diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2022-07-15 22:00:58 +0300 |
|---|---|---|
| committer | Andrew Geissler <andrew@geissonator.com> | 2022-07-20 22:59:28 +0300 |
| commit | 615f2f11d3f46e3eae642475495a7ca4cfddc49e (patch) | |
| tree | d88ca73415c1690f5cc8deb783e45499aabccd3c /poky/meta/classes | |
| parent | bef0021cfe167ccb6ae2e71f546ecb21ccf1c204 (diff) | |
| download | openbmc-615f2f11d3f46e3eae642475495a7ca4cfddc49e.tar.xz | |
subtree updates
poky: ee0d001b81..4161dbbbd6:
Aatir Manzur (1):
docs: add CONVERSION_CMD definition
Ahmed Hossam (1):
insane.bbclass: host-user-contaminated: Correct per package home path
Alejandro Hernandez Samaniego (1):
package.bbclass: Fix base directory for debugsource files when using externalsrc
Alex Kiernan (1):
python3-cryptography: Cleanup DEPENDS/RDEPENDS
Alexander Kanavin (53):
mesa: update 22.0.3 -> 22.1.2
python3-numpy: update 1.22.3 -> 1.22.4
python3-setuptools: update 62.3.2 -> 62.5.0
vulkan: upgrade 1.3.211.0 -> 1.3.216.0
lttng-modules: update 2.13.3 -> 2.13.4
go: update 1.18.2 -> 1.18.3
ell: update 0.50 -> 0.51
libdrm: update 2.4.110 -> 2.4.111
diffoscope: upgrade 215 -> 216
dos2unix: upgrade 7.4.2 -> 7.4.3
librsvg: upgrade 2.54.3 -> 2.54.4
puzzles: upgrade to latest revision
sudo: upgrade 1.9.10 -> 1.9.11p2
wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
x264: upgrade to latest revision
python3-requests: upgrade 2.27.1 -> 2.28.0
oeqa/sdk: drop the nativesdk-python 2.x test
python3-hatch-vcs: fix upstream version check
at: take tarballs from debian
pango: exclude 1.9x versions which are 2.x pre-releases.
adwaita-icon-theme: upgrade 41.0 -> 42.0
rust: update 1.60.0 -> 1.62.0
weston: update 10.0.0 -> 10.0.1
python3-setuptools-scm: upgrade 6.4.2 -> 7.0.3
waffle: correctly request wayland-scanner executable
openssl: update 3.0.4 -> 3.0.5
diffoscope: upgrade 216 -> 217
glib-2.0: upgrade 2.72.2 -> 2.72.3
glib-networking: upgrade 2.72.0 -> 2.72.1
gstreamer1.0: upgrade 1.20.2 -> 1.20.3
harfbuzz: upgrade 4.3.0 -> 4.4.1
kmod: upgrade 29 -> 30
libsoup: upgrade 3.0.6 -> 3.0.7
mesa: upgrade 22.1.2 -> 22.1.3
mpg123: upgrade 1.29.3 -> 1.30.0
nghttp2: upgrade 1.47.0 -> 1.48.0
piglit: upgrade to latest revision
pulseaudio: upgrade 16.0 -> 16.1
python3-cffi: upgrade 1.15.0 -> 1.15.1
python3-cryptography: upgrade 37.0.2 -> 37.0.3
python3-cryptography-vectors: upgrade 37.0.2 -> 37.0.3
python3-hatchling: upgrade 1.3.0 -> 1.3.1
python3-hypothesis: upgrade 6.46.11 -> 6.48.2
python3-jsonschema: upgrade 4.6.0 -> 4.6.1
python3-mako: upgrade 1.2.0 -> 1.2.1
python3-pycryptodomex: upgrade 3.14.1 -> 3.15.0
python3-requests: upgrade 2.28.0 -> 2.28.1
python3-setuptools: upgrade 62.5.0 -> 62.6.0
python3-sphinx: upgrade 5.0.0 -> 5.0.2
xcb-proto: upgrade 1.15 -> 1.15.2
procps: restrict version check to 3.x
ncurses: mark upstream version as unknown
wayland: update 1.20.0 -> 1.21.0
Alexandre Belloni (1):
oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail
Aryaman Gupta (5):
buildstats.py: enable collection of /proc/pressure data
pybootchartgui: render cpu and io pressure
buildstats.bbclass: correct sampling of system stats
buildstats.py: close /proc/pressure/cpu file descriptor
buildperf/base.py: skip reduced_proc_pressure directory
Bruce Ashfield (29):
perf: fix reproducibility in 5.19+
linux-yocto/5.10: update to v5.10.121
linux-yocto/5.15: update to v5.15.46
linux-yocto/5.15: update to v5.15.48
linux-yocto/5.10: update to v5.10.123
linux-yocto-dev: bump to v5.19-rc
linux-yocto/5.15: drop obselete GPIO sysfs ABI
lttng-modules: fix 5.19+ build
kernel-devsrc: fix reproducibility and buildpaths QA warning
linux-yocto/5.15: update to v5.15.52
linux-yocto/5.10: update to v5.10.128
kernel-devsrc: ppc32: fix reproducibility
linux-yocto/5.15: fix qemuppc buildpaths warning
linux-yocto/5.15: fix build_OID_registry buildpaths warning
yocto-bsps: update to v5.10.128 and buildpaths fixes
yocto-bsps: update to v5.15.52 and buildpaths fixes
linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
linux-yocto/5.10: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: fix buildpaths issue with gen-mach-types
yocto-bsps/5.10: fix buildpaths issue with gen-mach-types
yocto-bsps/5.15: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: update to v5.15.54
linux-yocto/5.15: fix buildpaths issue with pnmtologo
linux-yocto/5.10: update to v5.10.130
linux-yocto/5.10: fix buildpaths issue with pnmtologo
yocto-bsps/5.10: fix buildpaths issue with pnmtologo
yocto-bsps/5.15: fix buildpaths issue with pnmtologo
yocto-bsps: update to v5.15.54
yocto-bsps: update to v5.10.130
Christoph Lauer (1):
package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo
David Bagonyi (1):
sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity
Dmitry Baryshkov (1):
linux-firmware: upgrade 20220509 -> 20220610
Enrico Scholz (6):
npm: replace 'npm pack' call by 'tar czf'
npm: return content of 'package.json' in 'npm_pack'
npm: take 'version' directly from 'package.json'
npm: disable 'audit' + 'fund'
lib:npm_registry: initial checkin
npm: use npm_registry to cache package
Federico Pellegrin (1):
signing-keys: fix RDEPENDS to signing-keys-dev
Gennaro Iorio (1):
bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls
He Zhe (1):
curl: Fix build failure for qemuriscv64
Jacob Kroon (1):
bitbake: bitbake-user-manual: Correct description of the ??= operator
Jose Quaresma (3):
archiver: don't use machine variables in shared recipes
sstate: Use the python3 ThreadPoolExecutor instead of the OE ThreadedPool
oe/utils: remove the ThreadedPool
Joshua Watt (1):
classes/create-spdx: Add SPDX_PRETTY option
Kai Kang (1):
glibc-tests: not clear BBCLASSEXTEND
Khem Raj (2):
libmodule-build-perl: Use env utility to find perl interpreter
ltp: Remove -mfpmath=sse on x86
Luca Ceresoli (1):
llvm: add PACKAGECONFIG[optviewer]
Lucas Stach (1):
perf: sort-pmuevents: really keep array terminators
Marius Kriegerowski (1):
scriptutils: fix style to be more PEP8 compliant
Marta Rybczynska (2):
cve-check: add support for Ignored CVEs
oeqa/selftest/cve_check: add tests for Ignored and partial reports
Martin Jansa (3):
mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again
wic: fix WicError message
bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV
Maxime Roussin-Bélanger (1):
libffi: fix native build being not portable
Michael Halstead (2):
releases: include 3.1.17
releases: include 4.0.2
Michael Opdenacker (18):
rootfs-postcommands.bbclass: correct comments
dev-manual: mention the new CVE patch metrics page
dev-manual: fix references to BitBake user manual
docs: standards.md: add more rules: line wrapping and variables
doc: standard for bulleted lists
ref-manual: add description for the "sysroot" term
manuals: update host tool requirements
ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
ref-manual: document SYSTEMD_DEFAULT_TARGET
ref-manual: IMAGE_FEATURES: add allow-root-login and correct allow-empty-password
ref-manual: correct description of empty-root-passwd in IMAGE_FEATURES
bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher
bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers
dev-manual: NPM packages: minor grammar fix
manuals: switch to the sstate mirror shared between all versions
manuals: replace hyphens with em dashes
dev-manual: update section about creating NPM packages
dev-manual: improve screenshot resolution
Ming Liu (3):
udev-extraconf: fix some systemd automount issues
meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE
udev-extraconf:mount.sh: fix path mismatching issues
Mingli Yu (1):
vim: not adjust script pathnames for native scripts either
Muhammad Hamza (6):
initramfs-framework: move storage mounts to actual rootfs
udev-extraconf/mount.sh: add LABELs to mountpoints
udev-extraconf/mount.sh: save mount name in our tmp filecache
udev-extraconf/mount.sh: only mount devices on hotplug
udev-extraconf: force systemd-udevd to use shared MountFlags
udev-extraconf/mount.sh: ignore lvm in automount
Nick Potenski (1):
systemd: systemd-systemctl: Support instance conf files during enable
Ola x Nilsson (1):
bitbake: ConfHandler: Remove lingering close
Pascal Bach (1):
bin_package: install into base_prefix
Paul Eggleton (4):
devtool: ignore pn- overrides when determining SRC_URI overrides
patch: handle if S points to a subdirectory of a git repo
devtool: finish: handle patching when S points to subdir of a git repo
oe-selftest: devtool: test modify git recipe building from a subdir
Paulo Neves (14):
python: Avoid shebang overflow on python-config.py
gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2
ref-manual: SYSTEMD_SERVICE allows multiple services
ref-manual: SYSTEMD_SERVICE overrides depend on SYSTEMD_PACKAGES
insane.bbclass: Make do_qa_staging check shebangs
oeqa/selftest: Add test for shebang overflow
oeqa/selftest: Test staged .la and .pc files
utils: Add cmdline_shebang_wrapper util.
