| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Yocto now installs a file 80-wired.network[1] which contains the
same information as the 'default.network' except that it also
enables IPv6 dhcp. Remove the 'default.network' in our bbappend
since it is redundant.
Any configuration created by phosphor-networkd is created as
00-bmc-*.network, which will take precedence lexigraphically over
this 80-wired.network default.
1. https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-core/systemd/systemd-conf_244.3.bb?h=dunfell#n20
(From meta-phosphor rev: 8666e2b0746f8b180e90c252c7688daf9d7c0b89)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iecaeb8ad74e8c1dfe4e9832ca18c1b3193c507f0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Break each PACKAGECONFIG variable into their own line and sort to
allow easier comparison with meta-poky's systemd_%.bb files.
(From meta-phosphor rev: eb292b9c5564ee8d133037364fc1e91dfcb82ce0)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I98d515d8ea32efa69dec06ff105dec3cf82aa2ac
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Upstream systemd made the inclusion of the tmpfiles.d/legacy.conf a
feature that is only provided if the sysvinit PACKAGE is set. By default
systemd upstream sets this but OpenBMC overrides that in this file.
The legacy.conf provides among other things, a creation of the
/run/lock directory.
Applications like fw_printenv and fw_setenv rely on the /run/lock
directory being present.
opened systemd/systemd#15668 to see if there could be a more efficient
way of getting /run/lock. Tying it to sysvinit and having it in a file
called legacy.conf just doesn't make a lot of sense to me.
Tested: Verified /run/lock is now present in QEMU boot and that
fw_printenv worked.
(From meta-phosphor rev: 561141712e568d555de414363b1115f37fe2cfce)
Change-Id: I32b3560b30a2743638bfe1402ba3c72203b4ab0b
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
- fallbackDNS is a space-separated list of IPv4 and IPv6
addresses to use as the fallback DNS servers. Any per-link
DNS servers obtained from systemd-networkd.service take
precedence over this setting, as do any servers set via
DNS= above or /etc/resolv.conf.
- This setting is hence only used if no other DNS server
information is known. If this option is not given, a
compiled-in list of DNS servers is used instead.
- The default compiled list of DNS for systemd-resolved are
['1.1.1.1', '8.8.8.8', '1.0.0.1', '8.8.4.4',
'2606:4700:4700::1111','2001:4860:4860::8888',
'2606:4700:4700::1001', '2001:4860:4860::8844']
which are google DNS servers.
- The problem with this is that, when there is no DNS configuration
on BMC(or the customer removes it),resovld would still used the
precompiled compiled list of google DNS for quires without the
user knowledge(security issue)
- This commit would override the fallbackDNS to NULL
(From meta-phosphor rev: 7ce78b26c90ada8c203e17d76de8f481f1a9cf5d)
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ib743887a3155d48e5dbe4735bfed0ad548d6a610
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
(From meta-phosphor rev: 7aba8156394c5608565e549a1b9de3e9a91b5ff1)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I471c25139f9fef8c976613a9f8c25d7617c1aa8c
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
The OpenBMC target and service systemd files have been moved to
phosphor-state-manager. This commit will move to those changes and
delete the files from meta-phosphor.
Bump Details:
phosphor-state-manager: srcrev bump 4640d48e99..c101157e5b
Andrew Geissler (3):
move state manager service files into its repo
ensure reboot service runs after host stopped
move openbmc targets into this repo
Tested:
- Verified data files and services were all in expected location within
witherspoon QEMU run
- Verified openbmc systemd target were all in expected location within
witherspoon QEMU run
- HW CI will verify targets are still working as expected
(From meta-phosphor rev: 77cfb0f54a23c3efeba26100110e54055accd16d)
Change-Id: If5048f63d07ce45b4bc1f2303d1e87275324a818
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
This has been disabled for a variety of reasons in the past but using
core dumps to debug software failures is an industry norm and therefore
is something openbmc needs to be able to do.
If different companies or meta layers decide they would prefer to leave
this disabled then leave it to be done within their appropriate meta
layer.
Tested:
Generated a core dump, verified it was captured by
phosphor-debug-collector, and that the core could be debugged within an
SDK
(From meta-phosphor rev: 52cd6b9dc4a6c90a7f1531fc9af1f5b4258f8e67)
Change-Id: I18b4af6be584e4508e3aba80903f715b0caec323
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Without kmod, the udev daemon is unable to run builtin kmod operations
for loading modules on demand. This breaks automatic loading via
modalias, meaning hotplugged USB devices won't have their modules
loaded.
(From meta-phosphor rev: 1b024a64b7a12b075556f19030a26182f2951a9c)
Change-Id: I32293fa5c206830eb3cfa84a0582db71886dd030
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Restrict SSH authentication only for priv-admin users
instead of all privileged users, for security reasons.
This avoids low level privilege user in establishing
a SSH connection
Tested:
1. Verified ssh works fine for any priv-admin user
2. Blocked for all other non-admin users.
(From meta-phosphor rev: f15b0ea6b5a35edfec285aa7e734ff34739c4898)
Change-Id: I5659eb504ed76133cd1b4ade6511d419fb239419
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
PHOSPHORBASE is only used for pointing at licenses...point at the
licenses in oe-core in meta/files/common-licenses instead. to match the
defacto convention used in other oe layers like meta-openembedded.
(From meta-phosphor rev: a1cee09419cb1467c3d2b7bf996b40089f0d06f4)
Change-Id: If136d24638a8022671988cf0a01620e7fffc545f
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
poky: 67266331b0..835f7eac06:
Adrian Bunk (9):
valgrind: Remove dependency on libx11
bluez5: Remove obsolete dependency on dbus-glib
python3-dbus: Remove obsolete dependency on dbus-glib
cups: Remove unnecessary dependency on dbus-glib
libnotify: Remove obsolete dependency on dbus-glib
unfs3: Switch to new upstream location
i2c-tools: Add alternative for i2ctransfer
meta: Remove remnants of bluez4 support
e2fsprogs: Remove patch that disabled 64bit for ext4 by default
Adrian Freihofer (1):
yocto-bsp: runqemu runs beaglebone-yocto
Adrian Ratiu (1):
opkg/package/rootfs_ipk: allow overwriting OPKGLIBDIR
Alejandro del Castillo (1):
opkg: upgrade to version 0.4.1
Alexander Kanavin (3):
rt-tests: exclude 1.4 version from upstream check as well
gtk-doc: correct the style.css permissions
mobile-broadband-provider-info: upgrade 20190116 -> 20190618
Alistair Francis (7):
mesa: Add support for the lima PACKAGECONFIG
u-boot: Update to 2019.07
packagegroup-core-sdk: Set blank sanitiser for RISC-V 32
opensbi: Update from 0.3 to 0.4
opensbi: Fix installed-vs-shipped warning
qemurunner.py: Be more verbose about problems
package_manager: Ensure the base-feed directory exists
Andrej Valek (2):
busybox: 1.30.1 -> 1.31.0
oe/copy_buildsystem: move layer into layers directory
Anuj Mittal (25):
gstreamer1.0-plugins-bad: depend on vulkan-loader now
vulkan-demos: depend on vulkan-loader
vulkan: remove
binutils: fix CVE-2019-12972 CVE-2019-9071
gnupg: upgrade 2.2.16 -> 2.2.17
libxslt: fix CVE-2019-13117 CVE-2019-13118
libva: upgrade 2.4.1 -> 2.5.0
libva-utils: upgrade 2.4.0 -> 2.5.0
nasm: fix CVE-2018-19755
python: fix CVE-2019-9740
python3: upgrade 3.7.3 -> 3.7.4
binutils: CVE-2019-9070 is same as CVE-2019-9071
qemu: fix CVE-2019-12155
bzip2: upgrade 1.0.7 -> 1.0.8
glib-2.0: upgrade 2.60.4 -> 2.60.5
vte: upgrade 0.56.1 -> 0.56.3
openssl: set CVE vendor to openssl
curl: upgrade 7.65.1 -> 7.65.2
rsync: fix CVEs for included zlib
glibc: CVE-2018-20796 is same as CVE-2019-9169
unzip: fix CVE-2019-13232
python: include CVE patches for python-native as well
gdb: fix CVE-2017-9778
iptables: upgrade 1.8.2 -> 1.8.3
piglit: fix SRC_URI
Armin Kuster (1):
timezone: update to 2019b
Bonnans, Laurent (1):
openssl: fix valgrind errors on v1.1.1c
Bruce Ashfield (5):
linux-yocto/5.0: bsp: add basic xilinx zynqmp support
linux-yocto/5.0: make scsi-debug include scsi core configs
linux-yocto: bsp/beaglebone: support qemu -machine virt
linux-yocto/4.19: update to 4.19.57 and -rt22
package: check PKG_ variables before executing ontarget postinst
CHerzig@Gauselmann.de (1):
bitbake: fetch2/clearcase: Fix class import errors
Changqing Li (5):
quilt: run-ptest remove Interactive Input
mdadm: fix systemd service start up failure
mdam: fix mdmonitor start up failure
opkg: make ptest output format align with common style
mdadm: make ptest output format align with common style
Chee Yang Lee (1):
wic: add support for kernel with initramfs bundled
Chen Qi (13):
target-sdk-provides-dummy: add libperl.so.5 64bit
devtool: warn user about multiple layer having the same base name
image.bbclass: fix systemd_preset_all
devtool.py: track to clean devtool.conf in test_create_workspace
grub-efi.bbclass: take into consideration of multilib
sysstat: use service file from source codes
xmlcatalog: hold libxml2-native dependency
oeqa/runtime/rpm: ensure no user process running before deleting user
oeqa/runtime/rpm: Move test_rpm_query_nonroot test case to RpmBasicTest
qemurunner.py: fix race condition at qemu startup
msmtp: use alternatives to manage /usr/lib/sendmail
runtime_test.py: use track_for_cleanup for temp dir
devtool: remove temp dir in upgrade
Fabio Berton (1):
mesa: Update 19.1.0 -> 19.1.1
Haiqing Bai (1):
sysstat: Use sysstat.service in source for cron with systemd
He Zhe (1):
ltp: file01: Fix in was not recognized
Hongzhi.Song (3):
ltp: fix shmctl01 failure when executed.
