diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-03-31 17:57:23 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-03-31 18:06:58 +0300 |
commit | 2daf84b2d486da0b21344da999553c8fa1228195 (patch) | |
tree | 04a2402d258019103ad1a4c9da71d78301cd5d42 /meta-arm/ci | |
parent | ced6278a187ae9eefe16fe59398f714857b7f76e (diff) | |
download | openbmc-2daf84b2d486da0b21344da999553c8fa1228195.tar.xz |
subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
Diffstat (limited to 'meta-arm/ci')
-rw-r--r-- | meta-arm/ci/clang.yml | 5 | ||||
-rw-r--r-- | meta-arm/ci/corstone1000-common.yml | 3 | ||||
-rw-r--r-- | meta-arm/ci/corstone500.yml | 9 | ||||
-rw-r--r-- | meta-arm/ci/fvp-base-arm32.yml | 7 | ||||
-rw-r--r-- | meta-arm/ci/fvp.yml | 2 | ||||
-rw-r--r-- | meta-arm/ci/gcc.yml | 7 | ||||
-rw-r--r-- | meta-arm/ci/glibc.yml | 7 | ||||
-rwxr-xr-x | meta-arm/ci/jobs-to-kas | 2 | ||||
-rw-r--r-- | meta-arm/ci/linux-yocto-dev.yml | 6 | ||||
-rw-r--r-- | meta-arm/ci/linux-yocto-rt.yml | 6 | ||||
-rw-r--r-- | meta-arm/ci/linux-yocto.yml | 7 | ||||
-rw-r--r-- | meta-arm/ci/poky-tiny.yml | 14 | ||||
-rw-r--r-- | meta-arm/ci/poky.yml | 4 | ||||
-rw-r--r-- | meta-arm/ci/u-boot.yml | 8 | ||||
-rwxr-xr-x | meta-arm/ci/update-repos | 8 |
15 files changed, 74 insertions, 21 deletions
diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml index a2063f19c0..eeee785269 100644 --- a/meta-arm/ci/clang.yml +++ b/meta-arm/ci/clang.yml @@ -6,5 +6,8 @@ repos: url: https://github.com/kraj/meta-clang local_conf_header: - clang: | + toolchain: | TOOLCHAIN = "clang" + # This is needed to stop bitbake getting confused about what clang/llvm is + # being used, see https://github.com/kraj/meta-clang/pull/766 + BBMASK += "/meta/recipes-devtools/llvm/llvm.*\.bb" diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml index 65ff9d3861..d856cfe795 100644 --- a/meta-arm/ci/corstone1000-common.yml +++ b/meta-arm/ci/corstone1000-common.yml @@ -3,13 +3,12 @@ header: includes: - ci/base.yml - ci/meta-openembedded.yml + - ci/poky-tiny.yml local_conf_header: extrapackages: | # Intentionally blank to prevent perf from being added to the image in base.yml -distro: poky-tiny - target: - corstone1000-image - perf diff --git a/meta-arm/ci/corstone500.yml b/meta-arm/ci/corstone500.yml index 437c97c5d7..0f9592e3da 100644 --- a/meta-arm/ci/corstone500.yml +++ b/meta-arm/ci/corstone500.yml @@ -3,17 +3,10 @@ header: includes: - ci/base.yml - ci/fvp.yml + - ci/poky-tiny.yml local_conf_header: fvp-config: | IMAGE_FEATURES:remove = " ssh-server-dropbear" - extrapackages: | - # Intentionally blank to prevent perf from being added to the image in base.yml machine: corstone500 - -distro: poky-tiny - -target: - - core-image-minimal - - perf diff --git a/meta-arm/ci/fvp-base-arm32.yml b/meta-arm/ci/fvp-base-arm32.yml deleted file mode 100644 index 9f790f670d..0000000000 --- a/meta-arm/ci/fvp-base-arm32.yml +++ /dev/null @@ -1,7 +0,0 @@ -header: - version: 11 - includes: - - ci/base.yml - - ci/fvp.yml - -machine: fvp-base-arm32 diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml index a12c621e0b..a8f8dfc083 100644 --- a/meta-arm/ci/fvp.yml +++ b/meta-arm/ci/fvp.yml @@ -3,7 +3,7 @@ header: local_conf_header: testimagefvp: | - INHERIT = "fvpboot" + INHERIT += "fvpboot" # This fails but we can't add to the ignorelist from meta-arm yet # https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604 TEST_SUITES:remove = "parselogs" diff --git a/meta-arm/ci/gcc.yml b/meta-arm/ci/gcc.yml new file mode 100644 index 0000000000..a39436804f --- /dev/null +++ b/meta-arm/ci/gcc.yml @@ -0,0 +1,7 @@ +header: + version: 11 + +#NOTE: This is the default for poky. This is only being