libcheck: Fix too long shebang for native case.
utils: create_cmdline_shebang_wrapper whitespace and sed refactor
utils: create_cmdline_shebang_wrapper preserve permission and ownership
oeqa/sysroot.py: Check bitbake return status
bitbake: fetch: bb.fatal when trying to checksum non-existing files
oeqa: test_invalid_recipe_src_uri expect parse time error
Pavel Zhukov (4):
systemd: Add missed sys/file.h includes for musl
systemd: Rebase patches on v251
bitbake: tests/fetch: Add test for broken mirror tarball
systemd: update upstream status of merged patches
Peter Bergin (2):
systemd: add packageconfig for sysext
rust: fix issue building cross-canadian tools for aarch64 on x86_64
Peter Kjellerstedt (2):
ref-manual: Add documentation for INCOMPATIBLE_LICENSE_EXCEPTIONS
base.bbclass: Correct the test for obsolete license exceptions
Peter Marko (1):
alsa-state: correct license
Pgowda (1):
binutils : CVE-2019-1010204
Quentin Schulz (3):
docs: releases: move hardknott and honister to outdated section
docs: conf.py: bump minimum Sphinx version requirement
Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"
Raju Kumar Pothuraju (2):
runqemu: add QB_KERNEL_CMDLINE
kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set
Richard Purdie (42):
gcc-source: Fix incorrect task dependencies from ${B}
vim: Upgrade 8.2.5034 -> 8.2.5083
local.conf.sample: Update sstate url to new 'all' path
ref/dev-manual: Update multiconfig documentation
oeqa/runtime/scp: Disable scp test for dropbear
unzip: Port debian fixes for two CVEs
elfutils/flex: Disable parallel make ptest compile
bitbake: server/process: Fix logging issues where only the first message was displayed
coreutils: Tweak packaging variable names for coreutils-dev
packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
bitbake.conf/recipes: Introduce add DEV_PKG_DEPENDENCY to change RDEPENDS:${PN}-dev
bitbake.conf: Change -dev RDEPENDS to RRECOMMENDS
vim: 8.2.5083 -> 9.0.0005
ncurses: 6.3 -> 6.3+20220423
oe-selftest-image: Ensure the image has sftp as well as dropbear
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
openssl: Upgrade 3.0.3 -> 3.0.4
insane: Fix buildpaths test to work with special devices
go: Filter build paths on staticly linked arches
glibc-tests: Avoid reproducibility issues
gperf: Add a patch to work around reproducibility issues
bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests
icon-naming-utils: Resurrect for sato-icon-theme
sato-icon-theme: Add back with support for scalable icons
lua: Fix multilib buildpath reproducibility issues
vala: Fix on target wrapper buildpaths issue
gtk-doc: Remove hardcoded buildpath
gperf: Switch to upstream patch
qemu: Avoid accidental librdmacm linkage
kernel-arch: Fix buildpaths leaking into external module compiles
qemu: Fix slirp determinism issue
qemu: Add PACKAGECONFIG for brlapi
gcc-runtime: Fix build when using gold
insane: Add buildpaths to WARN_QA by default
insane: Reword staging to refer to populate_sysroot
bitbake: fetch2: Ensure directory exists before creating symlink
bitbake: fetch2: Drop DL_DIR fallback for local file fetcher
oeqa/selftest/sstatetests: Update test to work with bitbake changes
gcc-runtime: Fix missing MLPREFIX in debug mappings
insane: Drop debug exclusion from buildpaths test
selftest/runtime_test/virgl: Disable for all almalinux
local.conf.sample: Mention other MACHINE options may exist
Robert Joslyn (1):
curl: Update to 7.84.0
Ross Burton (24):
python3: fix a race condition in the test_socket.testSockName test
Add python3-editables (from meta-python)
Add python3-pathspec (from meta-python)
Add python3-hatchling (from meta-oe)
python3-hatch-vcs: add new recipe
python3-jsonschema: upgrade 4.5.1 -> 4.6.0
package_manager: Change complementary package handling to not include soft dependencies
cups: ignore CVE-2022-26691
cve-check: hook cleanup to the BuildCompleted event, not CookerExit
busybox: fix CVE-2022-30065
ncurses: use GitHub mirror, not Debian's packaging
ltp: remove open-posix-testsuite build logs
tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
perl: don't install Makefile.old into perl-ptest
vim: upgrade to 9.0.0021
ltp: fix builds when host ld doesn't know about target ELF formats
python3-setuptools-scm: add missing python3-typing-extensions dependency
python3-flit-core: bootstrap explicitly
python3-installer: bootstrap by installing installer with installer
python3-picobuild: add new recipe
python_pep517: use picobuild instead of manually calling the API
classes: remove obsolete PEP517_BUILD_API
python3-hatchling: remove PEP517_BUILD_API
documentation: remove obsolete PEP517_BUILD_API
Steve Sakoman (3):
qemu: add PACKAGECONFIG for capstone
qemu: Avoid accidental libvdeplug linkage
ruby: add PACKAGECONFIG for capstone
Sundeep KOKKONDA (2):
glibc: stable 2.35 branch updates
binutils : stable 2.38 branch updates
Thomas Perrot (1):
opensbi: Update to v1.1
Thomas Roos (1):
recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG
Xu Huan (2):
python3: upgrade 3.10.4 -> 3.10.5
python3-magic: upgrade 0.4.26 -> 0.4.27
Yi Zhao (2):
popt: fix override syntax in RDEPENDS
git: fix override syntax in RDEPENDS
Yogesh Tyagi (2):
testimage : remove curl-ptest from rpm index
curl : Add ptest
Yue Tao (1):
gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
Yulong (Kevin) Liu (1):
python3-pyasn1: Eliminated ptest deprecation warnings
aatir (1):
docs: make DISTRO_FEATURES description more explicit
niko.mauno@vaisala.com (3):
ptest.bbclass: Honor PARALLEL_MAKE, PARALLEL_MAKEINST
valgrind: Drop redundant oe_runmake parameter
strace: Drop redundant oe_runmake parameter
pgowda (1):
gcc: Backport a fix for gcc bug 105039
ssuesens (3):
weston.py: added xwayland test
weston.init: enabled xwayland
xwayland.weston-start: adaption of X11-unix folder
wangmy (57):
btrfs-tools: upgrade 5.18 -> 5.18.1
ethtool: upgrade 5.17 -> 5.18
file: upgrade 5.41 -> 5.42
libx11: upgrade 1.8 -> 1.8.1
lighttpd: upgrade 1.4.64 -> 1.4.65
gnu-config: update to latest version
musl-obstack: upgrade 1.1 -> 1.2
piglit: upgrade to latest revision
stress-ng: upgrade 0.14.01 -> 0.14.02
erofs-utils: upgrade 1.4 -> 1.5
alsa-lib: upgrade 1.2.7 -> 1.2.7.1
alsa-plugins: upgrade 1.2.6 -> 1.2.7.1
alsa-ucm-conf: upgrade 1.2.7 -> 1.2.7.1
bind: upgrade 9.18.3 -> 9.18.4
kbd: upgrade 2.5.0 -> 2.5.1
libproxy: upgrade 0.4.17 -> 0.4.18
python3-dbusmock: upgrade 0.27.5 -> 0.28.0
sbc: upgrade 1.5 -> 2.0