ltp: diotest4: Let kernel pick an address when calling mmap
ltp: getrlimit03: adjust-a-bit-of-code-to-compatiable-with mips32
Jason Wessel (5):
glibc: Fix multilibs + usrmerge builds
psmisc: Fix dependency for USE_NLS=no
glibc-locale: Fix build error with PACKAGE_NO_GCONV = "1"
glibc/glibc-locale: Fix do_stash_locale to work with usrmerge and multilibs
glibc / glibc-locale: Fix stash_locale determinism problems
Joe Slater (1):
libtool: remove host information from libtool
Jon Mason (1):
oe_syslog.py: Handle syslogd/klogd restart race
Joshua Watt (5):
python3: Fix .pyc file reproduciblility
oeqa: Test bitbake --skip-setsecene
bitbake: bitbake: Add --skip-setscene option
classes/icecc: Disable remote pre-processing by default
scripts/buildstats-diff: Add option to filter tasks
Joël Esponde (1):
package.bbclass: fix directories setuid and setgid bits
Jun Nie (1):
kernel-fitimage: uboot-sign: fix missing signature
Kai Kang (4):
rng-tools: fix rngd blocks system shutdown
openssl: fix multilib files conflict
webkitgtk: set incomptible with tune mips
defaultsetup.conf: enable select init manager
Khem Raj (10):
efibootmgr: Pass correct flags to compiler from pkg-config
mpeg2dec: Fix PIE build and avoid relocation in text section on ARM
Revert "unzip: fix CVE-2019-13232"
musl: Upgrade to 1.1.23+
mdadm: Include sys/sysmacros.h for major/minor definitions
sysvinit: Include sys/sysmacros.h for major/minor definitions on musl too
pam_systemd: Include missing.h for secure_getenv
musl-obstack: Add recipe
elfutils: Fix eu-* utils builds for musl
maintainers: Account for musl-obstack and libssp-nonshared
Li Zhou (2):
bc: dc: fix exit code of q command
iptables: Security Advisory - iptables - CVE-2019-11360
Luca Boccassi (1):
bitbake: tests/fetch.py: add missing skipIfNoNetwork tags to tests that try to git clone
Matthias Schiffer (1):
systemd: backport patch to fix sysctl warning on boot
Mike Crowe (4):
bitbake.conf: Stop exporting TARGET_ flags variables
image.bbclass: Only append to IMAGE_LINK_NAME if it was already set
rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_manifest
rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_test_data
Mikko Rapeli (3):
busybox: enable unicode support
cve-check.bbclass: initialize to_append
freetype: add --tag CC to libtool arguments
Mingli Yu (2):
go.bbclass: separate the ptest logic to go-ptest class
mdadm: fix ptest hang
Oleksandr Kravchuk (34):
mc: update to 4.8.23
encodings: update to 1.0.5
gawk: update to 5.0.1
libinput: update to 1.13.3
libxi: update to 1.7.10
libxt: update to 1.2.0
autoconf-archive: update to 2019.01.06
python3-mako: update to 1.0.12
python3-pbr: update to 5.3.1
python3-pygobject: update to 3.32.2
git: update to 2.22.0
eudev: update to 3.2.8
babeltrace: update to 1.5.7
dpkg: update to 1.19.7
apt: update to 1.2.31
libinput: update to 1.13.4
expat: update to 2.2.7
libsolf: update to 0.7.5
bison: update to 3.4.1
ruby: update to 2.5.5
quilt: update to 0.66
bzip2: update to 1.0.7
python3-mako: update to 1.0.13
ifupdown: update to 0.8.22
libdrm: update to 2.4.99
python3-pbr: update to 5.4.0
linux-firmware: bump to 20190618
iproute2: update to 5.2.0
udev-extraconf: do not mount swap partitions
python3-pbr: update to 5.4.1
xinput: update to 1.6.3
python3-scons: update to 3.1.0
python3-docutils: update to 0.15
python3-mako: update to 1.0.14
Pascal Bach (1):
cmake: 3.14.1 -> 3.14.5
Paul Eggleton (7):
libcap-ng: do not use symlink to share files with libcap-ng-python
scripts/contrib/ddimage: fix typo
scripts/contrib/ddimage: replace blacklist with mount check
scripts/contrib/ddimage: be explicit whether device doesn't exist or isn't writeable
list-packageconfig-flags: print PN instead of P
recipetool: ignore zero-length setup.py files
devtool: upgrade: fix handling of errors parsing upgraded recipe
Peter Kjellerstedt (4):
glib-2.0: Update to 2.60.4
glibc-package.inc: Do not use bitbake variable syntax for shell variables
meson.bbclass: Remove the MESON_*_ARGS variables
nativesdk-meson: Remove some unused variables
Pierre Le Magourou (10):
cve-update-db: Use std library instead of urllib3
cve-update-db: Manage proxy if needed.
cve-update-db: do_populate_cve_db depends on do_fetch
cve-update-db: Catch request.urlopen errors.
cve-check: Depends on cve-update-db-native
cve-update-db: Use NVD CPE data to populate PRODUCTS table
cve-check: Update unpatched CVE matching
cve-update-db-native: Skip recipe when cve-check class is not loaded.
cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
cve-update-db-native: Remove hash column from database.
Ricardo Ribalda Delgado (4):
nfs-mountd: Add missing dependency on systemd service
systemd: Fix interface bring-up on kernels >= 5.2
wic: Fix (again) partition files UIDs on multi rootfs images
systemd-bootconf: Mark as machine specific
Ricardo Salveti (1):
gcc-9.1: add back GLIBC_DYNAMIC_LINKER riscv changes
Richard Purdie (58):
multilib_global: Fix multilib rebuild issue
multilib_global: Fix KERNEL_VERSION expansion problems
sysklogd: Fix init script races
busybox: Improve syslog restart handling
oeqa/runtime/syslog: Improve test debug messages
oeqa/runtime/oesyslog: systemd syslog restart doesn't change pid
oeqa/runtime/syslog: Add delay to test to avoid failures
busybox: Fix typo in syslog initscript
pigz: Add debug for autobuilder errors
staging: Code cleanup
package: Build pkgdata specific to the current recipe
Revert "pigz: Add debug for autobuilder errors"
grub2: Drop unneeded code
bitbake: event: Clear ui_queue after handling it
bitbake: main: Ensure log messages are printed when no UI starts
bitbake: main: Alter EOFError handling
core-image-sato-sdk-ptest: Reduce image padding size due to bootimg 4GB limit
oeqa/bbtests: Tweak test bitbake output pattern matching
sstate: Add tweak to avoid multiple sstate stats messages
bitbake: siggen: Fix default handler
bitbake: siggen: Use unique hashes for tasks
bitbake: runqueue: Tweak buildable variable handling in scheduler
bitbake: runqueue: Drop unused BB_SETSCENE_VERIFY_FUNCTION2
bitbake: runqueue: Remove now uneeded code
bitbake: runqueue: Move scenequeue data generation to a separate function
bitbake: runqueue: Remove unused function parameter
bitbake: runqueue: Factor out the process_setscene_whitelist checks
bitbake: runqueue: Uniquely namespace the scenequeue functions
bitbake: runqueue: Merge stats handling together for setscene/real tasks
bitbake: runqueue: Merge scenequeue and real task queue code together
bitbake: runqueue: Fix counter/task updating glitch
bitbake: runqueue: Remove RunQueueExecuteScenequeue and RunQueueExecuteTasks
bitbake: runqueue: Simplify _execute_runqueue logic
bitbake: runqueue: Fold remains of the scenequeue setup into RunQueueExecute
bitbake: event/runqueue: Drop StampUpdate event, its pointless/unused
bitbake: runqueue: Add covered_tasks (or 'collated_deps') to scenequeue data
bitbake: runqueue: Simplify scenequeue unskippable calculation
bitbake: runqueue: Tweak comments and debug code
bitbake: runqueue: Code simplification
bitbake: runqueue: Remove pointless variable
bitbake: runqueue: Further scheduler buildable tasks cleanup
bitbake: runqueue: Clarify scenequeue_covered vs. tasks_covered
bitbake: runqueue: Merge the queues and execute setscene and normal tasks in parallel
bitbake: runqueue: Alter setscenewhitelist handling
bitbake: runqueue: Complete the merge of scenequeue and normal task execution
bitbake: tests: Add initial scenario based test for runqueue
bitbake: uihelper: No longer listen to scenequeue task started
bitbake: runqueue: Simplify some convoluted logic
bitbake: runqueue: Whitespace fix
bitbake: runqueue: Abstract hash verification function
bitbake: runqueue: Optimise multiconfig with overlapping setscene
bitbake: tests/runqueue: Allow common sstate tasks to become valid
bitbake: runqueue: Fix non setscene tasks targets being lost
staging: Drop clean_recipe_sysroot
poky-lsb: Drop features already in poky
poky-lsb: Drop libx11 PREFERRED_PROVIDER
distro/include: Add poky-distro-alt-test-config.inc
bitbake: siggen: Fix handling of tainted sig files
Robert Yang (13):
update-alternatives.bbclass: run update-alternatives firstly in postinst script
busybox: make postinst run firstly before update-alternatives
multilib.bbclass: Reduce ALTERNATIVE_PRIORITY for extended recipes
bitbake: bitbake: lib: Cleanup /usr/bin/env python
bitbake: bitbake: toaster:tests: python -> python3
ksum.py: python -> python3
wic: python2 -> python3
ext-sdk-prepare.py: python2 -> python3
oeqa: Cleanup /usr/bin/env python
package_rpm.bbclass: python2 -> python3
bitbake: cache: Remove duplicated lines for provides and rprovides