added for completeness/clarity +local_conf_header: + toolchain: | + TOOLCHAIN = "gcc" diff --git a/meta-arm/ci/glibc.yml b/meta-arm/ci/glibc.yml new file mode 100644 index 0000000000..adc85a76e1 --- /dev/null +++ b/meta-arm/ci/glibc.yml @@ -0,0 +1,7 @@ +header: + version: 11 + +#NOTE: This is the default for poky. This is only being added for completeness/clarity +local_conf_header: + libc: | + TCLIBC = "glibc" diff --git a/meta-arm/ci/jobs-to-kas b/meta-arm/ci/jobs-to-kas index d6896b7728..b8615a5ff5 100755 --- a/meta-arm/ci/jobs-to-kas +++ b/meta-arm/ci/jobs-to-kas @@ -18,7 +18,7 @@ for i in $(echo $1 | cut -s -d ':' -f 2 | sed 's/[][,]//g'); do # defaults, we can simply ignore those parameters. They are necessary # to pass in so that matrix can correctly setup all of the permutations # of each individual run. - if [[ $i == 'none' || $i == 'gcc' || $i == 'glibc' || $i == 'uboot' ]]; then + if [[ $i == 'none' ]]; then continue fi FILES+=":ci/$i.yml" diff --git a/meta-arm/ci/linux-yocto-dev.yml b/meta-arm/ci/linux-yocto-dev.yml new file mode 100644 index 0000000000..a6fadce1ec --- /dev/null +++ b/meta-arm/ci/linux-yocto-dev.yml @@ -0,0 +1,6 @@ +header: + version: 9 + +local_conf_header: + kernel: | + PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-dev" diff --git a/meta-arm/ci/linux-yocto-rt.yml b/meta-arm/ci/linux-yocto-rt.yml new file mode 100644 index 0000000000..69d768c5a3 --- /dev/null +++ b/meta-arm/ci/linux-yocto-rt.yml @@ -0,0 +1,6 @@ +header: + version: 9 + +local_conf_header: + kernel: | + PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt" diff --git a/meta-arm/ci/linux-yocto.yml b/meta-arm/ci/linux-yocto.yml new file mode 100644 index 0000000000..359fea5a05 --- /dev/null +++ b/meta-arm/ci/linux-yocto.yml @@ -0,0 +1,7 @@ +header: + version: 9 + +#NOTE: This is the default for poky. This is only being added for completeness/clarity +local_conf_header: + kernel: | + PREFERRED_PROVIDER_virtual/kernel = "linux-yocto" diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml new file mode 100644 index 0000000000..cf252a0e18 --- /dev/null +++ b/meta-arm/ci/poky-tiny.yml @@ -0,0 +1,14 @@ +header: + version: 9 + +distro: poky-tiny + +local_conf_header: + hacking: | + TEST_SUITES = "ping" + extrapackages: | + # Intentionally blank to prevent perf from being added to the image in base.yml + +target: + - core-image-minimal + - perf diff --git a/meta-arm/ci/poky.yml b/meta-arm/ci/poky.yml new file mode 100644 index 0000000000..d4bcfebfd2 --- /dev/null +++ b/meta-arm/ci/poky.yml @@ -0,0 +1,4 @@ +header: + version: 9 + +distro: poky diff --git a/meta-arm/ci/u-boot.yml b/meta-arm/ci/u-boot.yml new file mode 100644 index 0000000000..76bdd23e74 --- /dev/null +++ b/meta-arm/ci/u-boot.yml @@ -0,0 +1,8 @@ +header: + version: 11 + +local_conf_header: + bootfirmware: | + PREFERRED_PROVIDER_virtual/bootloader = "u-boot" + TFA_UBOOT = "1" + TFA_UEFI = "0" diff --git a/meta-arm/ci/update-repos b/meta-arm/ci/update-repos index 91ff197584..9487102df1 100755 --- a/meta-arm/ci/update-repos +++ b/meta-arm/ci/update-repos @@ -4,6 +4,7 @@ import sys import os +import shutil import subprocess import pathlib @@ -34,9 +35,14 @@ if __name__ == "__main__": for repo in repositories: repodir = base_repodir / repo_shortname(repo) + + if "CI_CLEAN_REPOS" in os.environ: + print("Cleaning %s..." % repo) + shutil.rmtree(repodir, ignore_errors=True) + if repodir.exists(): print("Updating %s..." % repo) - subprocess.run(["git", "-C", repodir, "fetch"], check=True) + subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True) else: print("Cloning %s..." % repo) subprocess.run(["git", "clone", "--bare", repo, repodir], check=True) |