strace: upgrade 5.17 -> 5.18
python3-chardet: upgrade 4.0.0 -> 5.0.0
python3-importlib-metadata: upgrade 4.11.4 -> 4.12.0
python3-babel: upgrade 2.10.1 -> 2.10.3
python3-certifi: upgrade 2022.5.18.1 -> 2022.6.15
python3-dbusmock: upgrade 0.28.0 -> 0.28.1
python3-numpy: upgrade 1.22.4 -> 1.23.0
python3-pycryptodome: upgrade 3.14.1 -> 3.15.0
dmidecode: upgrade 3.3 -> 3.4
git: upgrade 2.36.1 -> 2.37.0
harfbuzz: upgrade 4.3.0 -> 4.4.0
speexdsp: upgrade 1.2.0 -> 1.2.1
speex: upgrade 1.2.0 -> 1.2.1
repo: upgrade 2.26 -> 2.27
sqlite3: upgrade 3.38.5 -> 3.39.0
sudo: upgrade 1.9.11p2 -> 1.9.11p3
createrepo-c: upgrade 0.20.0 -> 0.20.1
gst-devtools: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
inetutils: upgrade 2.2 -> 2.3
python3-atomicwrites: upgrade 1.4.0 -> 1.4.1
python3-cryptography: upgrade 37.0.3 -> 37.0.4
python3-cryptography-vectors: upgrade 37.0.3 -> 37.0.4
python3-hatchling: upgrade 1.3.1 -> 1.5.0
python3-imagesize: upgrade 1.3.0 -> 1.4.1
python3-jsonschema: upgrade 4.6.1 -> 4.7.1
python3-numpy: upgrade 1.23.0 -> 1.23.1
python3-typing-extensions: upgrade 4.2.0 -> 4.3.0
python3-urllib3: upgrade 1.26.9 -> 1.26.10
init-system-helpers: upgrade 1.63 -> 1.64
dpkg: upgrade 1.21.8 -> 1.21.9
meta-security: 8c6fe006a1..7ad5f6a9da:
Armin Kuster (32):
apparmor: fix ownership issues
sssd:move to dynamic networking-layer
layer.conf:add meta-netorking to BBFILES_DYNAMIC
packagegroup-core-security: drop sssd
packagegroup-core-security.bbappend: add sssd
oeqa: fix checksec runtime test
sssd: use example conf file
oeqa: sssd.py fix tests
sssd: update to 2.7.1
security-test-image: auto include layers if present.
smack-test: more py3 covertion
oeqa: update smack runtime test
aide: add a few more config options
oeqa: add aide test
libmhash: add native pkg support
classes: add aide routines
aide: add native support for build time db creation
aide.conf: adjust to allow for build time db creation
firejail: Add new package
oeqa: Add a very basic firejail test
packagegroup-core-security: add firejail
security-test-image: add firejail and aide test suites
oeqa/clamav drop depricated --list-mirror test
oeqa: meta-tpm shut swtpm down before and after testing
oeqa: shut done swtpm before and after testing
ccs-tools: update to 1.8.9
lynis: update to 3.0.8
README: update email address
packagegroup-core-security: skip mips firejail
chipsec: update to 1.8.5
security-build-image: add lkrg-module to build image
lkrg: update to 0.9.3
Jeremy A. Puhlman (2):
clamav: make install owner match the added user name
python3-privacyidea: add correct path to lib/privacyidea
Jose Quaresma (1):
meta-integrity: kernel-modsign: prevents splitting out debug symbols
Yi Zhao (1):
aide: fix typo
meta-openembedded: 11df15765c..31c10bd3e6:
Adrian Freihofer (3):
firewalld: update to 1.1.1 fixes ptest
firewalld: upgrade 1.1.1 -> 1.2.0
libqmi: upgrade 1.30.4 -> 1.30.8
Akash Hadke (2):
ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"
iperf: Set CVE_PRODUCT to "iperf_project:iperf"
Alex Kiernan (2):
jansson: Upgrade 2.13.1 -> 2.14
nftables: Upgrade 1.0.2 -> 1.0.4
Alex Stewart (1):
openvpn: distribute sample-config-files
Andreas Müller (1):
glmark2: Build with meson
Andrej Valek (1):
poco: upgrade 1.11.3 -> 1.12.0
Andrew Davis (1):
libsdl: The libsdl and libsdl2 are not virtual
Ashish Sharma (1):
netserver: don't change permissions on /dev/null
Aurélien Bertron (1):
fix(syslog-ng): warning about conf version
Bartosz Golaszewski (1):
python3-pybluez: fix a runtime issue with python 3.10
Ben Powell (1):
python3-can: Add typing-extensions dependency
Changqing Li (3):
chrony: create /var/lib/chrony by systemd-tmpfiles
redis: upgrade 6.2.6 -> 6.2.7
redis: upgrade 7.0.0 to 7.0.2
Chen Qi (2):
apache2: split out a new package apache2-utils
ntfs-3g-ntfsprogs: upgrade to 2022.5.17
Daide Li (1):
python3-iperf: initial add 0.1.11
Davide Gardenal (9):
usrsctp: add CVE_VERSION to correctly check for CVEs
ntp: ignore many CVEs
openflow: ignore CVE-2018-1078
emlog: ignore unrelated CVEs
imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
wireshark: upgrade 3.4.11 -> 3.4.12
thrift: add CVE_PRODUCT to fix CVE reporting
spice: ignore patched CVEs
quagga: ignore CVE-2016-4049
Fabien Parent (1):
gpsd-machine-conf: allow creation of an empty package
Harshal (1):
lldpd: upgrade 1.0.8 -> 1.0.14
Hitendra Prajapati (1):
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
Jan Vermaete (1):
netdata: version bump 1.34.1 -> 1.35.0
Javier Viguera (1):
networkmanager: fix build with enabled ppp
Jeremy Puhlman (1):
freeradius: mutlilib fixes
Jonas Gorski (1):
abseil-cpp: do not enforce -mfpu=neon on arm
Kai Kang (4):
libdbi-perl: fix interpreter on shebang line
libdev-checklib-perl: fix interpreter of script use-devel-checklib
libparse-yapp-perl: update interpreter of yapp
python3-flatbuffer: enable native
Khem Raj (8):
libxml++: Disable parallel make in ptest compile
geos: Disable inlining
php: Fix absolute paths to php in phar.phar scripts
libspiro: Add recipe
fontforge: Upgrade to 20220308
opencv: Link with libatomic on mips
fontforge: Use alternate way to detect libm
opencv: Link with libatomic on rv32
Leon Anavi (19):
python3-traitlets: Upgrade 5.2.1 -> 5.3.0
python3-humanize: Upgrade 4.1.0 -> 4.2.0
python3-autobahn: Upgrade 22.4.2 -> 22.5.1
python3-elementpath: Upgrade 2.5.0 -> 2.5.3
python3-eth-hash: Upgrade 0.3.2 -> 0.3.3
python3-serpent: Upgrade 1.40 -> 1.41
python3-web3: Upgrade 5.29.1 -> 5.29.2
python3-pika: Upgrade 1.2.1 -> 1.3.0
python3-tabulate: Upgrade 0.8.9 -> 0.8.10
python3-marshmallow: Upgrade 3.15.0 -> 3.17.0
python3-pychromecast: Upgrade 12.1.3 -> 12.1.4
python3-humanize: Upgrade 4.2.0 -> 4.2.3
python3-tornado: Upgrade 6.1 -> 6.2
python3-coverage: Upgrade 6.3.2 -> 6.4.1
python3-email-validator: Upgrade 1.1.3 -> 1.2.1
python3-networkx: Upgrade 2.7.1 -> 2.8.4
python3-unidiff: Upgrade 0.7.3 -> 0.7.4
python3-toolz: Upgrade 0.11.2 -> 0.12.0
python3-ansi2html: Upgrade 1.7.0 -> 1.8.0
Marcus Flyckt (1):
python3-pyconnman: Add 'future' runtime dependency
Markus Volk (1):
flatbuffers: update to 2.0.6
Martin Jansa (3):
glmark2: fix compatibility with python-3.11
leveldb: switch from master branch to main
tesseract-lang: switch from master branch to main
Mikko Rapeli (1):
polkit: switch back to mozjs but leave duktape as PACKAGECONFIG option
Mingli Yu (3):
kronosnet: Fix build with gcc-12
s-nail: Fix build with gcc-12
mariadb: Upgrade to 10.8.3
Pascal Bach (1):
