diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-08-16 22:03:13 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-08-17 03:53:26 +0300 |
| commit | 0ca19ccf045e022d8a24d26afbf346ab7f2f519f (patch) | |
| tree | 2732b2bd7700fba730c034a547a2e0751696f2ce /poky/meta/classes | |
| parent | 23ca3ffa9de533fecc0fcd48fea85e365c323370 (diff) | |
| download | openbmc-0ca19ccf045e022d8a24d26afbf346ab7f2f519f.tar.xz | |
subtree updates
poky: 492205ea83..94dfcaff64:
Alejandro Hernandez Samaniego (1):
baremetal-helloworld: Enable RISC-V 32 port
Alexandre Belloni (1):
oeqa/runtime/cases: make date.DateTest.test_date more reliable
Anton Blanchard (3):
libjpeg-turbo: Handle powerpc64le without Altivec
kmod: use nonarch_base_libdir for depmod.d and modprobe.d
pixman: Handle PowerPC without Altivec
Changqing Li (1):
libconvert-asn1-perl: 0.27 -> 0.31
Chen Qi (4):
convert-overrides.py: also convert comments without a leading whitespace
meta: use new override syntax in comments
multilib.bbclass: fix new override syntax for virtclass-multilib
util-linux: add back manpages related settings
Daniel Gomez (1):
docs: fix typo in releases
Dmitry Baryshkov (1):
linux-firmware: add more Qualcomm firmware packages
Dragos-Marian Panait (1):
util-linux: fix CVE-2021-37600
Joe Slater (1):
terminal.bbclass: force bash for devshell
Jon Mason (1):
tune-cortexm*: add support for all Arm Cortex-M processors
Jose Quaresma (1):
sstate.bbclass: fix error handling when sstate mirrors is ro
Joshua Watt (2):
classes/cve-check: Move get_patches_cves to library
lib/packagedata: Fix for new overrides
Khem Raj (4):
glibc: Upgrade to 2.34 release
glibc: Remove obsolete --enable-stackguard-randomization
glibc: Drop DUMMY_LOCALE_T define patch
glibc: Add missing symlinks for libpthread and librt dev files
Michael Halstead (1):
releases: update to include 3.1.10
Michael Opdenacker (12):
manuals: mention license information in footer
manuals: further documentation for cve-check
cve-check: remove deprecated CVE_CHECK_CVE_WHITELIST
bsp-guide: overrides syntax updates
dev-manual: overrides syntax updates
kernel-dev manual: overrides syntax updates
ref-manual: overrides syntax updates
sdk-manual: overrides syntax updates
test-manual: overrides syntax updates
sdk-manual: reference obsolete reference to ADT
Manuals: replace "file name" by "filename"
dev-manual: fix grammar in post-install script explanations
Nisha Parrakat (1):
dbus_%.bbappend: stop using selinux_set_mapping
Olaf Mandel (1):
kickstart: document which options accept units
Patrick Williams (3):
pixman: re-disable iwmmxt
systemd: add zstd PACKAGECONFIG
systemd: set zstd as default PACKAGECONFIG
Paul Barker (2):
u-boot: Package extlinux.conf separately
pypi: Allow override of PyPI archive name
Quentin Schulz (3):
insane.bbclass: fix new override syntax migration
docs: fix new override syntax migration
docs: overview-manual: concepts: remove long-gone BBHASHDEPS variable
Richard Purdie (6):
test-manual: Add extra detail to YP Compatible section
migration-3.4: Add extra notes to override syntax changes
ruby: Fix DEBUG_PREFIX_MAP in LDFLAGS issue
gettext: Fix reproducibility issue with LDFLAGS
curl: Fix reproducibility issue with LDFLAGS
libtool: Fix lto option passing for reproducible builds
Ross Burton (11):
e2fsprogs: ensure small images have 256-byte inodes
wic: don't forcibly pass -T default
parted: drop unneeded ld-is-gold patch
parted: update patch status
buildtools-tarball: add testsdk task
oeqa/sdk: add some buildtools tests
bitbake: utils: add environment updating context manager
bitbake: fetch2: expose environment variable names that need to be exported