bitbake: cache: Set packages for skipped recipes
bitbake: cache: Create a symlink for current cachefile
Ross Burton (56):
cve-check: be idiomatic
gtk-icon-cache: rename intercept to update_gtk_icon_cache
fortran-helloworld: add a very dumb Fortran Hello World for testing
oeqa/buildoptions: check that Fortran code actually cross-compiles
buildhistory: write the contents of the sysroot
buildhistory: report sysroot changes
perl: fix Upstream-Status tags
efivar: ensure that target security flags are not used to build native code
multilib_script: fix whitespace
buildhistory_analysis: ignore ownership for sysroot diffs
insane: use clean_path for the host contamination warnings
libsndfile1: disable use of sqlite3 by default
libsndfile1: remove redundant autoconf seeding
buildhistory: don't output ownership for the sysroot
buildhistory: filter out the unexpected prefix for native/cross sysroots
alsa-utils: disable tools using GTK+2
packagegroup-core-lsb: remove GTK+
recipetool: add MD5 hash for the line-wrapped MPL-1.1 license
oeqa/recipetool: change the CMake test to use taglib
gtk+: remove GTK+ 2
gnome-themes-standard: remove
Revert "sysstat: use service file from source codes"
libpsl: update Upstream-Status
grub: build with python 3
qemu: use Python 3 to build
ninja: use Python 3
conf/poky: add debian-10 to the supported distribution list
tiff: remove redundant patch
tiff: fix CVE-2019-6128
tiff: fix CVE-2019-7663
cve-check: remove redundant readline CVE whitelisting
cve-check-tool: remove
glibc: exclude child recipes from CVE scanning
libid3tag: CVE-2017-11551 is the same as CVE-2004-2779
libid3tag: handle unknown encodings (CVE-2017-11550)
subversion: set CVE vendor to Apache
boost: set CVE vendor to Boost
git: set CVE vendor to git-scm
ed: set CVE vendor to avoid false positives
cve-check: allow comparison of Vendor as well as Product
flex: set CVE_PRODUCT to include vendor
cve-update-db-native: use SQL placeholders instead of format strings
xkeyboard-config: remove redundant intltool dependency
piglit: upgrade to latest revision
pkgconf: upgrade 1.6.1 -> 1.6.3
conf/poky: add Fedora 30 and Opensuse Leap 15.1 to supported distributions
cve-update-db-native: use os.path.join instead of +
cve-update-db: actually inherit native
cve-update-db-native: use executemany() to optimise CPE insertion
cve-update-db-native: improve metadata parsing
cve-update-db-native: clean up JSON fetching
freetype: upgrade to 2.10.1
unfs3: set upstream tag regex to avoid false-positives
meson.bbclass: export STRIP=${BUILD_STRIP}
ffmpeg: don't use hardcoded lookup tables
ffmpeg: upgrade to 4.1.4
Sai Hari Chandana Kalluri (3):
devtool/standard.py: Update devtool modify to copy source from work-shared if its already downloaded
devtool/standard.py: Create a copy of kernel source within work-shared if not present
devtool: provide support for devtool menuconfig command
Scott Rifenbark (5):
overview-manual: Fixed manual history table
sdk-manual: Updated devtool to talk about oe-local-files.
dev-manual: Provided proper link title
ref-manual: Fixed typo for BBMULTICONFIG variable.
ref-manual: Removed "python2" mention in example.
Stefan Agner (1):
psplash: create psplash tmpfs mount directory in psplash-init
Tim Orling (3):
vulkan-headers: add recipe
vulkan-loader: add recipe
vulkan-tools: add recipe
Ulrich Ölmann (1):
squashfs-tools: upgrade to commit f95864afe883
William Bourque (2):
wic/plugins: Source that support both EFI and BIOS
meta/lib/oeqa: Test for bootimg-biosplusefi Source
Yi Zhao (2):
debianutils: upgrade 4.8.6.1 -> 4.8.6.3
ltp: upgrade 20190115 -> 20190517
Zang Ruochen (9):
nss: upgrade 3.44 -> 3.44.1
util-linux:upgrade 2.33.2 -> 2.34
librepo:upgrade 1.10.3 -> 1.10.4
sqlite3: Upgrade 3.28.0 -> 3.29.0
nss: Upgrade 3.44.1 -> 3.45
xauth:upgrade 1.0.10 -> 1.1
libice:upgrade 1.0.9 -> 1.0.10
xwininfo:upgrade 1.1.4 -> 1.1.5
libpciaccess:upgrade 0.14 -> 0.16
meta-phosphor: fe8cee7488..601f253a66:
Brad Bishop (1):
meta-phosphor: systemd: remove upstreamed patches
Change-Id: If591144821cd2e5b990a7aa49a1cf426f6a906de
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
meta-openembedded: 64974b8779..c95842cdca:
Adrian Bunk (46):
modemmanager: Remove the obsolete dependency on dbus-glib
gpsd: Remove the obsolete dependency on dbus-glib
eggdbus: Remove this obsolete package
sanity-meta-gnome: Remove obsolete class
gssdp: Merge inc
vlc: notify switched to GTK+3 some time ago
tremor: Upgrade 20150107 -> 20180319
vlc: Remove the obsolete dependency on dbus-glib
blueman: Enable thunar support by default but don't rdepend on it
gnome-bluetooth: Drop bluez4 support
networkmanager: Drop bluez4 support
packagegroup-meta-networking-connectivity: Correct a DISTRO_FEATURES check
packagegroup-tools-bluetooth: Remove bluez4 support
cpprest: Fix build failure with gcc 8
packagegroup-basic: Remove bluez4 support
packagegroup-meta-oe: Remove bogus bluez4 DISTRO_FEATURES checks
esound: Remove this obsolete package
gpsd: Remove obsolete musl patch
gpsd: Don't build without optimization
zeromq: Upgrade 4.3.1 -> 4.3.2
obex-data-server: Drop bluez4 support
openobex: Drop bluez4 support
gpsd: Drop bluez4 support
libao: Remove the non-default esound PACKAGECONFIG
gpsd: Disable manpage building by config option instead of patching
gpsd: Upgrade 3.18.1 -> 3.19
gnome-desktop3: Fix REQUIRED_DISTRO_FEATURES
meta-gnome: Remove GNOME_COMPRESS_TYPE = "xz" in recipes
jasper: Use the new upstream GitHub location instead of the defunct tarball URL
fluidsynth: Add PACKAGECONFIG for readline
meta-multimedia: Remove GNOME_COMPRESS_TYPE = "xz" in recipes
udisks: Remove this obsolete version
gpsd: Switch from python-scons-native to python3-scons-native
meta-gnome: Inherit gnomebase instead of gnome
meta-oe: Inherit gnomebase instead of gnome
libgsf: Drop the obsolete inherit gconf
gnome-system-monitor: Add DEPENDS on polkit
meta-oe: Change some ftp:// URIs to http(s)://
meta-oe: Use GNU_MIRROR in more recipes
wireshark: Use an upstream URL that stays valid longer
modemmanager: Use a simpler workaround for the clang build
network-manager-applet: Remove obsolete do_configure_append
network-manager-applet: Remove the obsolete DEPENDS on gconf
wv: Remove, abiword was the only user
gtkmathview: Remove, abiword was the last user
t1lib: Remove, gtkmathview was the last user
Alex Kiernan (6):
keyutils: Fix build with usrmerge
iwd: update to 0.18
libzip: Upgrade 1.5.1 -> 1.5.2
zstd: New recipe
zstd: Update 1.4.0 -> 1.4.2
iwd: Upgrade 0.18 -> 0.19
Alexander Kanavin (3):
python-matplotlib: remove the python 2.x version of the recipe
python-oauthlib: remove the 2.x version of the recipe
python-pandas: remove the python 2.x version of the recipe
Alistair Francis (3):
gpsd: Upgrade from 3.17 to 3.18.1
gpsd: Fix the systemd service run paths
python: pypi: Add python3-term
Anatol Belski (1):
gperftools: separate off libtcmalloc-minimal
Andreas Müller (2):
meta-xfce: Make Kai Kang layer maintainer
abiword: remove
Andrej Valek (2):
nodejs: 10.15.3 -> 10.16.0
nodejs: 10.16.0 -> 10.16.2
André Draszik (1):
layer.conf: ignore wireless-regdb->crda dep for siggen purposes
Ankit Navik (1):
safec: Remove aarch64 from COMPATIBLE_HOST
Anuj Mittal (2):
xterm: upgrade 330 -> 347
libsdl: import from OE-Core
Armin Kuster (5):
keyutils: update to 1.6
keyutils: improve ptests
keyutils: fix QA WARNING
keyutils: fix pulling in glibc when musl enabled
keyutils: fix library install path
Arturo Buzarra (1):
lvm2: Fix RDEPEND on lvm2 to lvm2-udevrules
Ayoub Zaki (1):
pegtl: Initial recipe
Bartosz Golaszewski (2):
bats: new package
libgpiod: bump version to v1.4.1
Beniamin Sandu (1):
unbound: create recipe for version 1.9.2
Callaghan, Dan (1):
unixodbc: mysql5 is not required but readline is
Changqing Li (15):
python-pygobject: fix install dir for python2
dlm: upgrade 4.0.7 -> 4.0.9
uthash: remove uthash-ptest dependencies
waf-samba: switch to python3
libtevent: upgrade 0.9.37 -> 0.10.0
libtdb: upgrade 1.3.17 -> 1.4.0
libtalloc: upgrade 2.1.14 -> 2.2.0
samba: upgrade 4.8.12 -> 4.10.5
libldb: upgrade 1.4.1 -> 1.5.4
volume-key: fix "Nothing RPROVIDES" when multilib enabled
isomd5sum: fix "Nothing RPROVIDES" when multilib enabled
satyr: fix "Nothing RPROVIDES" when multilib enabled
libtevent: fix do_package_qa issue
libtdb: fix do_package_qa issue
fio: Delete redundant tag
Chin Huat Ang (1):
opencv: 3.4.5 -> 4.1.0
Denys Dmytriyenko (1):
ufs-tool: add tool to access UFS (Universal Flash Storage) devices
Douglas Royds (2):
grpc: DEPENDS on googletest
packagegroup-meta-oe: RDEPENDS on googletest
Drew Moseley (1):
networkmanager: Use ALTERNATIVES for resolv-conf handling.
