the following command:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \
-i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \
| cut -d':' -f1 \
| sort -u)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously there was lots of irrelevant noise in the logs,
because we also wanted to be able to debug postinst issues
easily. I have adjusted the logging levels so that
postinst info is still written to the logs, but other
things are not.
[YOCTO #13119]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the situation where the task do_package_write_rpm ends up in
"liblzma: memory allocation failed". This happens if the host
environment has set a limit on virtual_memory for the user with
'ulimit -v' for packages with a lot of binary packages, e.g. glibc-locale.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Drop --disable-dbus option and patch: --disable-plugins is sufficient.
Drop upstreamed patches.
Drop a chunk of 0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch, as upstream fixed the issue.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RPM writes each package scriptlet (post-/preinstall) to
/var/tmp/rpm-tmp.XXXXXX --- a lot of files potentially gets created.
When debugging is enabled, these temporary scriptlet files aren't
cleaned up at all and after a while this results in the filesystem
resources are eaten up (like running out of available inodes).
Normally, the temporary files would have been written to the tmp
directory of the target sysroot (which we can easily clean up), but in
this tree, you can't necessarily run the scriptlets.
Fixes [YOCTO #12792]
Signed-off-by: Olof Johansson <olofjn@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Recent patches were applied which removed a function which set the xx
variable. This means xx can be uninitalised and prerm functions can fail.
This adjusts the patch to ensure the xx value isn't used in such a way.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the maximum number of open file descriptors is much greater than the
usual 1024 (for example inside a Docker container), the performance
drops significantly.
This was reported upstream in:
https://bugzilla.redhat.com/show_bug.cgi?id=1537564
which resulted in:
https://github.com/rpm-software-management/rpm/pull/444
The pull request above has now been integrated and this commit contains
a backport of its three patches, which together change the behavior of
rpm so that its performance is now independent of the maximum number of
open file descriptors.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit 6f1822e5f1eaafd8bc46e999de730c1fcca77f3a.
This patch only solved a part of the problem.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When installing the SDK to a non-default path, running "rpm --showrc" from the
sdk will produce the following error:
error: Unable to open /opt/windriver/wrlinux-small/10.17.41/sysroots/x86_64-wrlinuxsdk-linux/usr/lib/rpm/rpmrc for reading: No such file or directory.
Fix this by adding wrappers that dynamically export the RPM_CONFIGDIR,
RPM_ETCCONFIGDIR and MAGIC environment variables, pointing to the proper
sdk locations.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move the recipe specific over-ride for ASNEEDED into the recipe to
make it more apparent that the over-ride is being applied (and that
it should be re-checked on version updates, etc).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add option for dbus in configure.ac, and explicitly build without dbus
for rpm-native.
Previously, the rpm recipe tries to prevent rpm-native from attempting
to inhibit shutdown via session dbus by appending '--disable-plugins'
to EXTRA_OECONF in case of native.
However, some layer may need some functionality via plugin support. And
when it enables it, we would meet the following warning at rootfs time.
Unable to get systemd shutdown inhibition lock: Socket name too long
As plugins/systemd_inhibit.c is the only place that's related to this
dependency, we can be sure that dbus is really not needed for rpm-native.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Drop two upstreamed patches.
License-Update: grammar fixes
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport upstream configure fix for hosts that have multiple users with UID
0 or groups with GID 0.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously oe-core had a development snapshot of rpm, it's better to update
to something more stable.
Removed patches:
0001-Add-PYTHON_ABI-when-searching-for-python-libraries.patch
(upstream is using pkg-config)
0001-When-nice-value-cannot-be-reset-issue-a-notice-inste.patch
(functionality has been moved to a plugin, we disable plugins
for rpm-native)
0012-Use-conditional-to-access-_docdir-in-macros.in.patch
(merged upstream)
Changed patches:
0001-Fix-build-with-musl-C-library.patch
(one previous musl issue has been resolved upstream; another has been added)
Rest of the patches are trivial rebases.
Update the signing oe-selftest so that the reference output matches
the upstream changes.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We do not want to specify --sysroot when defining __cc
used on a target.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When rpmdeps files a perl script, it attempts to determine what it provides
and what it requires. Often the requires are incorrect, within the context
of Wind River Linux. This results in an error that DNF is unable to install
a package due to one or more unresolved dependencies.
In RPM5 we had disabled this behavior, the alternative is to require that all
perl scripts be 'complete', in that they only require things they absolutely
need and that OE provides. If we ever enforce that, this commit can be
reverted. Until they fall back to prior behavior (which also matches ipkg
and deb style packages.)
(From OE-Core rev: 99376f602c997fec96dbb28ddbe3fa5f68fde2c3)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also modify a Python script (pythondistdeps.py) to use Python 3.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
... instead of a global exception list which was problematic.
[YOCTO #11896]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RPM file signing is enabled with --with-imaevm during configuration.
If enabled, the RPM signing tool rpmsign will call libimaevm.so provided
by the recipe ima-evm-utils.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This fixes a following error:
| recipe-sysroot-native/usr/lib/rpm/debugedit: error while loading shared libraries: \
| libbz2.so.1: cannot open shared object file: No such file or directory
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This greatly reduces build times when there is a large amount of small
rpm packages to produce. The patches are rather invasive,
and so will be submitted upstream.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This will send the output from rpmfcPrint() to stdout. This is an
alternative to using the --rpmfcdebug option, which will send the same
output to stderr. The two options have totally different use cases
though. While --alldeps is used when the output from rpmfcPrint() is
what is wanted, --rpmfcdebug can be used together with the other
output options, e.g., --requires, without affecting their output.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This avoids the following warning:
warning: Ignoring invalid regex %{_docdir}
when runing `rpmdeps -R <file>`, since %{_docdir} is only defined when
parsing a spec file.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is nothing that requires, e.g., a DSO to be executable, but it
is still an ELF binary and should be identified as such.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rather than trying to call rpmdeps with the correct arguments to work
with the sysroot as was done in package.bbclass, create a wrapper for
it like all the other native tools already had.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use a loop rather than calling create_wrapper for each individual
tool.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently the file encodes full paths to various host tools in the
HOSTTOOLS directory which is bad in native and target cases. We can
simply use the versions from PATH quite safely in OE.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These tools are not currently used for anything, but we should
still provide working versions of them.
[YOCTO #11400]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
[YOCTO #11180]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|