bitbake: fetch2/wget: ensure all variables are set when calling urllib
bitbake: fetch2/wget: fetch securely by default
tar: ignore node-tar CVEs
Thomas Perrot (2):
kernel-fitimage: images should not be signed with the same keys as the configurations
oeqa/selftest/fitimage: update tests to use two keys
Tim Orling (3):
python3-scons{-native}: upgrade 4.1.0 -> 4.2.0
perl: do_create_rdepends_inc override syntax
package.bbclass: FILER* override syntax
Tom Rini (2):
common-tasks: Add a summary to the end of the bbappend example
manuals: Rename the "Using .bbappend Files in Your Layer" section
Tony Battersby (2):
bitbake.conf: add DEBUG_PREFIX_MAP to TARGET_LDFLAGS
ruby: Fix reproducibility issue with LDFLAGS
Tony Tascioglu (1):
valgrind: skip broken ptests for glibc 2.34
Vyacheslav Yurkov (7):
lib/oe: add generic functions for overlayfs
overlayfs.bbclass: generate overlayfs mount units
rootfs-postcommands: add QA check for overlayfs
systemd-machine-units: add bbappend for meta-selftest
overlayfs: meta-selftest recipe
oeqa/selftest: overlayfs unit tests
MAINTAINERS: add overlayfs maintainer
Yi Zhao (3):
dbus: add PACKAGECONFIG for audit and selinux
glib-2.0: add PACKAGECONFIG for selinux
shadow: add PACKAGECONFIG for audit and selinux
hongxu (1):
sdk: fix relocate symlink failed
wangmy (1):
ell: upgrade 0.41 -> 0.42
meta-raspberrypi: c7f4c739a3..32921fc9bd:
Omer Akram (1):
linux-firmware-rpidistro: fix wifi driver loading on cm4
Otavio Salvador (1):
rpi-config: Allow setting hdmi_cvt
meta-openembedded: 3cf2475ea0..a13db91f19:
Changqing Li (1):
ndpi: fix CVE-2021-36082
Chen Qi (1):
Convert to new override syntax using latest convert-overrides.py script
Dmitry Baryshkov (1):
image_types_sparse: fix sparse image generation
Geoff Parker (1):
cifs-utils: typo fix fakse --> false
Kai Kang (2):
libdbi-perl: fix CVE-2014-10402
python3-m2crypto: fix for new overrides syntax
Khem Raj (1):
packagegroup-meta-oe: Add ttf-ipa
Leon Anavi (15):
python3-astroid: Upgrade 2.6.5 -> 2.6.6
python3-gast: Upgrade 0.5.1 -> 0.5.2
python3-greenlet: Upgrade 1.1.0 -> 1.1.1
python3-bitarray: Upgrade 2.2.3 -> 2.2.5
python3-send2trash: Upgrade 1.7.1 -> 1.8.0
python3-zeroconf: Upgrade 0.33.2 -> 0.34.3
python3-aiohue: Upgrade 2.5.1 -> 2.6.1
python3-configargparse: Upgrade 1.5.1 -> 1.5.2
python3-pycurl: Upgrade 7.43.0.6 -> 7.44.0
python3-distro: Upgrade 1.5.0 -> 1.6.0
python3-google-api-core: Upgrade 1.30.0 -> 1.31.1
python3-google-auth: Upgrade 1.32.0 -> 1.34.0
python3-google-api-python-client: Upgrade 2.12.0 -> 2.15.0
python3-huey: Upgrade 2.3.2 -> 2.4.0
python3-apply-defaults: Upgrade 0.1.4 -> 0.1.6
Martin Jansa (1):
python3-grpcio: make sure that GRPC_CFLAGS is expanded to empty
Michael Opdenacker (3):
vorbis-tools: update to 1.4.2 (latest in 1.4.x series)
bigbuckbunny-1080p: fix sample video URL
opus-tools: update to 0.2, move to meta-multimedia and fix license
Mingli Yu (3):
jemalloc: fix the race during do_install
jemalloc: add ptest support
jemalloc: improve the ptest output
Naveen Saini (1):
python3-defusedxml: extend recipe to add native support
Philippe Coval (1):
mycroft: Install more tools needed by scripts
Tony Battersby (3):
curlpp: fix QA Issue after LDFLAGS change
ldns: fix QA Issue after LDFLAGS change
tcsh: fix compile error after LDFLAGS change
Yi Zhao (5):
audit: upgrade 3.0.3 -> 3.0.4
augeas: rename PACKAGECONFIG[libselinux] to PACKAGECONFIG[selinux]
network-manager-applet: add selinux to PACKAGECONFIG if enable selinux distro feature
networkmanager: add PACKAGECONFIG for audit and selinux
augeas: add selinux to PACKAGECONFIG if enable selinux distro feature
leimaohui (1):
ttf-ipa: Added a new font.