Erik Botö (1):
paho-mqtt-c: enable SSL
Fabian Klemp (1):
openvpn: respect pid file in init.d service start
Gianfranco Costamagna (3):
iniparser: add initial recipe
cpprest: update to 2.10.14
cpprest: Do not export Werror from build system instead of adding -Wno-error to the same build command
He Zhe (1):
drbd-utils: Fix netlink failure with nested attributes for kernel v5.2
Hongxu Jia (24):
packagegroup-xfce-extended: conditional runtime recommends on xfce-polkit
xfce-polkit: add required distro feature check to polkit
xfce4-session: optional support polkit
upower: remove polkit dependency
gvfs: add meson option admin and udisks2 to PACKAGECONFIG
mongodb: add to PNBLACKLIST
itstool: use libxml2 to instead of python3-lxml
meta-multimedia: add layer depends on meta-python
itstool: use libxml2 to instead of python3-lxml
python-six: remove duplicated recipe
libauthen-radius-perl: ptest requires meta-networking to be present
xfce4-panel: use lxdm to replace dm-tool
drop lxdm_%.bbappend
python3-pykickstart: 3.18 -> 3.20
python3-blivet: 3.1.2 -> 3.1.4
python-pyparted/python3-pyparted: 3.11.1 -> 3.11.2
libbytesize: 1.4 -> 2.0
libblockdev: 2.20 -> 2.22
network-manager-applet: 1.8.20 -> 1.8.22
thin-provisioning-tools: 0.7.6 -> 0.8.5
libreport: 2.9.7 -> 2.10.0
python3-blivetgui: fix blivet-gui broken
php: remove 5.6.40
lmsensors: support package lmsensors
Jackie Huang (1):
keyutils: add new recipe
Jason Wessel (1):
libbytesize: Add depends for gettext-native
Joshua Lock (3):
python-cffi: add missing RDEPENDS on pycparser
python-attrs: add native BBCLASSEXTEND
python-dateutil: add native BBCLASSEXTEND
Kai Kang (39):
mozjs: fix configure failure on CentOS 7.6
libvncserver: update to latest commit 1354f7f
libxfce4util: 4.13.3 -> 4.13.4
libxfce4ui: 4.13.5 -> 4.13.6
exo: 0.12.5 -> 0.12.6
xfconf: 4.13.7 -> 4.13.8
thunar: 1.8.6 -> 1.8.7
xfce4-session: 4.13.2 -> 4.13.3
xfwm4: 4.13.2 -> 4.13.3
xfdesktop: 4.13.4 -> 4.13.5
xfce4-power-manager: 1.6.2 -> 1.6.3
xfce4-panel: 4.13.5 -> 4.13.6
xfce4-dev-tools: 4.12.0 -> 4.13.0
thunar-volman: 0.9.2 -> 0.9.3
garcon: 0.6.2 -> 0.6.3
xfce4-settings: 4.12.4 -> 4.13.7
xfce4-pulseaudio-plugin: add dependency dbus-glib
xfce4-verve-plugin: 1.1.0 -> 2.0.0
net-snmp: update SRC_URI
xfwm4: fix assertion error
poppler: toggle gobject-introspection support
xfce4-settings: rrecommends xfce4-datetime-setter
xfce4-datetime-setter: add recipe
libxfce4util: 4.13.4 -> 4.14.0
xfconf: 4.13.8 -> 4.14.1
libxfce4ui: 4.13.6 -> 4.14.1
exo: 0.12.6 -> 0.12.8
garcon: 0.6.3 -> 0.6.4
thunar: 1.8.7 -> 1.8.9
thunar-volman: 0.9.3 -> 0.9.5
tumbler: 0.2.0 -> 0.2.7
xfce4-appfinder: 4.13.3 -> 4.14.0
xfce4-dev-tools: 4.13.0 -> 4.14.0
xfce4-panel: 4.13.6 -> 4.14.0
xfce4-power-manager: 1.6.3 -> 1.6.5
xfce4-session: 4.13.3 -> 4.14.0
xfce4-settings: 4.13.7 -> 4.14.0
xfdesktop: 4.13.5 -> 4.14.1
xfwm4: 4.13.3 -> 4.14.0
Khem Raj (44):
wvdial: Fix build with musl
librelp: Pass Wno-error to compiler
recipes: Use BPN instead of PN in SRC_URIs
cli11: Refresh patch to fix fuzz
sthttpd: Use git SRC_URI instead of github archive
arno-iptables-firewall: Switch to git fetcher
firewalld: Update to 0.6.3->0.6.4
python-matplotlib: Use git src_uri
mpv: Switch to using git fetcher
x11vnc: Switch to git fetcher
dumb-init: Switch to git fetcher
pam-plugin-ldapdb: Use git fetcher
libuv: Switch to using git fetcher
usbctl: Switch to git fetcher
pmdk: Fix libdir which is multi-lib aware
kexec-tools-klibc: Refresh patch with no code change
log4cplus: Fix build with gold linker
orage: Fix build with libical3
pegtl: Fix build with clang/libc++
postfix: Fix build failures with glibc 2.30
snort: Fix build with glibc 2.30
opensaf: Add configure time check to detect gettid API in libc
ypbind-mt: Fix build with glibc 2.30
openocd: Fix build with glibc 2.30
netkit-rusers: Add dep on rpcsvc-proto for rpc headers
collectd: Fix build with glibc 2.30
alsa-oss: Drop now not needed patch
klcc-cross: Recognise --unwindlib clang option
libsub-exporter-progressive-perl: Remove unneeded DEPENDS_PN
libedit: Delete
sjf2410-linux-native: Do not include sys/io.h
gradm: Upgrade to 3.1-201903191516 release
pmdk: Fix packaging errors when building on non-x86 host
klibc: Pass -fno-builtin-bcmp with musl/clang combo
graphviz: Fix build error that surfaced with latest pango
graphviz: Do not build tcl support for target
python-grpcio: Use gettid API from glibc 2.30+
grpc: Update to 1.22.0
android-tools: Fix build with glibc 2.30
iperf2: Upgrade to 2.0.13
netkit-rusers: Depend on rpcsvc-proto-native for rpcgen tool
kpatch: Pass ARCH from environment
python3-pillow: Provide python3-imaging
netkit-rusers: Fix cross-build after glibc dropped rpc
Laszlo Toth (1):
networkmanager: fix typo in nonarch_base_libdir
Liwei Song (2):
pm-graph: fix time format parse error
fio: fix first direct IO errored when ioengine is splice
Luca Boccassi (2):
python-pygobject: move python-setuptools from RDEPENDS to DEPENDS
python-pygobject: remove build-dependency on setuptools and add dependency on pkgutil
Luca Ceresoli (4):
fuse-exfat: moved to github
exfat-utils: moved to github
fuse-exfat: update 1.2.3 -> 1.3.0
exfat-utils: update 1.2.3 -> 1.3.0
Luca Palano (1):
Netdata upgrade: 1.8.0 -> 1.16.0
Maciej Pijanowski (8):
python3-websockets: upgrade to 8.0.2
python3-multidict: upgrade to 4.5.2
python-engineio: upgrade to 3.9.3
python-socketio: upgrade to 4.3.1
python-aiohttp.inc: add missing RDEPENDS
python-async-timeout: add asyncio to RDEPENDS
python-socketio.inc: add missing RDEPENDS
python3-aiofiles: add recipe
Mariano Lopez (1):
nftables: 0.9.0 > 0.9.1
Martin Jansa (8):
protobuf: fix build with gold
SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS add lsb and util-linux for phoronix-test-suite
oprofile: drop kernel-vmlinux from RRECOMMENDS
libdbi-perl: prevent native libdbi-perl depending on target perl
redis: backport a fix for stack trace generation on aarch64
ntop: fix missing return from non-void function
python3-twofish: Fix missing return statements in module stubs
kernel-selftest: skip -Werror=format-security and fortify
Max Krummenacher (1):
joe: update to 4.6
Mikko Rapeli (2):
protobuf: fix ptest compilation with hardening flags
stress-ng: delete recipe
Mingli Yu (7):
fio: Upgrade to 3.15
crash: Upgrade to 7.2.6
makedumpfile: Upgrade to 1.6.6
hwloc: Upgrade to 1.11.13
iperf3: Upgrade to 3.7
log4cplus: Upgrade to 2.0.4
log4cplus: remove gold linker setting
Oleksandr Kravchuk (22):
nghttp2: update to 1.39.1
drbd-utils: update to 9.10.0
drbd: update to 9.0.18-1
keepalived: update to 2.0.16
nano: update to 4.3
nuttcp: add systemd unit file
mbedtls: update to 2.16.2
dhcpcd: update to 7.2.2
freediameter: update to 1.2.1
sethdlc: set PV in filename
miniupnpd: update to 2.1.20190210
ipvsadm: update to 1.30
uftp: update to 4.9.11
libnftnl: update to 1.1.3
dhcpcd: update to 7.2.3
blueman: update to 2.1.1
uftp: update to 4.10
htpdate: update to 1.2.1
dhcpcd: update to 8.0.1
chrony: update to 3.5
wolfssl: update to 4.1.0
dhcpcd: update to 8.0.2
Ovidiu Panait (2):
python3-pillow: 5.4.1 -> 6.1
python3-pillow: Add python3-misc/logging/numbers to RDEPENDS
Paolo Valente (1):
s-suite: push SRCREV to version 3.5
Parthiban Nallathambi (1):
python3-matplotlib: add version 3.1.1
Pascal Bach (1):
protobuf: 1.3.1 -> 1.3.2
Paul Eggleton (3):
mraa: update to 2.0.0
upm: update to 2.0.0
picocom: update to 3.1
Pierre-Jean Texier (2):
stunnel: bump to version 5.55
cppzmq: bump to version 4.4.1
Piotr Tworek (1):
itstool: Don't use hardcoded, absolute path to python3 binary.