python3-pybind11: upgrade 2.8.1 -> 2.9.2
Peter Kjellerstedt (1):
cryptsetup: Add support for building without SSH tokens
Ross Burton (5):
python3-cbor2: upgrade 5.4.2 to 5.4.3
cppzmq: fix -dev RDEPENDS
python3-hatchling: remove (now in oe-core)
python3-pathspec: remove (now in oe-core)
python3-editables: remove (now in oe-core)
Sakib Sajal (1):
minicoredumper: retry elf parsing as long as needed
Theodore A. Roth (1):
crda: Depend on correct wireless-regdb package
Wentao Zhang (1):
protobuf-c: update to 1.4.1 fix CVE-2022-33070
Xu Huan (20):
python3-lxml: upgrade 4.8.0 -> 4.9.0
python3-msgpack: upgrade 1.0.3 -> 1.0.4
python3-protobuf: upgrade 3.20.1 -> 4.21.1
python3-mypy: upgrade 0.960 -> 0.961
python3-pylint: upgrade 2.13.9 -> 2.14.1
python3-smbus2: upgrade 0.4.1 -> 0.4.2
python3-pillow: upgrade 9.0.1 -> 9.1.1
python3-pychromecast: upgrade 12.1.2 -> 12.1.3
python3-pylint: upgrade 2.14.1 -> 2.14.3
python3-pyscaffold: upgrade 4.2.2 -> 4.2.3
python3-redis: upgrade 4.3.1 -> 4.3.3
python3-aiohue: upgrade 4.4.1 -> 4.4.2
python3-astroid: upgrade 2.11.5 -> 2.11.6
python3-charset-normalizer: upgrade 2.0.12 -> 2.1.0
python3-colorama: upgrade 0.4.4 -> 0.4.5
python3-eth-typing: upgrade 3.0.0 -> 3.1.0
python3-autobahn: upgrade 22.5.1 -> 22.6.1
python3-awesomeversion: upgrade 22.5.2 -> 22.6.0
python3-grpcio: upgrade 1.45.0 -> 1.47.0
python3-lxml: upgrade 4.9.0 -> 4.9.1
Yi Zhao (12):
openldap: pass correct URANDOM_DEVICE to CPPFLAGS
openvpn: eliminate build path from openvpn --version option
grubby: fix syntax for ALTERNATIVE
duktape: fix override syntax in RDEPENDS
polkit-group-rule-udisks2: fix override syntax in RDEPENDS
libcrypt-openssl-guess-perl: fix syntax for PROVIDES
evince: fix typo for RRECOMMENDS
blueman: fix typo for RRECOMMENDS
dnsmasq: Security fix CVE-2022-0934
strongswan: upgrade 5.9.5 -> 5.9.6
openvpn: add PACKAGECONFIG for systemd
openvpn: add PACKAGECONFIG for selinux
Yue Tao (2):
exo: upgrade 4.16.3 -> 4.16.4
dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291
Zoltán Böszörményi (5):
opencv: Upgrade to version 4.6.0
proj: Upgrade to 8.2.1
python3-pyproj: New recipe for pyproj version 3.3.1
geos: Upgrade to 3.9.3
libspatialite: Upgrade to 5.0.1
jybros (1):
clinfo: use virtual opencl loader provider
wangmy (72):
python3-cantools: upgrade 37.0.7 -> 37.1.0
python3-regex: upgrade 2022.4.24 -> 2022.6.2
python3-sqlalchemy: upgrade 1.4.36 -> 1.4.37
python3-twine: upgrade 4.0.0 -> 4.0.1
python3-waitress: upgrade 2.1.1 -> 2.1.2
python3-xmlschema: upgrade 1.11.0 -> 1.11.1
gspell: upgrade 1.10.0 -> 1.11.1
ctags: upgrade 5.9.20220529.0 -> 5.9.20220605.0
feh: upgrade 3.8 -> 3.9
inotify-tools: upgrade 3.22.1.0 -> 3.22.6.0
apache2: upgrade 2.4.53 -> 2.4.54
libnftnl: upgrade 1.2.1 -> 1.2.2
nbdkit: upgrade 1.31.7 -> 1.31.8
irssi: upgrade 1.2.3 -> 1.4.1
musl-nscd: upgrade 1.0.2 -> 1.1.0
rdma-core: upgrade 40.0 -> 41.0
snort: upgrade 2.9.19 -> 2.9.20
php: upgrade 8.1.6 -> 8.1.7
poco: upgrade 1.11.2 -> 1.11.3
pyxdg: upgrade 0.27 -> 0.28
syslog-ng: upgrade 3.36.1 -> 3.37.1
dnf-plugin-tui: Added postatinstall
python3-dill: upgrade 0.3.4 -> 0.3.5.1
python3-robotframework-seriallibrary: upgrade 0.3.1 -> 0.4.3
python3-ujson: upgrade 5.1.0 -> 5.3.0
python3-watchdog: upgrade 2.1.8 -> 2.1.9
python3-websocket-client: upgrade 1.3.2 -> 1.3.3
gnome-commander: upgrade 1.14.2 -> 1.14.3
libwacom: upgrade 2.2.0 -> 2.3.0
nbdkit: upgrade 1.31.8 -> 1.31.9
googletest: upgrade 1.11.0 -> 1.12.0
gperftools: upgrade 2.9.1 -> 2.10
iwd: upgrade 1.27 -> 1.28
libzip: upgrade 1.8.0 -> 1.9.0
postgresql: upgrade 14.3 -> 14.4
uftrace: upgrade 0.11 -> 0.12
python3-googleapis-common-protos: upgrade 1.56.2 -> 1.56.3
python3-ifaddr: upgrade 0.1.7 -> 0.2.0
python3-jmespath: upgrade 1.0.0 -> 1.0.1
python3-pandas: upgrade 1.4.2 -> 1.4.3
python3-zeroconf: upgrade 0.38.6 -> 0.38.7
geocode-glib: upgrade 3.26.2 -> 3.26.3
gnome-bluetooth: upgrade 42.0 -> 42.1
gnome-calculator: upgrade 42.0 -> 42.2
gnome-text-editor: upgrade 42.1 -> 42.2
gtk4: upgrade 4.6.4 -> 4.6.6
gtksourceview5: upgrade 5.4.1 -> 5.4.2
gvfs: upgrade 1.50.0 -> 1.50.2
abseil-cpp: upgrade 20211102 -> 20220623
capnproto: upgrade 0.9.1 -> 0.10.2
ctags: upgrade 5.9.20220605.0 -> 5.9.20220703.0
fwupd: upgrade 1.7.6 -> 1.8.1
googletest: upgrade 1.12.0 -> 1.12.1
nautilus: upgrade 42.1.1 -> 42.2
nbdkit: upgrade 1.31.9 -> 1.31.10
openconnect: upgrade 8.20 -> 9.01
bats: upgrade 1.6.1 -> 1.7.0
cloc: upgrade 1.92 -> 1.94
hwdata: upgrade 0.360 -> 0.361
libvpx: upgrade 1.11.0 -> 1.12.0
libzip: upgrade 1.9.0 -> 1.9.2
pegtl: upgrade 3.2.5 -> 3.2.6
phoronix-test-suite: upgrade 10.8.3 -> 10.8.4
poppler: upgrade 22.06.0 -> 22.07.0
netdata: upgrade 1.35.0 -> 1.35.1
evince: upgrade 42.2 -> 42.3
gjs: upgrade 1.72.0 -> 1.72.1
gnome-bluetooth: upgrade 42.1 -> 42.2
libadwaita: upgrade 1.1.1 -> 1.1.2
liburing: upgrade 2.1 -> 2.2
libcrypt-openssl-rsa-perl: upgrade 0.32 -> 0.33
libencode-perl: upgrade 3.17 -> 3.18
zhengruoqin (23):
python3-absl: upgrade 1.0.0 -> 1.1.0
python3-alembic: upgrade 1.7.7 -> 1.8.0
python3-asyncinotify: upgrade 2.0.3 -> 2.0.4
python3-crc32c: upgrade 2.2.post0 -> 2.3
python3-msk: upgrade 0.3.16 -> 0.4.0
python3-bitstruct: upgrade 8.14.1 -> 8.15.1
python3-google-api-python-client: upgrade 2.49.0 -> 2.50.0
python3-google-auth: upgrade 2.6.6 -> 2.7.0
python3-xmlschema: upgrade 1.11.1 -> 1.11.2
python3-flask-wtf: upgrade 0.15.1 -> 1.0.1
python3-gnupg: upgrade 0.4.8 -> 0.4.9
python3-google-api-python-client: upgrade 2.50.0 -> 2.51.0
python3-kiwisolver: upgrade 1.4.2 -> 1.4.3
python3-nmap: upgrade 1.5.1 -> 1.5.4
python3-asyncinotify: upgrade 2.0.4 -> 2.0.5
python3-google-auth: upgrade 2.7.0 -> 2.8.0
python3-protobuf: upgrade 4.21.1 -> 4.21.2
python3-sqlalchemy: upgrade 1.4.37 -> 1.4.39
python3-xmlschema: upgrade 1.11.2 -> 1.11.3
python3-engineio: upgrade 4.3.2 -> 4.3.3
python3-google-api-core: upgrade 2.8.0 -> 2.8.2
python3-google-auth: upgrade 2.8.0 -> 2.9.0
python3-grpcio-tools: upgrade 1.46.3 -> 1.47.0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I22f0dab7f3253d77cc99fd462c6be45ddeb333cd
Diffstat (limited to 'poky/meta/classes')
24 files changed, 253 insertions, 97 deletions
diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index 8d026067f4..33070cd17f 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -55,9 +55,10 @@ ARCHIVER_MODE[compression] ?= "xz" DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources" ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources" -ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/" +ARCHIVER_ARCH = "${TARGET_SYS}" +ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${ARCHIVER_ARCH}/${PF}/" ARCHIVER_RPMTOPDIR ?= "${WORKDIR}/deploy-sources-rpm" -ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${TARGET_SYS}/${PF}/" +ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${ARCHIVER_ARCH}/${PF}/" ARCHIVER_WORKDIR = "${WORKDIR}/archiver-work/" # When producing a combined mirror directory, allow duplicates for the case @@ -101,6 +102,10 @@ python () { bb.debug(1, 'archiver: %s is excluded, covered by gcc-source' % pn) return + # TARGET_SYS in ARCHIVER_ARCH will break the stamp for gcc-source in multiconfig + if pn.startswith('gcc-source'): + d.setVar('ARCHIVER_ARCH', "allarch") + def hasTask(task): return bool(d.getVarFlag(task, "task", False)) and not bool(d.getVarFlag(task, "noexec", False)) diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass index 20968a5076..cc02de5f77 100644 --- a/poky/meta/classes/base.bbclass +++ b/poky/meta/classes/base.bbclass @@ -594,9 +594,9 @@ python () { for lic_exception in exceptions: if ":" in lic_exception: - lic_exception.split(":")[0] + lic_exception = lic_exception.split(":")[1] if lic_exception in oe.license.obsolete_license_list(): - bb.fatal("Invalid license %s used in INCOMPATIBLE_LICENSE_EXCEPTIONS" % lic_exception) + bb.fatal("Obsolete license %s used in INCOMPATIBLE_LICENSE_EXCEPTIONS" % lic_exception) pkgs = d.getVar('PACKAGES').split() skipped_pkgs = {} diff --git a/poky/meta/classes/bin_package.bbclass b/poky/meta/classes/bin_package.bbclass index c3aca20443..f0407e1329 100644 --- a/poky/meta/classes/bin_package.bbclass +++ b/poky/meta/classes/bin_package.bbclass @@ -30,8 +30,9 @@ bin_package_do_install () { bbfatal bin_package has nothing to install. Be sure the SRC_URI unpacks into S. fi cd ${S} + install -d ${D}${base_prefix} tar --no-same-owner --exclude='./patches' --exclude='./.pc' -cpf - . \ - | tar --no-same-owner -xpf - -C ${D} + | tar --no-same-owner -xpf - -C ${D}${base_prefix} } FILES:${PN} = "/" diff --git a/poky/meta/classes/buildstats.bbclass b/poky/meta/classes/buildstats.bbclass index 0de605200a..132ecaa98b 100644 --- a/poky/meta/classes/buildstats.bbclass +++ b/poky/meta/classes/buildstats.bbclass @@ -285,7 +285,8 @@ python runqueue_stats () { if system_stats: # Ensure that we sample at important events. done = isinstance(e, bb.event.BuildCompleted) - system_stats.sample(e, force=done) + if system_stats.sample(e, force=done): + d.setVar('_buildstats_system_stats', system_stats) if done: system_stats.close() d.delVar('_buildstats_system_stats') diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass index 37b6b569a1..15cccac84b 100644 --- a/poky/meta/classes/create-spdx.bbclass +++ b/poky/meta/classes/create-spdx.bbclass @@ -25,6 +25,7 @@ SPDX_ARCHIVE_PACKAGED ??= "0" SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc" +SPDX_PRETTY ??= "0" SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" @@ -76,6 +77,11 @@ def recipe_spdx_is_native(d, recipe): def is_work_shared_spdx(d): return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR')) +def get_json_indent(d): + if d.getVar("SPDX_PRETTY") == "1": + return 2 + return None + python() { import json if d.getVar("SPDX_LICENSE_DATA"): @@ -515,7 +521,7 @@ python do_create_spdx() { dep_recipes = collect_dep_recipes(d, doc, recipe) - doc_sha1 = oe.sbom.write_doc(d, doc, "recipes") + doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d)) dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe)) recipe_ref = oe.spdx.SPDXExternalDocumentRef() @@ -579,7 +585,7 @@ python do_create_spdx() { add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources) - oe.sbom.write_doc(d, package_doc, "packages") + oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d)) } # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work @@ -743,7 +749,7 @@ python do_create_runtime_spdx() { ) seen_deps.add(dep) - oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy) + oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d)) } addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work @@ -938,7 +944,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages): image_spdx_path = rootfs_deploydir / (rootfs_name + ".spdx.json") with image_spdx_path.open("wb") as f: - doc.to_json(f, sort_keys=True) + doc.to_json(f, sort_keys=True, indent=get_json_indent(d)) num_threads = int(d.getVar("BB_NUMBER_THREADS")) @@ -996,7 +1002,11 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages): index["documents"].sort(key=lambda x: x["filename"]) - index_str = io.BytesIO(json.dumps(index, sort_keys=True).encode("utf-8")) + index_str = io.BytesIO(json.dumps( + index, + sort_keys=True, + indent=get_json_indent(d), + ).encode("utf-8")) info = tarfile.TarInfo() info.name = "index.json" @@ -1010,4 +1020,4 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages): spdx_index_path = rootfs_deploydir / (rootfs_name + ".spdx.index.json") with spdx_index_path.open("w") as f: - json.dump(index, f, sort_keys=True) + json.dump(index, f, sort_keys=True, indent=get_json_indent(d)) diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 1b4910f737..da7f93371c 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -47,7 +47,9 @@ CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" +# Report Patched or Ignored CVEs CVE_CHECK_REPORT_PATCHED ??= "1" + CVE_CHECK_SHOW_WARNINGS ??= "1" # Provide text output @@ -144,7 +146,7 @@ python do_cve_check () { bb.fatal("Failure in searching patches") ignored, patched, unpatched, status = check_cves(d, patched_cves) if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): - cve_data = get_cve_info(d, patched + unpatched) + cve_data = get_cve_info(d, patched + unpatched + ignored) cve_write_data(d, patched, unpatched, ignored, cve_data, status) else: bb.note("No CVE database found, skipping CVE check") @@ -164,7 +166,7 @@ python cve_check_cleanup () { } addhandler cve_check_cleanup -cve_check_cleanup[eventmask] = "bb.cooker.CookerExit" +cve_check_cleanup[eventmask] = "bb.event.BuildCompleted" python cve_check_write_rootfs_manifest () { """ @@ -258,6 +260,7 @@ def check_cves(d, patched_cves): suffix = d.getVar("CVE_VERSION_SUFFIX") cves_unpatched = [] + cves_ignored = [] cves_status = [] cves_in_recipe = False # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) @@ -291,9 +294,8 @@ def check_cves(d, patched_cves): cve = cverow[0] if cve in cve_ignore: - bb.note("%s-%s has been ignored for %s" % (product, pv, cve)) - # TODO: this should be in the report as 'ignored' - patched_cves.add(cve) + bb.note("%s-%s ignores %s" % (product, pv, cve)) + cves_ignored.append(cve) continue elif cve in patched_cves: bb.note("%s has been patched" % (cve)) @@ -305,9 +307,13 @@ def check_cves(d, patched_cves): cves_in_recipe = True vulnerable = False + ignored = False + for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): (_, _, _, version_start, operator_start, version_end, operator_end) = row #bb.debug(2, "Evaluating row " + str(row)) + if cve in cve_ignore: + ignored = True if (operator_start == '=' and pv == version_start) or version_start == '-': vulnerable = True @@ -340,13 +346,16 @@ def check_cves(d, patched_cves): vulnerable = vulnerable_start or vulnerable_end if vulnerable: - bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) - cves_unpatched.append(cve) + if ignored: + bb.note("%s is ignored in %s-%s" % (cve, pn, real_pv)) + cves_ignored.append(cve) + else: + bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) + cves_unpatched.append(cve) break if not vulnerable: bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) - # TODO: not patched but not vulnerable patched_cves.add(cve) if not cves_in_product: @@ -358,7 +367,7 @@ def check_cves(d, patched_cves): if not cves_in_recipe: bb.note("No CVE records for products in recipe %s" % (pn)) - return (list(cve_ignore), list(patched_cves), cves_unpatched, cves_status) + return (list(cves_ignored), list(patched_cves), cves_unpatched, cves_status) def get_cve_info(d, cves): """ @@ -396,6 +405,8 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() + report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1" + if exclude_layers and layer in exclude_layers: return @@ -403,7 +414,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): return # Early exit, the text format does not report packages without CVEs - if not patched+unpatched: + if not patched+unpatched+ignored: return nvd_link = "https://nvd.nist.gov/vuln/detail/" @@ -413,13 +424,16 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): for cve in sorted(cve_data): is_patched = cve in patched - if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"): + is_ignored = cve in ignored + + if (is_patched or is_ignored) and not report_all: continue + write_string += "LAYER: %s\n" % layer write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) write_string += "CVE: %s\n" % cve - if cve in ignored: + if is_ignored: write_string += "CVE STATUS: Ignored\n" elif is_patched: write_string += "CVE STATUS: Patched\n" @@ -496,6 +510,8 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split() exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split() + report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1" + if exclude_layers and layer in exclude_layers: return @@ -522,10 +538,11 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): for cve in sorted(cve_data): is_patched = cve in patched + is_ignored = cve in ignored status = "Unpatched" - if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"): + if (is_patched or is_ignored) and not report_all: continue - if cve in ignored: + if is_ignored: status = "Ignored" elif is_patched: status = "Patched" diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass index 9ca84bace9..37e10ad850 100644 --- a/poky/meta/classes/insane.bbclass +++ b/poky/meta/classes/insane.bbclass @@ -20,7 +20,7 @@ # Elect whether a given type of error is a warning or error, they may # have been set by other files. -WARN_QA ?= " libdir xorg-driver-abi \ +WARN_QA ?= " libdir xorg-driver-abi buildpaths \ textrel incompatible-license files-invalid \ infodir build-deps src-uri-bad symlink-to-sysroot multilib \ invalid-packageconfig host-user-contaminated uppercase-pn patch-fuzz \ @@ -444,12 +444,11 @@ def package_qa_check_buildpaths(path, name, d, elf, messages): Check for build paths inside target files and error if paths are not explicitly ignored. """ - # Ignore .debug files, not interesting - if path.find(".debug") != -1: - return + import stat - # Ignore symlinks - if os.path.islink(path): + # Ignore symlinks/devs/fifos + mode = os.lstat(path).st_mode + if stat.S_ISLNK(mode) or stat.S_ISBLK(mode) or stat.S_ISFIFO(mode) or stat.S_ISCHR(mode) or stat.S_ISSOCK(mode): return tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8") @@ -630,6 +629,11 @@ def qa_check_staged(path,d): bb.note("Recipe %s skipping qa checking: pkgconfig" % d.getVar('PN')) skip_pkgconfig = True + skip_shebang_size = False + if 'shebang-size' in skip: + bb.note("Recipe %s skipping qa checkking: shebang-size" % d.getVar('PN')) + skip_shebang_size = True + # find all .la and .pc files # read the content # and check for stuff that looks wrong @@ -651,6 +655,13 @@ def qa_check_staged(path,d): error_msg = "%s failed sanity test (tmpdir) in path %s" % (file,root) oe.qa.handle_error("pkgconfig", error_msg, d) + if not skip_shebang_size: + errors = {} + package_qa_check_shebang_size(path, "", d, None, errors) + for e in errors: + oe.qa.handle_error(e, errors[e], d) + + # Run all package-wide warnfuncs and errorfuncs def package_qa_package(warnfuncs, errorfuncs, package, d): warnings = {} @@ -970,7 +981,7 @@ def package_qa_check_host_user(path, name, d, elf, messages): dest = d.getVar('PKGDEST') pn = d.getVar('PN') - home = os.path.join(dest, 'home') + home = os.path.join(dest, name, 'home') if path == home or path.startswith(home + os.sep): return @@ -1137,11 +1148,14 @@ python do_package_qa_setscene () { } addtask do_package_qa_setscene -python do_qa_staging() { - bb.note("QA checking staging") - qa_check_staged(d.expand('${SYSROOT_DESTDIR}${libdir}'), d) - oe.qa.exit_with_message_if_errors("QA staging was broken by the package built above", d) +python do_qa_sysroot() { + bb.note("QA checking do_populate_sysroot") + sysroot_destdir = d.expand('${SYSROOT_DESTDIR}') + for sysroot_dir in d.expand('${SYSROOT_DIRS}').split(): + qa_check_staged(sysroot_destdir + sysroot_dir, d) + oe.qa.exit_with_message_if_errors("do_populate_sysroot for this recipe installed files with QA issues", d) } +do_populate_sysroot[postfuncs] += "do_qa_sysroot" python do_qa_patch() { import subprocess @@ -1333,10 +1347,6 @@ python do_qa_unpack() { unpack_check_src_uri(d.getVar('PN'), d) } -# The Staging Func, to check all staging -#addtask qa_staging after do_populate_sysroot before do_build -do_populate_sysroot[postfuncs] += "do_qa_staging " - # Check for patch fuzz do_patch[postfuncs] += "do_qa_patch " diff --git a/poky/meta/classes/kernel-arch.bbclass b/poky/meta/classes/kernel-arch.bbclass index 07ec242e63..348a3adf22 100644 --- a/poky/meta/classes/kernel-arch.bbclass +++ b/poky/meta/classes/kernel-arch.bbclass @@ -61,7 +61,7 @@ HOST_LD_KERNEL_ARCH ?