wangmy (1):
iwd: upgrade 1.15 -> 1.16
zangrc (1):
python3-humanize: upgrade 3.10.0 -> 3.11.0
zhengruoqin (3):
python3-engineio: upgrade 4.2.0 -> 4.2.1
python3-ipython: upgrade 7.25.0 -> 7.26.0
python3-isort: upgrade 5.9.2 -> 5.9.3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7a8bd19709f465db51254ed3fcaf2486fe64dcaf
Diffstat (limited to 'poky/meta/classes')
| -rw-r--r-- | poky/meta/classes/baremetal-image.bbclass | 3 | ||||
| -rw-r--r-- | poky/meta/classes/cve-check.bbclass | 65 | ||||
| -rw-r--r-- | poky/meta/classes/insane.bbclass | 12 | ||||
| -rw-r--r-- | poky/meta/classes/kernel-fitimage.bbclass | 40 | ||||
| -rw-r--r-- | poky/meta/classes/multilib.bbclass | 4 | ||||
| -rw-r--r-- | poky/meta/classes/overlayfs.bbclass | 111 | ||||
| -rw-r--r-- | poky/meta/classes/package.bbclass | 24 | ||||
| -rw-r--r-- | poky/meta/classes/pypi.bbclass | 6 | ||||
| -rw-r--r-- | poky/meta/classes/rootfs-postcommands.bbclass | 25 | ||||
| -rw-r--r-- | poky/meta/classes/sstate.bbclass | 2 | ||||
| -rw-r--r-- | poky/meta/classes/terminal.bbclass | 5 |
11 files changed, 205 insertions, 92 deletions
diff --git a/poky/meta/classes/baremetal-image.bbclass b/poky/meta/classes/baremetal-image.bbclass index 9ec3f1460..089c44552 100644 --- a/poky/meta/classes/baremetal-image.bbclass +++ b/poky/meta/classes/baremetal-image.bbclass @@ -82,12 +82,15 @@ QB_OPT_APPEND:append = " -nographic" # RISC-V tunes set the BIOS, unset, and instruct QEMU to # ignore the BIOS and boot from -kernel QB_DEFAULT_BIOS:qemuriscv64 = "" +QB_DEFAULT_BIOS:qemuriscv32 = "" QB_OPT_APPEND:append:qemuriscv64 = " -bios none" +QB_OPT_APPEND:append:qemuriscv32 = " -bios none" # Use the medium-any code model for the RISC-V 64 bit implementation, # since medlow can only access addresses below 0x80000000 and RAM # starts at 0x80000000 on RISC-V 64 +# Keep RISC-V 32 using -mcmodel=medlow (symbols lie between -2GB:2GB) CFLAGS:append:qemuriscv64 = " -mcmodel=medany" diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 6582f9715..70d1988a7 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -94,10 +94,11 @@ python do_cve_check () { """ Check recipe for patched and unpatched CVEs """ + from oe.cve_check import get_patched_cves if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): try: - patched_cves = get_patches_cves(d) + patched_cves = get_patched_cves(d) except FileNotFoundError: bb.fatal("Failure in searching patches") whitelisted, patched, unpatched = check_cves(d, patched_cves) @@ -156,65 +157,6 @@ python cve_check_write_rootfs_manifest () { ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" do_rootfs[recrdeptask] += "${@'do_cve_check' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" -def get_patches_cves(d): - """ - Get patches that solve CVEs using the "CVE: " tag. - """ - - import re - - pn = d.getVar("PN") - cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+") - - # Matches the last "CVE-YYYY-ID" in the file name, also if written - # in lowercase. Possible to have multiple CVE IDs in a single - # file name, but only the last one will be detected from the file name. - # However, patch files contents addressing multiple CVE IDs are supported - # (cve_match regular expression) - - cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)") - - patched_cves = set() - bb.debug(2, "Looking for patches that solves CVEs for %s" % pn) - for url in src_patches(d): - patch_file = bb.fetch.decodeurl(url)[2] - - if not os.path.isfile(patch_file): - bb.error("File Not found: %s" % patch_file) - raise FileNotFoundError - - # Check patch file name for CVE ID - fname_match = cve_file_name_match.search(patch_file) - if fname_match: - cve = fname_match.group(1).upper() - patched_cves.add(cve) - bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file)) - - with open(patch_file, "r", encoding="utf-8") as f: - try: - patch_text = f.read() - except UnicodeDecodeError: - bb.debug(1, "Failed to read patch %s using UTF-8 encoding" - " trying with iso8859-1" % patch_file) - f.close() - with open(patch_file, "r", encoding="iso8859-1") as f: - patch_text = f.read() - - # Search for one or more "CVE: " lines - text_match = False - for match in cve_match.finditer(patch_text): - # Get only the CVEs without the "CVE: " tag - cves = patch_text[match.start()+5:match.end()] - for cve in cves.split(): - bb.debug(2, "Patch %s solves %s" % (patch_file, cve)) - patched_cves.add(cve) - text_match = True - - if not fname_match and not text_match: - bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file) - - return patched_cves - def check_cves(d, patched_cves): """ Connect to the NVD database and find unpatched cves. @@ -238,9 +180,6 @@ def check_cves(d, patched_cves): bb.note("Recipe has been whitelisted, skipping check") return ([], [], []) - old_cve_whitelist = d.getVar("CVE_CHECK_CVE_WHITELIST") - if old_cve_whitelist: - bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use CVE_CHECK_WHITELIST.") cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split() import sqlite3 diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass index be5ec6014..810459d43 100644 --- a/poky/meta/classes/insane.bbclass +++ b/poky/meta/classes/insane.bbclass @@ -835,11 +835,11 @@ def package_qa_check_deps(pkg, pkgdest, d): try: rvar = bb.utils.explode_dep_versions2(localdata.getVar(var) or "") except ValueError as e: - bb.fatal("%s_%s: %s" % (var, pkg, e)) + bb.fatal("%s:%s: %s" % (var, pkg, e)) for dep in rvar: for v in rvar[dep]: if v and not v.startswith(('< ', '= ', '> ', '<= ', '>=')): - error_msg = "%s_%s is invalid: %s (%s) only comparisons <, =, >, <=, and >= are allowed" % (var, pkg, dep, v) + error_msg = "%s:%s is invalid: %s (%s) only comparisons <, =, >, <=, and >= are allowed" % (var, pkg, dep, v) package_qa_handle_error("dep-cmp", error_msg, d) check_valid_deps('RDEPENDS') @@ -888,7 +888,7 @@ def package_qa_check_expanded_d(package, d, messages): expanded_d = d.getVar('D') for var in 'FILES','pkg_preinst', 'pkg_postinst', 'pkg_prerm', 'pkg_postrm': - bbvar = d.getVar(var + "_" + package) or "" + bbvar = d.getVar(var + ":" + package) or "" if expanded_d in bbvar: if var == 'FILES': package_qa_add_message(messages, "expanded-d", "FILES in %s recipe should not contain the ${D} variable as it references the local build directory not the target filesystem, best solution is to remove the ${D} reference" % package) @@ -1325,10 +1325,10 @@ python () { if prog.search(pn): package_qa_handle_error("uppercase-pn", 'PN: %s is upper case, this can result in unexpected behavior.' % pn, d) - # Some people mistakenly use DEPENDS_${PN} instead of DEPENDS and wonder + # Some people mistakenly use DEPENDS:${PN} instead of DEPENDS and wonder # why it doesn't work. - if (d.getVar(d.expand('DEPENDS_${PN}'))): - package_qa_handle_error("pkgvarcheck", "recipe uses DEPENDS_${PN}, should use DEPENDS", d) + if (d.getVar(d.expand('DEPENDS:${PN}'))): + package_qa_handle_error("pkgvarcheck", "recipe uses DEPENDS:${PN}, should use DEPENDS", d) issues = [] if (d.getVar('PACKAGES') or "").split(): diff --git a/poky/meta/classes/kernel-fitimage.bbclass b/poky/meta/classes/kernel-fitimage.bbclass index a9d100220..2ef8f06b1 100644 --- a/poky/meta/classes/kernel-fitimage.bbclass +++ b/poky/meta/classes/kernel-fitimage.bbclass @@ -60,6 +60,14 @@ FIT_DESC ?