Qi.Chen@windriver.com (3):
turbostat: set PACKAGE_ARCH as MACHINE_ARCH
esmtp: use alternatives to manage /usr/lib/sendmail
postfix: use alternatives to manage /usr/lib/sendmail
Radovan Scasny (2):
dhcpcd: enable udev by default
dhcpcd: fix building with pkgconfig
Randy MacLeod (2):
poppler: update from 0.75.0 to 0.79.0
rsyslog: update from 8.1903.0 to 8.1907.0
Ricardo Ribalda Delgado (1):
fwts: Update to 19.06.00
Robert Joslyn (1):
cryptsetup: Don't enable udev for native build
Roman Stratiienko (1):
glmark2: Upgrade SRCREV to latest
Ross Burton (2):
gtk+: add (from oe-core)
gnome-themes-standard: add recipe for GTK+ 2 Adwaita
Ruslan Bilovol (2):
libnss-nisplus: Add recipe
kpatch: fix QA build errors for nativesdk
Saravanan Sekar (1):
liblightmodbus: Add version 2.0.2
Scott Ellis (1):
wireguard: Upgrade 20190406 to 20190702
Slater, Joseph (3):
drbd-utils: enable reproducible_build awareness
php: remove host specific info from header file
mozjs: do not expose intl api for mips64
Tim Orling (9):
libencode-perl: upgrade 2.94 -> 3.01; enable ptest
libdbi-perl: fix dependencies
libtest-nowarnings-perl: add recipe for 1.04
libdbd-sqlite-perl: upgrade 1.54 -> 1.62; enable ptest
libsub-uplevel-perl: add recipe for 0.36
libtest-warn-perl: add recipe for 0.36
libcgi-perl: upgrade 4.43 -> 4.44
libnet-ldap-perl: upgrade 0.65 -> 0.66; enable ptest
libunicode-linebreak-perl: upgrade 2017.004 -> 2019.001; enable ptest
Trevor Gamblin (2):
metacity; upgrade from 3.30.1 to 3.32.0
gvfs: upgrade from 1.40.0 to 1.40.2
Vincent Prince (1):
mongodb: add mongo shell as a PACKAGECONF option
William A. Kennington III via Openembedded-devel (5):
gtest: Googletest project is back under github.com/google/googletest
googletest: The gtest and gmock projects were combined under googletest in 2015
libtar: Enable libtar-native build
fmt: Init at 5.3.0
cli11: 1.7.1 -> 1.8.0
Windel Bouwman (3):
python-humanfriendly: Add recipe for the humanfriendly package.
Fix python-humanfriendly recipe for python2.
Add recipe for the coloredlogs python package.
Yi Zhao (7):
strongswan: upgrade 5.7.1 -> 5.8.0
snort: fix compile-host-path QA issue
cryptsetup: set the default luks format to LUKS1
libldb: upgrade 1.5.4 -> 1.5.5
samba: upgrade 4.10.5 -> 4.10.6
snort: upgrade 2.9.13 -> 2.9.14
snort: upgrade 2.9.14 -> 2.9.14.1
Yong, Jonathan (1):
icewm: add recipe
Yongxin Liu (3):
keyutils: move recipe and patches from meta-security to meta-oe
ndctl: v63 -> v65
pmdk: update from 1.4.2 to 1.6
Yuan Chao (9):
python-pycodestyle: upgrade 2.4.0 -> 2.5.0
python-lxml: upgrade 4.3.4 -> 4.4.0
python-configparser: upgrade 3.5.0 -> 3.7.4
protobuf: upgrade 3.9.0 -> 3.9.1
python-markupsafe: upgrade 1.0 -> 1.1.1
hostapd: upgrade 2.8 -> 2.9
python-configparser: upgrade 3.7.4 -> 3.8.1
python-lxml: upgrade 4.4.0 -> 4.4.1
python-pip: upgrade 19.2.1 -> 19.2.2
Zang Ruochen (47):
postgresql: upgrade 11.3 -> 11.4
wireshark: upgrade 3.0.1 -> 3.0.2
python-pygobject: upgrade 3.32.1 -> 3.32.2
python-alembic: upgrade 1.0.10 -> 1.0.11
logwatch: upgrade 7.4.3 -> 7.5.1
tcsh: upgrade 6.20.00 -> 6.21.00
python-cython: upgrade 0.29.10 -> 0.29.11
dialog: upgrade 1.3-20180621 -> 1.3-20190211
php: upgrade 7.3.6 -> 7.3.7
sessreg: upgrade 1.1.1 -> 1.1.2
python-typing: upgrade 3.6.6 -> 3.7.4
python-mako: upgrade 1.0.12 -> 1.0.13
python-pbr: upgrade 5.2.1 -> 5.4.0
python-cython: upgrade 0.29.11 -> 0.29.12
adcli: added new recipe.
python-pyflakes: upgrade 1.6.0 -> 2.1.1
python-protobuf: upgrade 3.8.0 -> 3.9.0
protobuf: upgrade 3.8.0 -> 3.9.0
setxkbmap: upgrade 1.3.1 -> 1.3.2
uftrace: upgrade 0.9.2 -> 0.9.3
wireshark: upgrade 3.0.2 -> 3.0.3
python-pbr: upgrade 5.4.0 -> 5.4.1
dstat: upgrade 0.7.3 -> 0.7.4
python-mako: upgrade 1.0.13 -> 1.0.14
xfsprogs: upgrade 5.0.0 -> 5.1.0
python-beautifulsoup4: upgrade 4.7.1 -> 4.8.0
xterm: upgrade 347 -> 348
python-pip: upgrade 19.1.1 -> 19.2.1
python-paste: upgrade 3.0.8 -> 3.1.0
syslog-ng: append syslog-ng.service
dialog: upgrade 1.3-20190211 -> 1.3-20190728
openldap: upgrade 2.4.47 -> 2.4.48
python-cython: upgrade 0.29.12 -> 0.29.13
libsodium: upgrade 1.0.17 -> 1.0.18
hwdata: upgrade 0.322 -> 0.326
python-jsonpatch: upgrade 1.23 -> 1.24
python-pyasn1: upgrade 0.4.5 -> 0.4.6
python-pyasn1-modules: upgrade 0.2.2 -> 0.2.6
python-pyparsing: upgrade 2.4.0 -> 2.4.2
python-pytest-runner: upgrade 4.2 -> 5.1
python-pytz: upgrade 2019.1 -> 2019.2
itstool: upgrade 2.0.5 -> 2.0.6
opensaf: upgrade 5.19.03 -> 5.19.07
libkcapi: upgrade 1.1.4 -> 1.1.5
mcelog: upgrade 162 -> 164
php: upgrade 7.3.7 -> 7.3.8
kpatch: upgrade 0.61 -> 0.71
Zheng Ruoqin (3):
python-mako: upgrade 1.0.14 -> 1.1.0
python-pbr: upgrade 5.4.1 -> 5.4.2
dnf-plugin-tui: new recipe
wouterlucas (1):
python-jsonref: add recipe
meta-phosphor: fbd01b6e08..fe8cee7488:
Brad Bishop (1):
meta-phosphor: sdk: react to upstream gtest rename
meta-xilinx: 64aa3d35ae..f3c8b1c9a8:
Alejandro Enedino Hernandez Samaniego (7):
opencl-clhpp: Allow empty packages to be built
opencl-headers: Allow empty packages to be built
gcc-8: rebase microblaze patches for gcc 8.2.0
gcc8: update microblaze patches
gcc: update microblaze patches
update gcc-8 patches
gcc: Remove xilinx.ld requirement
Jaewon Lee (6):
zc1254-zynqmp.conf: Add support for zc1254 evaluation board
zc1275-zynqmp.conf: Add support for zc1275 evaluation board
zcu102-zynqmp.conf: Changing qemu boot mode
Adding FPGA_MNGR_RECONFIG_ENABLE to control enabling fpga manager
gcc: Removing already upstreamed patch
Rebasing binutils patches from 2.31 to 2.32
Madhurkiran Harikrishnan (2):
kernel-module-mali: Fix errors associated with kernel upgrade to 4.19
xf86-video-armsoc: Remove the recipe for xf86-video-armsoc
Manjukumar Matha (10):
libmali-xlnx_git.bb: Fix the package arch for libmali
zcu111-zynqmp.conf: Add support for ZCU111 evaluation board
qemu-system-aarch64-multiarch: Enable plm argument in runqemu
arm-trusted-firmware.inc: Add support to build ATF for versal devices
linux-xlnx.inc: Add support to build kernel for versal devices
linux-xlnx.inc: Use KBUILD_DEFCONFIG in externalsrc mode if defined
kernel-simpleimage.bbclass: Use dts for simpleImage generation for Microblaze
kernel-simpleimage.bbclass: Deploy simpleImage unstrip file
kernel-simpleimage.bbclass: Deploy simpleImage strip
binutils%.bbappend: Update Microblaze binutils patches to v2.31
Min Ma (4):
ocl-icd_git.bb: Add recipe for OpenCL ICD loaders
opencl-clhpp_git.bb: Recipe for OpenCL Host API C++ bindings
zocl: Recipe for Xilinx runtime driver module
xrt: Xilinx Runtime User Space Libraries and headers
Sai Hari Chandana Kalluri (1):
xilinx-testimage.bbclass: Include IMAGE_AUTOLOGIN and IMAGE_FSTYPES values for runqemu
Sreeja Vadakattu (1):
machine-xilinx-default.inc: Make u-boot.elf as UBOOT_ELF for zynq
Vineeth Chowdary Karumanchi (1):
tune-zynq.inc: Build zImage in addition to uImage
meta-security: c28b72e91d..ecb526ffab:
Armin Kuster (34):
linux-bbappends: simplify
layers: set warrior only
security-test-image: add a testing image
runtime: clamav test cleanup
packagegroup-core-security: cleanup and remove ptest
test-image: add packagegroup-core-security-ptest
test-image: add a few more packages to image
ima-evm-utils: update to tip
runtime: tpm2 fix names in packagecheck
tpm2 images: create tpm2 image and fix packagegroup
tpm image: split out tpm2
tpm2-pkcs11/tpm2-pkcs11: update to tip
tpm2-tcti-uefi: update to tip
tpm2-tools: update to 3.2.0
tpm2-tss: update to 2.2.3
tpm2-totp: update to offical release v0.1.1
tpm2-tss-engine: update to 1.0.0
libmspack: update SRC_URI and package
clamav: minor recipe cleanup
lynis: update to 2.7.5