= "${TARGET_LD_KERNEL_ARCH}" TARGET_AR_KERNEL_ARCH ?= "" HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}" -KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}" +KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}" KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}" KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}" TOOLCHAIN = "gcc" diff --git a/poky/meta/classes/kernel-fitimage.bbclass b/poky/meta/classes/kernel-fitimage.bbclass index 7e09b075ff..2112ae4cfa 100644 --- a/poky/meta/classes/kernel-fitimage.bbclass +++ b/poky/meta/classes/kernel-fitimage.bbclass @@ -148,7 +148,7 @@ fitimage_emit_section_kernel() { kernel-$2 { description = "Linux kernel"; data = /incbin/("$3"); - type = "kernel"; + type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; arch = "${UBOOT_ARCH}"; os = "linux"; compression = "$4"; diff --git a/poky/meta/classes/kernel-uboot.bbclass b/poky/meta/classes/kernel-uboot.bbclass index 2daa068298..1bc98e042d 100644 --- a/poky/meta/classes/kernel-uboot.bbclass +++ b/poky/meta/classes/kernel-uboot.bbclass @@ -2,6 +2,9 @@ FIT_KERNEL_COMP_ALG ?= "gzip" FIT_KERNEL_COMP_ALG_EXTENSION ?= ".gz" +# Kernel image type passed to mkimage (i.e. kernel kernel_noload...) +UBOOT_MKIMAGE_KERNEL_TYPE ?= "kernel" + uboot_prep_kimage() { if [ -e arch/${ARCH}/boot/compressed/vmlinux ]; then vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux" @@ -15,6 +18,12 @@ uboot_prep_kimage() { linux_comp="none" else vmlinux_path="vmlinux" + # Use vmlinux.initramfs for linux.bin when INITRAMFS_IMAGE_BUNDLE set + # As per the implementation in kernel.bbclass. + # See do_bundle_initramfs function + if [ "${INITRAMFS_IMAGE_BUNDLE}" = "1" ] && [ -e vmlinux.initramfs ]; then + vmlinux_path="vmlinux.initramfs" + fi linux_suffix="${FIT_KERNEL_COMP_ALG_EXTENSION}" linux_comp="${FIT_KERNEL_COMP_ALG}" fi diff --git a/poky/meta/classes/kernel-uimage.bbclass b/poky/meta/classes/kernel-uimage.bbclass index cedb4fa070..2e661ea916 100644 --- a/poky/meta/classes/kernel-uimage.bbclass +++ b/poky/meta/classes/kernel-uimage.bbclass @@ -30,6 +30,6 @@ do_uboot_mkimage() { awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` fi - uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage + uboot-mkimage -A ${UBOOT_ARCH} -O linux -T ${UBOOT_MKIMAGE_KERNEL_TYPE} -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage rm -f linux.bin } diff --git a/poky/meta/classes/npm.bbclass b/poky/meta/classes/npm.bbclass index dbfc2e728e..deea53c9ec 100644 --- a/poky/meta/classes/npm.bbclass +++ b/poky/meta/classes/npm.bbclass @@ -19,7 +19,7 @@ inherit python3native -DEPENDS:prepend = "nodejs-native " +DEPENDS:prepend = "nodejs-native nodejs-oe-cache-native " RDEPENDS:${PN}:append:class-target = " nodejs" EXTRA_OENPM = "" @@ -46,6 +46,7 @@ NPM_ARCH ?= "${@npm_target_arch_map(d.getVar("TARGET_ARCH"))}" NPM_PACKAGE = "${WORKDIR}/npm-package" NPM_CACHE = "${WORKDIR}/npm-cache" NPM_BUILD = "${WORKDIR}/npm-build" +NPM_REGISTRY = "${WORKDIR}/npm-registry" def npm_global_configs(d): """Get the npm global configuration""" @@ -53,17 +54,42 @@ def npm_global_configs(d): # Ensure no network access is done configs.append(("offline", "true")) configs.append(("proxy", "http://invalid")) + configs.append(("funds", False)) + configs.append(("audit", False)) # Configure the cache directory configs.append(("cache", d.getVar("NPM_CACHE"))) return configs +## 'npm pack' runs 'prepare' and 'prepack' scripts. Support for +## 'ignore-scripts' which prevents this behavior has been removed +## from nodejs 16. Use simple 'tar' instead of. def npm_pack(env, srcdir, workdir): - """Run 'npm pack' on a specified directory""" - import shlex - cmd = "npm pack %s" % shlex.quote(srcdir) - args = [("ignore-scripts", "true")] - tarball = env.run(cmd, args=args, workdir=workdir).strip("\n") - return os.path.join(workdir, tarball) + """Emulate 'npm pack' on a specified directory""" + import subprocess + import os + import json + + src = os.path.join(srcdir, 'package.json') + with open(src) as f: + j = json.load(f) + + # base does not really matter and is for documentation purposes + # only. But the 'version' part must exist because other parts of + # the bbclass rely on it. + base = j['name'].split('/')[-1] + tarball = os.path.join(workdir, "%s-%s.tgz" % (base, j['version'])); + + # TODO: real 'npm pack' does not include directories while 'tar' + # does. But this does not seem to matter... + subprocess.run(['tar', 'czf', tarball, + '--exclude', './node-modules', + '--exclude-vcs', + '--transform', 's,^\./,package/,', + '--mtime', '1985-10-26T08:15:00.000Z', + '.'], + check = True, cwd = srcdir) + + return (tarball, j) python npm_do_configure() { """ @@ -87,27 +113,24 @@ python npm_do_configure() { from bb.fetch2.npm import npm_unpack from bb.fetch2.npmsw import foreach_dependencies from bb.progress import OutOfProgressHandler + from oe.npm_registry import NpmRegistry bb.utils.remove(d.getVar("NPM_CACHE"), recurse=True) bb.utils.remove(d.getVar("NPM_PACKAGE"), recurse=True) env = NpmEnvironment(d, configs=npm_global_configs(d)) + registry = NpmRegistry(d.getVar('NPM_REGISTRY'), d.getVar('NPM_CACHE')) - def _npm_cache_add(tarball): - """Run 'npm cache add' for a specified tarball""" - cmd = "npm cache add %s" % shlex.quote(tarball) - env.run(cmd) + def _npm_cache_add(tarball, pkg): + """Add tarball to local registry and register it in the + cache""" + registry.add_pkg(tarball, pkg) def _npm_integrity(tarball): """Return the npm integrity of a specified tarball""" sha512 = bb.utils.sha512_file(tarball) return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode() - def _npm_version(tarball): - """Return the version of a specified tarball""" - regex = r"-(\d+\.\d+\.\d+(-.*)?(\+.*)?)