= "Kernel fitImage for ${DISTRO_NAME}/${PV}/${MACHINE}" # Sign individual images as well FIT_SIGN_INDIVIDUAL ?= "0" +# Keys used to sign individually image nodes. +# The keys to sign image nodes must be different from those used to sign +# configuration nodes, otherwise the "required" property, from +# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails on "image". +# Then the images signature checking will not be mandatory and no error will be +# raised in case of failure. +# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg. "dev2.crt", "dev2.key") + # # Emit the fitImage ITS header # @@ -121,7 +129,7 @@ fitimage_emit_section_kernel() { kernel_csum="${FIT_HASH_ALG}" kernel_sign_algo="${FIT_SIGN_ALG}" - kernel_sign_keyname="${UBOOT_SIGN_KEYNAME}" + kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" ENTRYPOINT="${UBOOT_ENTRYPOINT}" if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then @@ -167,7 +175,7 @@ fitimage_emit_section_dtb() { dtb_csum="${FIT_HASH_ALG}" dtb_sign_algo="${FIT_SIGN_ALG}" - dtb_sign_keyname="${UBOOT_SIGN_KEYNAME}" + dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" dtb_loadline="" dtb_ext=${DTB##*.} @@ -214,7 +222,7 @@ fitimage_emit_section_boot_script() { bootscr_csum="${FIT_HASH_ALG}" bootscr_sign_algo="${FIT_SIGN_ALG}" - bootscr_sign_keyname="${UBOOT_SIGN_KEYNAME}" + bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" cat << EOF >> ${1} bootscr-${2} { @@ -278,7 +286,7 @@ fitimage_emit_section_ramdisk() { ramdisk_csum="${FIT_HASH_ALG}" ramdisk_sign_algo="${FIT_SIGN_ALG}" - ramdisk_sign_keyname="${UBOOT_SIGN_KEYNAME}" + ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" ramdisk_loadline="" ramdisk_entryline="" @@ -475,6 +483,10 @@ fitimage_assemble() { bootscr_id="" rm -f ${1} arch/${ARCH}/boot/${2} + if [ ! -z "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then + bbfatal "Keys used to sign images and configuration nodes must be different." + fi + fitimage_emit_fit_header ${1} # @@ -674,7 +686,7 @@ do_kernel_generate_rsa_keys() { if [ "${UBOOT_SIGN_ENABLE}" = "1" ] && [ "${FIT_GENERATE_KEYS}" = "1" ]; then - # Generate keys only if they don't already exist + # Generate keys to sign configuration nodes, only if they don't already exist if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key ] || \ [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt ]; then @@ -691,6 +703,24 @@ do_kernel_generate_rsa_keys() { -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".key \ -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_KEYNAME}".crt fi + + # Generate keys to sign image nodes, only if they don't already exist + if [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key ] || \ + [ ! -f "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt ]; then + + # make directory if it does not already exist + mkdir -p "${UBOOT_SIGN_KEYDIR}" + + echo "Generating RSA private key for signing fitImage" + openssl genrsa ${FIT_KEY_GENRSA_ARGS} -out \ + "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ + "${FIT_SIGN_NUMBITS}" + + echo "Generating certificate for signing fitImage" + openssl req ${FIT_KEY_REQ_ARGS} "${FIT_KEY_SIGN_PKCS}" \ + -key "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".key \ + -out "${UBOOT_SIGN_KEYDIR}/${UBOOT_SIGN_IMG_KEYNAME}".crt + fi fi } diff --git a/poky/meta/classes/multilib.bbclass b/poky/meta/classes/multilib.bbclass index c3be89767..3cbda5d80 100644 --- a/poky/meta/classes/multilib.bbclass +++ b/poky/meta/classes/multilib.bbclass @@ -35,7 +35,7 @@ python