meta-security-compliance: update README
openscap_git: update to 1.3.0
openscap: add 1.3.1 recipes for upstream source
scap-security-guide: update to 0.1.44
meta-security-compliance: add meta-python
libldb: remove recipe
waf-cross-answers: remove files
samhain: update to 4.3.3
keyutils: remove from meta-security
linux-%: remove kernel fragments now in cache
meta-integrity: remove kernel fragments now in cache
linux-stable/5.2: add stable bbappend
linux-yocto: use 4.19 kernel cache now
linux-yocto-dev: update to use kernel cache
Dmitry Eremin-Solenikov (11):
packagegroup-security-tpm2: stop including tpm2-tcti-uefi
tpm2-tss: fix compilation when using updated AX_CODE_COVERAGE macro
tpm2-tcti-uefi: add autoconf-archive-native dependency
tpm2-tcti-uefi: fix configure arguments
tpm2-tcti-uefi: stop inserting host directories into build path
tpm2-tcti-uefi: build and install examples
meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASE
ima-evm-utils: bump to release 1.2.1
kernel-modsign.bbclass: add support for kernel modules signing
linux: add support for kernel modules signing
layer.conf: switch to keyutils from meta-oe
He Zhe (1):
kernel: Add conditional inclusion of fragments for linux-yocto-dev
Mark Asselstine (1):
openscap/scap-security-guide: use _git instead of versioned filenames
Yi Zhao (5):
openscap: update recipe
scap-security-guide: update recipe
openscap: cleanup DEPENDS
scap-security-guide: fix typo
xmlsec1: upgrade 1.2.27 -> 1.2.28
lumag (3):
layer.conf: add dependency on meta-security
ima-evm-utils: bump version
ima-evm-utils: refresh xattr patch
meta-raspberrypi: 8636b63752..b112816e95:
Andrei Gherzan (46):
rpi-base.inc: Include rpi4 dtb
raspberrypi3.conf: Clarify machine mode
linux-raspberrypi: Include configuration for RaspberryPi3 defconfig
linux-raspberrypi: Update 4.19 kernel to 4.19.56
rpi-base: Rename the rpi0w dtb
firmware: Update to 20190620
raspberrypi4.conf: Add initial machine 32 bit configuration
linux-firmware-rpidistro: Fix WiFi on RaspberryPi 4
rpi-base.inc: Include the "fake" KMS dtbo
raspberrypi4: Use vc4-fkms-v3d
linux-raspberrypi: Bump 4.19 revision to fix RPi 4 arm64 builds
raspberrypi4-64.conf: Introduce RPi arm64 machine
firmware: Rename firmware inc file to raspberrypi-firmware.inc
armstubs: Add support for compiling ARM stubs
rpi-config: Handle ARMSTUB
sdcard_image-rpi.bbclass: Include in the SD card image the armstub file
raspberrypi4-64.conf: Initial machine configuration
raspberrypi-tools: Update to remove Makefile patch
linux-raspberrypi: Fix defconfig for RPi4-64
linux-raspberrypi.inc: Explicitly set defconfig for raspberrypi4-64
sdcard_image-rpi.bbclass: Fix typo
linux-raspberrypi: Bump 4.19 revision to have proper coherent_pool set
raspberrypi4-64.conf: Define a machine feature for armstubs
sdcard_image-rpi.bbclass: Use armstub machine feature
linux-raspberrypi: Bump 4.19.57 revision
raspberrypi4.conf: Define uboot defconfig
raspberrypi4-64.conf: Uboot configuration and drop armstub
u-boot: Use a temporary fork for RPi4 support
raspberrypi-firmware: Update to 20190709
raspberrypi4.conf: The firmware uses kernel7l.img when LPAE is supported
linux-raspberrypi: Bump 4.19 to 4.19.58
linux-raspberrypi: Build dtbs with dtbs make target for all 64bit targets
linux-raspberrypi: Bump 4.19 revision
raspberrypi4-64.conf: Remove memory limitation
u-boot: Replace custom fork by patches
u-boot: Update patches for RPi4
rpi-config: Check for armstub based on machine feature
sdcard_image-rpi: Check for armstub based on machine feature
armstubs: Error out when ARMSTUBS is not defined
raspberrypi*: Define ARMSTUB for all machines
raspberrypi4-64.conf: Limit RAM to 3G
README.md: Use matrix chat room
raspberrypi-firmware.inc: Update to 20190718
linux-raspberrypi: Update 4.19 recipe to 4.19.66
mesa: Add v3d and kmsro driver as well
raspberrypi4-64: Remove the 3G RAM limitation
Carton (2):
bluez5: Fixed typo (RC_URI -> SRC_URI)
rpi-config: Check some config values against "1"
Francesco Giancane (1):
linux-raspberrypi: update to 4.14.114
Khem Raj (8):
linux-raspberrypi: Upgrade to 4.19.57
userland: Upgrade to latest
webkitgtk: Remove -DUSE_GSTREAMER_GL=OFF for vc4graphics
layer.conf: Add meta-networking to dynamic layers
drbd: Disable for rpi machines
packagegroup-rpi-test: Depend on wireless-regdb instead of crda
xorg-xserver: Adapt bbappend to latest OE-core
python-rtimu,python-sense-hat: Convert to py3 modules
Kirill Goncharov (1):
omxplayer: Bump revision
Martin Jansa (1):
sdcard_image-rpi.bbclass: use -v for all mcopy calls and add bbfatal in case mcopy fails
Riyaz (1):
rpi-base.inc: Enabling open-source vc4graphics driver for all RPI platforms
Change-Id: I9e37b5952a2e2e30745275fc89e4dd7c47b851e2
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
These two patches are backported from systemd master in order to fix an
upstream bug with 5.2 kernels where the network interface fails to come
up with the following error:
eth0: Could not bring up interface: Invalid argument
The patches will appear in systemd 243, which is unrelased at this time.
(From meta-phosphor rev: 8c4686c5d242ae045a79dfb768af54361c462e6a)
Resolves https://github.com/systemd/systemd/issues/12784
Change-Id: I69388952c8269b9d0063623e664ad50b538d0b26
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
A number of OpenBMC projects are using meson as the build system now.
Add meson tools to the sdk.
(From meta-phosphor rev: 94b6088bc65ca22b7f05a47820c60d10cf3e76e0)
Change-Id: I5dcd63ce5c76a34dc1d6b26d153cc0d2eff49aae
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Typically it does not make any sense to append to FILESEXTRAPATHS.
FILESEXTRAPATHS is set in a bbappend when overriding something from
another layer. The typical desire will be to make bitbake search for
files in the layer with the bbappend and not some other layer earlier in
the priority list. Further, appending to FILESEXTRAPATHS will introduce
unexpected behavior when multiple layers append the same recipe - layers
with higher layer priorities that append to FILESEXTRAPATHS will find
their files overriden by files in layers with lower priorities.
(From meta-phosphor rev: 3b1f826a641ec83dbc67214912f093e9eb0147eb)
Change-Id: I69549d14397fe6a33ca7113616665481ff143435
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
/proc/sys/net/ipv4/conf/*/rp_filter enforces filtering of packets to
make sure that only packets that match the route can be sent on an
interface. This is recommended for reducing IP spoofing as will as
allowing for proper UDP behavior when multiple configured NICs have the
same subnet.
This is needed for the upcoming change of phosphor-ipmi-net, were its
socket file uses the bind-to-device option to be able to bind each
instance to a single network interface. This allows each RMCP+ bridge
to accept only incoming packets on that interface. But in order to do
this with two NICs on the same subnet, reverse-path filtering must be
enabled in the kernel.
(From meta-phosphor rev: 62a4b6cde3046a2439bdcef79a6ac85fd6684194)
Change-Id: Ia4ba2523ded0d18d99f8be2fedd42666e96c34d2
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Opt out of new systemd meson config options by default. This keeps our
systemd configuration as minimal as possible by default, and makes an
explicit statement about what is supported by meta-phosphor and what is
not.
(From meta-phosphor rev: 1ea62b5ba89e07d0ee0ac8afecbe124ccc2909f6)
Change-Id: I965bf50f8edacdb754dbb177bd7631325baaf34d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
The obmc-standby.target is no longer used, and therefore should be
dropped.
(From meta-phosphor rev: 381e36eb42c19ae1886fba91aa8551c3c12a9902)
Signed-off-by: Patrick Venture <venture@google.com>
Change-Id: Ib941989130be497ef6e7c72cdacf46de6c318792
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
The org.openbmc.control.Chassis service is no longer used for
anything and is being removed, so remove the waits on it.
(From meta-phosphor rev: 0603d1636896adce54710c3658dcd9f701d97b77)
Change-Id: I03872ee827562be1d7e6d06d6503545ad1d38af6
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Earlier thought was there would be overhead if
we include "ldap" here in the nssswitch.conf file
so created nsswitch_ldap.conf, but we have tested
both the cases(ldap/local) and we don't find any
overhead,so we don't need both nsswitch.conf and
nsswitch_ldap.conf files
Here is link for nss-pam-ldapd-users discussion thread
https://lists.arthurdejong.org/nss-pam-ldapd-users/2019/msg00021.html
Tested local and ldap user authentication with
valid and invalid credentials.
(From meta-phosphor rev: a4ac97cdb199af84a28c2ad691aa5ef85b32d66f)
Change-Id: I0c72d3a32a51dcc0cb8cf9c67411d26b5d8658d2
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
A number of corequisites exist so squashing these all into one patch.
meta-ingrasys - refresh master bc513127f4..67bcaf389f
meta-hxt - refresh master 86a4df514f..8fe0d38bbb
meta-phosphor - refresh master 06c09d7cce..df6ddae3d2
meta-quanta - refresh master 4f126361a1..53f3025271
Change-Id: I3daeef2a0467d8ea4f1fd1c617e526f8b11258af
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
This application doesn't have any in-tree users. As such, drop the
recipe and its dependencies.
(From meta-phosphor rev: 296cc521f5a1c8c87c63a5b475b23c876241bf22)
Change-Id: Ie0ce809f84a133c023f96b4727550690583cb9df
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Move pam metadata from recipes-core to recipes-extended, to match
oe-core.
(From meta-phosphor rev: 6f75a62ec75deb7ba6efdc5b5c3dda960dda701d)
Change-Id: If8e36b1199f9e70ce27522d915ceaa281caaabc6
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Richard Marian Thomaiyar (1):
Removal of excess 16 bytes padding
(From meta-phosphor rev: 23dd122622b099237c150188161fff687da0c259)
Change-Id: If0858a0b8263aa3a52815f5938fd832f52fef203
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
There are several fixes related to systemd/systemd#11420, which affects
openbmc/openbmc#3459
Pick the related changes to fix the issue.
Partially resolves openbmc/openbmc#3459.
Tested: Run below script to make sure setting time eventually succeeds.
timedatectl set-ntp 1
sleep 10 # Wait for a while for NTP service to start
timedatectl set-ntp 0
until busctl call org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.timedate1 SetTime xbb 1487304700000000 0 0
do
echo "Try again..."
done
(From meta-phosphor rev: 076771ae7363a3342fe45f7f8f6b383811c8677e)
Change-Id: I453cff9224721052a1ed000fa4ded1d4858dcde1
Signed-off-by: Lei YU <mine260309@gmail.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
This adds a new OS identification parameter (OPENBMC_TARGET_MACHINE) to
the /etc/os-release file in the generated OpenBMC image to indicate the
kind of device the OpenBMC image is targeted to control.
This is needed to be able to track the image back to its source code: the
distro and version indicate the exact source code that was used, and the
target machine says which Bitbake layer configuration within that source
was used.
Note the target machine name is typically set in the
openbmc/meta-*/meta-MACHINE/conf/local.conf.sample file.
(This is where TEMPLATECONF points to.)
The "uname" command options -m (machine) and -i (hardware platform) will
continue to refer to the BMC and not its target machine.
Tested: On the build system, `cat $IMAGE_ROOTFS/etc/os-release` shows
the correct value.
(From meta-phosphor rev: e9319a8c4b7bc9b737fbb6e5359f878d5ab13e7a)
Change-Id: I29483ef4a72ae80c30399c795177ed446456740d
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
These are backports of changes I contributed to systemd v240. We need
these until we get v240 from oe core.
Tested:
Ran a romulus image and provisioned static neighbors with systemd
networkd.
(From meta-phosphor rev: 8b84385e3c40d1827b06d0612def2275d3ad4faf)
Change-Id: I5720a3b1626e15d4e4cfc630ce24f5818b294d8a
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
This is removed upstream in thud (poky rev: ada8a5d) but we have a
recipe that depends on it (preinit-mounts). preinit-mounts is only
added to the rootfs when DISTRO_FEATURES contains obmc-ubi-fs.
preinit-mounts might be a bit of a hack; getting filesystems mounted
just right is typically the role of an initramfs. It may make sense
to (re)visit how that is done and at that time we can drop this
support.
(From meta-phosphor rev: 2fb0a1b55ce9d4f133f34eda6e6df0aead585fef)
Change-Id: Iac2acd7e2f23055387a3250392461a78ec361da8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Phosphor removes a number of systemd packageconfigs that are enabled by
default in oe-core. Sort the removal list alphabetically.
Remove networkd. It is now selected by default in oe-core.
Remove vconsole. Typically vconsoles aren't needed on a BMC and
vconsole support has significant footprint cost.
Remove ldconfig. The base recipe controls this via distro feature;
don't override.
Remove kdbus and bootchart. They aren't options anymore.
(From meta-phosphor rev: 65ae799165fce6e5b50c68e32d20a09d2cdbd52f)
Change-Id: Ieefd0d0d13cfdc65debbfdd3ab9ecdbc4154d28a
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Patrick Venture (5):
build: add requirement for openssl to configure_ac
build: add macro dirs to configure_ac
build: add -I m4 to Makefile for ACLOCAL_AMFLAGS
build: drop undefined LIBCRYPT from Makefile
build: add requirement for libpam to configure_ac
Richard Marian Thomaiyar (2):
Add empty ipmi_pass file to the root image
Update the ipmi_pass to use default password
(From meta-phosphor rev: facd3dab0287ceb1a30b5e0496332b07d0c1bf1f)
Change-Id: I8a0eafb10f81cb2401b74aec111e7153d591d0e6
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Update pam-ipmi recipe to add ipmi_pass file to the image
Unit test:
Verified by making sure files is copied to the update bmc image.
(From meta-phosphor rev: 2d569e24598c82b078f18b07255767e8ace287c0)
Change-Id: I9a5f4b169b0427e61795397ad63a8d2a59a03e44
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Add dependency on autoconf-archive-native to allow using autoconf-conf
archive macros in pam-ipmi configure_ac.
(From meta-phosphor rev: c719c5c4e71733490ef38efd8f928032a1c19500)
Change-Id: Ibadb5849f1390387a990bce6dc0c4baf1f2ebcb8
Signed-off-by: Patrick Venture <venture@google.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Patrick Venture (3):
style: set column width to 80 chars
build: add AM_PROG_AR to configure_ac
build: drop LDADD and use LDFLAGS
(From meta-phosphor rev: f98be78d2b662686041487c7b9b5e1514efa31db)
Change-Id: Ic9e59b49226c1982b7df34438f90b5bbb2a5f923
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
This reverts commit 87497e8ebce78079ea5423ecb6080e82cfa36106.
systemd-hostnamed no longer hangs without network namespace support:
PrivateNetwork=yes is configured, but the kernel does not support network namespaces, ignoring.
(From meta-phosphor rev: 3b6dd35154ba5e105ad1d4b65746711654ed34b0)
Change-Id: I41b5e1ae952b8bc3bc07819d7ab7e0fffd3629c7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
This reverts commit 8ef5fd21107625d7480346318cb858759e61ee66.
The pull request referenced in the original commit was never merged
into systemd.
Support for properly using /sys/devices paths as template instances
has been added to systemd in the meantime.
It probably didn't/doesn't make sense to use device tree paths when
launching applications via udev+system (applications to use
/sys/devices paths instead).
Given all these reasons, drop these two systemd patches.
(From meta-phosphor rev: ee22593ddc009cda7aad28bf1311f1a26047fc97)
Change-Id: Ic10e0abc8c112e7e6bd62bc346857cf4194dbe50
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Patrick Venture (3):
Add .gitignore file
move .clang-format file into position
fixup: do not assign immediately before reassigning
(From meta-phosphor rev: 319c44312ec2ed48cd0843fdb6cc298f362e17e9)
Change-Id: I0a832003a5ef25932241fcda7530237567193c60
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
pam password history module is required to not allow the
history passwords.
We have the following D-bus property which is required this
module.
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/
xyz/openbmc_project/User/AccountPolicy.interface.yaml#L27
(From meta-phosphor rev: 59e8633fc824999fcef46f099174ee322a9750f7)
Change-Id: I3493c1386c08ea8497a3d3868ed8ffb67a024a1d
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Update meta-phosphor to master HEAD.