multilib_virtclass_handler () { e.data.setVar('SDKTARGETSYSROOT', e.data.getVar('SDKTARGETSYSROOT')) override = ":virtclass-multilib-" + variant e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override) - target_vendor = e.data.getVar("TARGET_VENDOR_" + "virtclass-multilib-" + variant, False) + target_vendor = e.data.getVar("TARGET_VENDOR:" + "virtclass-multilib-" + variant, False) if target_vendor: e.data.setVar("TARGET_VENDOR", target_vendor) return @@ -82,7 +82,7 @@ python multilib_virtclass_handler () { e.data.setVar("WHITELIST_GPL-3.0", pkgs) # DEFAULTTUNE can change TARGET_ARCH override so expand this now before update_data - newtune = e.data.getVar("DEFAULTTUNE_" + "virtclass-multilib-" + variant, False) + newtune = e.data.getVar("DEFAULTTUNE:" + "virtclass-multilib-" + variant, False) if newtune: e.data.setVar("DEFAULTTUNE", newtune) } diff --git a/poky/meta/classes/overlayfs.bbclass b/poky/meta/classes/overlayfs.bbclass new file mode 100644 index 000000000..8d9b59c9b --- /dev/null +++ b/poky/meta/classes/overlayfs.bbclass @@ -0,0 +1,111 @@ +# Class for generation of overlayfs mount units +# +# It's often desired in Embedded System design to have a read-only rootfs. +# But a lot of different applications might want to have a read-write access to +# some parts of a filesystem. It can be especially useful when your update mechanism +# overwrites the whole rootfs, but you want your application data to be preserved +# between updates. This class provides a way to achieve that by means +# of overlayfs and at the same time keeping the base rootfs read-only. +# +# Usage example. +# +# Set a mount point for a partition overlayfs is going to use as upper layer +# in your machine configuration. Underlying file system can be anything that +# is supported by overlayfs. This has to be done in your machine configuration. +# QA check fails to catch file existence if you redefine this variable in your recipe! +# +# OVERLAYFS_MOUNT_POINT[data] ?= "/data" +# +# The class assumes you have a data.mount systemd unit defined in your +# systemd-machine-units recipe and installed to the image. +# +# Then you can specify writable directories on a recipe base +# +# OVERLAYFS_WRITABLE_PATHS[data] = "/usr/share/my-custom-application" +# +# To support several mount points you can use a different variable flag. Assume we +# want to have a writable location on the file system, but not interested where the data +# survive a reboot. Then we could have a mnt-overlay.mount unit for a tmpfs file system: +# +# OVERLAYFS_MOUNT_POINT[mnt-overlay] = "/mnt/overlay" +# OVERLAYFS_WRITABLE_PATHS[mnt-overlay] = "/usr/share/another-application" +# +# Note: the class does not support /etc directory itself, because systemd depends on it + +REQUIRED_DISTRO_FEATURES += "systemd overlayfs" + +inherit systemd features_check + +python do_create_overlayfs_units() { + CreateDirsUnitTemplate = """[Unit] +Description=Overlayfs directories setup +Requires={DATA_MOUNT_UNIT} +After={DATA_MOUNT_UNIT} +DefaultDependencies=no + +[Service] +Type=oneshot +ExecStart=mkdir -p {DATA_MOUNT_POINT}/workdir{LOWERDIR} && mkdir -p {DATA_MOUNT_POINT}/upper{LOWERDIR} +RemainAfterExit=true +StandardOutput=journal + +[Install] +WantedBy=multi-user.target +""" + MountUnitTemplate = """[Unit] +Description=Overlayfs mount unit +Requires={CREATE_DIRS_SERVICE} +After={CREATE_DIRS_SERVICE} + +[Mount] +What=overlay +Where={LOWERDIR} +Type=overlay +Options=lowerdir={LOWERDIR},upperdir={DATA_MOUNT_POINT}/upper{LOWERDIR},workdir={DATA_MOUNT_POINT}/workdir{LOWERDIR} + +[Install] +WantedBy=multi-user.target +""" + + def