Patrick Venture (52):
meta-phosphor: obmc-console: set LICENSE field
meta-phosphor: dbus-interfaces: set LICENSE field
meta-phosphor: rest-dbus: set LICENSE field
meta-phosphor: slpd-lite: set LICENSE field
meta-phosphor: ipmi-host: set LICENSE field
meta-phosphor: ipmi-net: set LICENSE field
meta-phosphor: network: inarp: set LICENSE field
meta-phosphor: network: set LICENSE field
meta-phosphor: logging: set LICENSE field
meta-phosphor: ipmi-tool: fixup LICENSE
meta-phosphor: clear-once: set LICENSE field
meta-phosphor: preinit-mounts: set LICENSE field
meta-phosphor: systemd: obmc-targets: set LICENSE field
meta-phosphor: dbus: perms: set LICENSE field
meta-phosphor: dbus-interfaces-mapper-config-native: set LICENSE field
meta-phosphor: dbus-monitor-config-native: set LICENSE field
meta-phosphor: legacy-namespace-mapper-config-native: set LICENSE field
meta-phosphor: mapper-config-native: set LICENSE field
meta-phosphor: obmc-host-failure-reboots: set LICENSE field
meta-phosphor: fan-control-events-config-native: set LICENSE field
meta-phosphor: fan-control-fan-config-native: set LICENSE field
meta-phosphor: fan-control-zone-conditions-config-native: set LICENSE field
meta-phosphor: fan-control-zone-config-native: set LICENSE field
meta-phosphor: fan-monitor-config-native: set LICENSE field
meta-phosphor: fan-presence-config-native: set LICENSE field
meta-phosphor: image-signing: set LICENSE field
meta-phosphor: insecure-signing-key-native: set LICENSE field
meta-phosphor: inventory-manager-assettag-native: set LICENSE field
meta-phosphor: inventory-manager-config-native: set LICENSE field
meta-phosphor: ipmi-channel-inventory-native: set LICENSE field
meta-phosphor: ipmi-config: set LICENSE field
meta-phosphor: ipmi-fru-merge-config-native: set LICENSE field
meta-phosphor: ipmi-fru-properties-native: set LICENSE field
meta-phosphor: ipmi-fru-read-bmc-inventory-native: set LICENSE field
meta-phosphor: ipmi-fru-read-not-sent-by-host-inventory-native: set LICENSE field
meta-phosphor: ipmi-fru-whitelist-native: set LICENSE field
meta-phosphor: ipmi-inventory-sel-native: set LICENSE field
meta-phosphor: ipmi-sensor-config-native: set LICENSE field
meta-phosphor: ipmi-sensor-inventory-native: set LICENSE field
meta-phosphor: logging-callouts-example-native: set LICENSE field
meta-phosphor: logging-error-logs-native: set LICENSE field
meta-phosphor: settings-defaults-native: set LICENSE field
meta-phosphor: fan-presence-mrw-native: set LICENSE field
meta-phosphor: fan-control-fan-config-mrw-native: set LICENSE field
meta-phosphor: ipmi-fru-properties-mrw-native: set LICENSE field
meta-phosphor: ipmi-inventory-sel-mrw-native: set LICENSE field
meta-phosphor: ipmi-sensor-inventory-mrw-config-native: set LICENSE field
meta-phosphor: ipmi-sensor-inventory-mrw-native: set LICENSE field
meta-phosphor: led-manager-config-mrw-native: set LICENSE field
meta-phosphor: logging-callouts-mrw-native: set LICENSE field
meta-phosphor: hwmon-config-mrw: set LICENSE field
meta-phosphor: settings-read-settings-mrw-native: set LICENSE field
Change-Id: Ibe919c3f1a748fae67b45ff6908a236b08902450
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
The Dropbear SSH client and server configuration is changed to not
accept the HMAC-MD5 algorithm when making connections.
The MD5 algorithm is no longer considered secure.
With this change, Dropbear supports the following MAC algorithms:
SHA1_HMAC, SHA2_256_HMAC, and SHA2_512_HMAC.
Note that Dropbear does not yet support HMAC-SHA3.
Tested:
$ ssh -m hmac-sha1-96 root@${bmc}
Unable to negotiate with ${bmc} port 22:
no matching MAC found.
Their offer: hmac-sha1,hmac-sha2-256,hmac-sha2-512
$ ssh root@${bmc} # worked
(From meta-phosphor rev: ec86af05553a7a66af68356cb2b4ec451d5bbf91)
Change-Id: Iba30c9f1ea66e2c72c75d16a16194ede808fe64a
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Continue to hit two major issues with having coredumps
enabled in OpenBMC:
1. Filesystem space for coredumps
Systemd writes the core files to /var/lib/systemd/coredump/
This is a persistent filesystem so space is very limited.
There is currently no way to configure this location (would
need upstream work). Due to issue #2 below, when a single
application fails, it starts to cause other services to
coredump which results in the available space quickly
filling up. This can result in the UBI kernel driver
remounting the filesystem read-only.
2. CPU utilization
When an application fails, and causes a coredump, it is
restarted by systemd. The restart causes mapper to fire
up and introspect the restarted application. In parallel
the coredump is being generated and collected. These two
things heavily load the CPU. If this occurs during the
initial startup of the BMC, where lots of other services
are also starting and being introspected by mapper, then
those services can start hitting their systemd timeout
limit. This then results in core dumps being collected for
them and mapper instrospects being called on their restarts.
This causes a snowball affect where the system just
continues to restart services and collect core dumps.
The systemd restart policy can not account for these long
delays between restart (due to the CPU load) so the
limit is never hit within the time limit, resulting
in an infinite restart loop.
There is upstream work that could be done with systemd to
make the core dump function more embedded system friendly. This
would be a long term solution but may become a moot point
as performance improvmenents come in (c++ mapper), more
powerful CPU's are used, and more flash space is allocated
in future systems.
Personally, I've never used a core dump to debug an issue
and have dealt with the above issues multiple times so
I'm probably a bit biased. This could definitely be a
meta-ibm layer type change if others in the community
prefer this enabled as the default.
resolves openbmc/openbmc#3379
(From meta-phosphor rev: dde999f1076f571a1760c9e5e536e63796749e57)
Change-Id: Ib229d8bf58aa075926fd302a0139a042d069f446
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Enabled pam-ipmicheck & pam-ipmisave modules in
pam password stacked modules. This modules will
store 'ipmi' group users password in encrypted
form in /etc/ipmi_pass file along with /etc/shadow.
This special file will be used by phosphor-ipmi-net
during RAKP messages.
This will not affect users who doesn't belong to
'ipmi' group.
(From meta-phosphor rev: 945a28a80ea24c59441ce511aff95092121dfc78)
Change-Id: I1b9e2c78c1e0b8a0f8da2a28c6d89638c45f692d
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Add pam-ipmi recipe from OpenBmc repo. This adds
pam_ipmisave & pam_ipmicheck modules which is responsible
for storing password in encrypted form for "ipmi" group
users.
(From meta-phosphor rev: 6176e3213c113eca4ecfda32ad929797cfec86d6)
Change-Id: I38b39266d82ed1cd3d7fe130a972cb6943a540df
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Add suitable pam modules in place which will enforce
password security
1. pam_cracklib is added with minimum length of 8. Length
greater than 8 can be configured through D-Bus interface.
2. pam_pwhistory is added to remember old password. Disabled
by default. Can be enabled through D-Bus interface
3. pam-tally2 used to lock out account after failed attempts.
Disabled by deault. Can be enabled through D-Bus interface
Note: pam_cracklib will do password verification one extra time,
hence with this fix, any password change will request,
Retype new password for 2 times.
(From meta-phosphor rev: bb70abc065a7eeb3206460ad20041bc132dab784)
Change-Id: Ibc5e275196509fb0b47c7174805195475d66590c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
The Name Service Switch (NSS) configuration file (nsswitch.conf),
is used by the GNU C Library to determine the sources from which
to obtain name-service information in a range of categories, and in what order
With the introduction of LDAP we have to add the LDAP as a source for the
name service info for the various maps/database(passwd, group, shadow).
(From meta-phosphor rev: 68f0934af8ebb0332e5075728d8006e4d846bd78)
Change-Id: I0781da24c50278e439e953d595d275fbfc6bf48a
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
FILESEXTRAPATHS_prepend was conditional for only ubi-based-file system
now we have the requirement where we want to prepend path for
all other cases,so moving the fstab file in the specific
directory and add that subdirectory-path conditionaly.
(From meta-phosphor rev: cb9552f017c3803dc0ec0ab628dce14863bf8389)
Change-Id: I9d3baf42ef1d712ec6c52f53a5ae56a2ceef1ddf
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
After the commit bba38f38e7e41525c30116a2fe990d113b8157da the firmware
with a static flash layout is unable to reboot.
It happens because the `reboot` applet was removed from the `busybox`.
This commit restore the `reboot` in the `busybox` for static layout.
Resolves openbmc/openbmc#3399
Tested in the `qemu` with firmwares for `palmetto` and `romulus`.
(From meta-phosphor rev: 8f400dacfc9138bc9395fe995ff914c10bd7eed0)
Change-Id: I5dd7ba0f999f0aa58e54594ad32669e2283e4cee
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
This changes the Dropbear SSH server configuration so it will not
accept medium-strength encryption ciphers including: CBC mode, MD5,
96-bit MAC, and triple DES.
The remaining ciphers include aes128-ctr and aes256-ctr. Dropbear
does not offer the arcfour cipher suite.
Note that Dropbear does not use a config file and instead uses
file options.h to control its features. This commit adds a
patch to disable the unwanted ciphers.
Tested:
On the qemu-based BMC:
ssh -c help 127.0.0.1
aes128-ctr,aes256-ctr
Before this change, the value was:
aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,
twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
Attempt to contact the BMC from host:
ssh -p 2222 -l root localhost # success
ssh -c aes128-cbc -p 2222 -l root localhost
Unable to negotiate with 127.0.0.1 port 2222: no matching cipher
found. Their offer: aes128-ctr,aes256-ctr
Before this change, the connection was successful.
Attempt to contact the BMC from older system:
ssh -V
OpenSSH_5.8p1, OpenSSL 0.9.8g 19 Oct 2007
ssh -p 2222 -l root ${BMC_IP_ADDR} # success
Resolves openbmc/openbmc#3186
(From meta-phosphor rev: 4ad7873e5dcd8475d48b6551002331a1efe4b2f1)
Change-Id: I5648a1602a3683afd9bd90ba62d8f6e4d9237506
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Patch systemd sources to fix detection of availability of
the kernel CONFIG_CGROUP_BPF option.
Resolves openbmc/linux#159
(From meta-phosphor rev: 7fbc79b12dc5e137830ffd35c0be839fe77b6699)
Change-Id: I82cd227cb6e14ca57a373b1c6a100a98cff799af
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