prepareUnits(data, lower): + from oe.overlayfs import mountUnitName, helperUnitName + + args = { + 'DATA_MOUNT_POINT': data, + 'DATA_MOUNT_UNIT': mountUnitName(data), + 'CREATE_DIRS_SERVICE': helperUnitName(lower), + 'LOWERDIR': lower, + } + + with open(os.path.join(d.getVar('WORKDIR'), mountUnitName(lower)), 'w') as f: + f.write(MountUnitTemplate.format(**args)) + + with open(os.path.join(d.getVar('WORKDIR'), helperUnitName(lower)), 'w') as f: + f.write(CreateDirsUnitTemplate.format(**args)) + + overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT") + for mountPoint in overlayMountPoints: + for lower in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split(): + prepareUnits(d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint), lower) +} + +# we need to generate file names early during parsing stage +python () { + from oe.overlayfs import strForBash, unitFileList + + unitList = unitFileList(d) + for unit in unitList: + d.appendVar('SYSTEMD_SERVICE:' + d.getVar('PN'), ' ' + unit); + d.appendVar('FILES:' + d.getVar('PN'), ' ' + strForBash(unit)) + + d.setVar('OVERLAYFS_UNIT_LIST', ' '.join([strForBash(s) for s in unitList])) +} + +do_install:append() { + install -d ${D}${systemd_system_unitdir} + for unit in ${OVERLAYFS_UNIT_LIST}; do + install -m 0444 ${WORKDIR}/${unit} ${D}${systemd_system_unitdir} + done +} + +addtask create_overlayfs_units before do_install diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass index a659a1ef5..a9138ff6b 100644 --- a/poky/meta/classes/package.bbclass +++ b/poky/meta/classes/package.bbclass @@ -1663,12 +1663,12 @@ fi val = write_if_exists(sf, pkg, var) write_if_exists(sf, pkg, 'FILERPROVIDESFLIST') - for dfile in (d.getVar('FILERPROVIDESFLIST_' + pkg) or "").split(): - write_if_exists(sf, pkg, 'FILERPROVIDES_' + dfile) + for dfile in (d.getVar('FILERPROVIDESFLIST:' + pkg) or "").split(): + write_if_exists(sf, pkg, 'FILERPROVIDES:' + dfile) write_if_exists(sf, pkg, 'FILERDEPENDSFLIST') - for dfile in (d.getVar('FILERDEPENDSFLIST_' + pkg) or "").split(): - write_if_exists(sf, pkg, 'FILERDEPENDS_' + dfile) + for dfile in (d.getVar('FILERDEPENDSFLIST:' + pkg) or "").split(): + write_if_exists(sf, pkg, 'FILERDEPENDS:' + dfile) sf.write('%s_%s: %d\n' % ('PKGSIZE', pkg, total_size)) @@ -1714,11 +1714,11 @@ RPMDEPS = "${STAGING_LIBDIR_NATIVE}/rpm/rpmdeps --alldeps --define '__font_provi # Collect perfile run-time dependency metadata # Output: -# FILERPROVIDESFLIST_pkg - list of all files w/ deps -# FILERPROVIDES_filepath_pkg - per file dep +# FILERPROVIDESFLIST:pkg - list of all files w/ deps +# FILERPROVIDES:filepath:pkg - per file dep # -# FILERDEPENDSFLIST_pkg - list of all files w/ deps -# FILERDEPENDS_filepath_pkg - per file dep +# FILERDEPENDSFLIST:pkg - list of all files w/ deps +# FILERDEPENDS:filepath:pkg - per file dep python package_do_filedeps() { if d.getVar('SKIP_FILEDEPS') == '1': @@ -1755,18 +1755,18 @@ python package_do_filedeps() { for file in sorted(provides): provides_files[pkg].append(file) - key = "FILERPROVIDES_" + file + "_" + pkg + key = "FILERPROVIDES:" + file + ":" + pkg d.appendVar(key, " " + " ".join(provides[file])) for file in sorted(requires): requires_files[pkg].append(file) - key = "FILERDEPENDS_" + file + "_" + pkg + key = "FILERDEPENDS:" + file + ":" + pkg d.appendVar(key, " " + " ".join(requires[file])) for pkg in requires_files: - d.setVar("FILERDEPENDSFLIST_" + pkg, " ".join(requires_files[pkg])) + d.setVar("FILERDEPENDSFLIST:" + pkg, " ".join(requires_files[pkg])) for pkg in provides_files: - d.setVar("FILERPROVIDESFLIST_" + pkg, " ".join(provides_files[pkg])) + d.setVar("FILERPROVIDESFLIST:" + pkg, " ".join(provides_files[pkg])) } SHLIBSDIRS = "${WORKDIR_PKGDATA}/${MLPREFIX}shlibs2" diff --git a/poky/meta/classes/pypi.bbclass b/poky/meta/classes/pypi.bbclass index 272c220bc..9405d5860 100644 --- a/poky/meta/classes/pypi.bbclass +++ b/poky/meta/classes/pypi.bbclass @@ -8,12 +8,12 @@ def pypi_package(d): PYPI_PACKAGE ?= "${@pypi_package(d)}" PYPI_PACKAGE_EXT ?= "tar.gz" +PYPI_ARCHIVE_NAME ?= "${PYPI_PACKAGE}-${PV}.${PYPI_PACKAGE_EXT}" def pypi_src_uri(d): package = d.getVar('PYPI_PACKAGE') - package_ext = d.getVar('PYPI_PACKAGE_EXT') - pv = d.getVar('PV') - return 'https://files.pythonhosted.org/packages/source/%s/%s/%s-%s.%s' % (package[0], package, package, pv, package_ext) + archive_name = d.getVar('PYPI_ARCHIVE_NAME') + return 'https://files.pythonhosted.org/packages/source/%s/%s/%s' % (package[0], package, archive_name) PYPI_SRC_URI ?= "${@pypi_src_uri(d)}" diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass index fbfa63fcb..c5746eba1 100644 --- a/poky/meta/classes/rootfs-postcommands.bbclass +++ b/poky/meta/classes/rootfs-postcommands.bbclass @@ -39,6 +39,8 @@ ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES", "systemd" ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;' +ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("DISTRO_FEATURES", "overlayfs", "overlayfs_qa_check;", "", d)}' + inherit image-artifact-names # Sort the user and group entries in /etc by ID in order to make the content @@ -373,3 +375,26 @@ rootfs_reproducible () { fi fi } + +python overlayfs_qa_check() { + from oe.overlayfs import mountUnitName + + # this is a dumb check for unit existence, not its validity + overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT") + imagepath = d.getVar("IMAGE_ROOTFS") + searchpaths = [oe.path.join(imagepath, d.getVar("sysconfdir"), "systemd", "system"), + oe.path.join(imagepath, d.getVar("systemd_system_unitdir"))] + + allUnitExist = True; + for mountPoint in overlayMountPoints: + path = d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint) + unit = mountUnitName(path) + + if not any(os.path.isfile(oe.path.join(dirpath, unit)) + for dirpath in searchpaths): + bb.warn('Unit name %s not found in systemd unit directories' % unit) + allUnitExist = False; + + if not allUnitExist: + bb.fatal('Not all mount units are installed by the BSP') +} diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index 554e401ee..2175ace4c 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -705,6 +705,7 @@ def sstate_package(ss, d): pass except OSError as e: # Handle read-only file systems gracefully + import errno if e.errno != errno.EROFS: raise e @@ -1152,6 +1153,7 @@ python sstate_eventhandler() { pass except OSError as e: # Handle read-only file systems gracefully + import errno if e.errno != errno.EROFS: raise e diff --git a/poky/meta/classes/terminal.bbclass b/poky/meta/classes/terminal.bbclass index 6059ae95e..a564ee749 100644 --- a/poky/meta/classes/terminal.bbclass +++ b/poky/meta/classes/terminal.bbclass @@ -26,6 +26,9 @@ def emit_terminal_func(command, envdata, d): bb.utils.mkdirhier(os.path.dirname(runfile)) with open(runfile, 'w') as script: + # Override the shell shell_trap_code specifies. + # If our shell is bash, we might well face silent death. + script.write("#!/bin/bash\n") script.write(bb.build.shell_trap_code()) bb.data.emit_func(cmd_func, script, envdata) script.write(cmd_func) @@ -37,7 +40,7 @@ def emit_terminal_func(command, envdata, d): def oe_terminal(command, title, d): import oe.data import oe.terminal - + envdata = bb.data.init() for v in os.environ: |