\.tgz" - return re.search(regex, tarball).group(1) - def _npmsw_dependency_dict(orig, deptree): """ Return the sub dictionary in the 'orig' dictionary corresponding to the @@ -164,11 +187,11 @@ python npm_do_configure() { with tempfile.TemporaryDirectory() as tmpdir: # Add the dependency to the npm cache destdir = os.path.join(d.getVar("S"), destsuffix) - tarball = npm_pack(env, destdir, tmpdir) - _npm_cache_add(tarball) + (tarball, pkg) = npm_pack(env, destdir, tmpdir) + _npm_cache_add(tarball, pkg) # Add its signature to the cached shrinkwrap dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree) - dep["version"] = _npm_version(tarball) + dep["version"] = pkg['version'] dep["integrity"] = _npm_integrity(tarball) if params.get("dev", False): dep["dev"] = True @@ -185,7 +208,7 @@ python npm_do_configure() { # Configure the main package with tempfile.TemporaryDirectory() as tmpdir: - tarball = npm_pack(env, d.getVar("S"), tmpdir) + (tarball, _) = npm_pack(env, d.getVar("S"), tmpdir) npm_unpack(tarball, d.getVar("NPM_PACKAGE"), d) # Configure the cached manifest file and cached shrinkwrap file @@ -259,7 +282,7 @@ python npm_do_compile() { args.append(("build-from-source", "true")) # Pack and install the main package - tarball = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir) + (tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir) cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM")) env.run(cmd, args=args) } diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass index 62050a18b8..63887b34f8 100644 --- a/poky/meta/classes/package.bbclass +++ b/poky/meta/classes/package.bbclass @@ -382,6 +382,11 @@ def splitdebuginfo(file, dvar, dv, d): debugfile = dvar + dest sources = [] + if file.endswith(".ko") and file.find("/lib/modules/") != -1: + if oe.package.is_kernel_module_signed(file): + bb.debug(1, "Skip strip on signed module %s" % file) + return (file, sources) + # Split the file... bb.utils.mkdirhier(os.path.dirname(debugfile)) #bb.note("Split %s -> %s" % (file, debugfile)) @@ -553,13 +558,25 @@ def copydebugsources(debugsrcdir, sources, d): strip = d.getVar("STRIP") objcopy = d.getVar("OBJCOPY") workdir = d.getVar("WORKDIR") + sdir = d.getVar("S") + sparentdir = os.path.dirname(os.path.dirname(sdir)) + sbasedir = os.path.basename(os.path.dirname(sdir)) + "/" + os.path.basename(sdir) workparentdir = os.path.dirname(os.path.dirname(workdir)) workbasedir = os.path.basename(os.path.dirname(workdir)) + "/" + os.path.basename(workdir) + # If S isnt based on WORKDIR we can infer our sources are located elsewhere, + # e.g. using externalsrc; use S as base for our dirs + if workdir in sdir: + basedir = workbasedir + parentdir = workparentdir + else: + basedir = sbasedir + parentdir = sparentdir + # If build path exists in sourcefile, it means toolchain did not use # -fdebug-prefix-map to compile if checkbuildpath(sourcefile, d): - localsrc_prefix = workparentdir + "/" + localsrc_prefix = parentdir + "/" else: localsrc_prefix = "/usr/src/debug/" @@ -581,7 +598,7 @@ def copydebugsources(debugsrcdir, sources, d): processdebugsrc += "sed 's#%s##g' | " processdebugsrc += "(cd '%s' ; cpio -pd0mlL --no-preserve-owner '%s%s' 2>/dev/null)" - cmd = processdebugsrc % (sourcefile, workbasedir, localsrc_prefix, workparentdir, dvar, debugsrcdir) + cmd = processdebugsrc % (sourcefile, basedir, localsrc_prefix, parentdir, dvar, debugsrcdir) try: subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) except subprocess.CalledProcessError: @@ -591,9 +608,22 @@ def copydebugsources(debugsrcdir, sources, d): # cpio seems to have a bug with -lL together and symbolic links are just copied, not dereferenced. # Work around this by manually finding and copying any symbolic links that made it through. cmd = "find %s%s -type l -print0 -delete | sed s#%s%s/##g | (cd '%s' ; cpio -pd0mL --no-preserve-owner '%s%s')" % \ - (dvar, debugsrcdir, dvar, debugsrcdir, workparentdir, dvar, debugsrcdir) + (dvar, debugsrcdir, dvar, debugsrcdir, parentdir, dvar, debugsrcdir) subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) + + # debugsources.list may be polluted from the host if we used externalsrc, + # cpio uses copy-pass and may have just created a directory structure + # matching the one from the host, if thats the case move those files to + # debugsrcdir to avoid host contamination. + # Empty dir structure will be deleted in the next step. + + # Same check as above for externalsrc + if workdir not in sdir: + if os.path.exists(dvar + debugsrcdir + sdir): + cmd = "mv %s%s%s/* %s%s" % (dvar, debugsrcdir, sdir, dvar,debugsrcdir) + subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) + # The copy by cpio may have resulted in some empty directories! Remove these cmd = "find %s%s -empty -type d -delete" % (dvar, debugsrcdir) subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT) diff --git a/poky/meta/classes/ptest.bbclass b/poky/meta/classes/ptest.bbclass index 1ec23c0923..c162f5d934 100644 --- a/poky/meta/classes/ptest.bbclass +++ b/poky/meta/classes/ptest.bbclass @@ -5,6 +5,10 @@ This package contains a test directory ${PTEST_PATH} for package test purposes." PTEST_PATH ?= "${libdir}/${BPN}/ptest" PTEST_BUILD_HOST_FILES ?= "Makefile" PTEST_BUILD_HOST_PATTERN ?= "" +PTEST_PARALLEL_MAKE ?= "${PARALLEL_MAKE}" +PTEST_PARALLEL_MAKEINST ?= "${PARALLEL_MAKEINST}" +EXTRA_OEMAKE:prepend:task-compile-ptest-base = "${PTEST_PARALLEL_MAKE} " +EXTRA_OEMAKE:prepend:task-install-ptest-base = "${PTEST_PARALLEL_MAKEINST} " FILES:${PN}-ptest += "${PTEST_PATH}" SECTION:${PN}-ptest = "devel" diff --git a/poky/meta/classes/python_flit_core.bbclass b/poky/meta/classes/python_flit_core.bbclass index 96652aa204..7109307de5 100644 --- a/poky/meta/classes/python_flit_core.bbclass +++ b/poky/meta/classes/python_flit_core.bbclass @@ -2,4 +2,7 @@ inherit python_pep517 python3native python3-dir setuptools3-base DEPENDS += "python3 python3-flit-core-native" -PEP517_BUILD_API = "flit_core.buildapi" +python_flit_core_do_manual_build () { + cd ${PEP517_SOURCE_PATH} + nativepython3 -m flit_core.wheel --outdir ${PEP517_WHEEL_PATH} . +} diff --git a/poky/meta/classes/python_hatchling.bbclass b/poky/meta/classes/python_hatchling.bbclass new file mode 100644 index 0000000000..984eb6bb5d --- /dev/null +++ b/poky/meta/classes/python_hatchling.bbclass @@ -0,0 +1,3 @@ +inherit python_pep517 python3native python3-dir setuptools3-base + +DEPENDS += "python3-hatchling-native" diff --git a/poky/meta/classes/python_pep517.bbclass b/poky/meta/classes/python_pep517.bbclass index 34ffdc9c0d..7cdb9c8f9d 100644 --- a/poky/meta/classes/python_pep517.bbclass +++ b/poky/meta/classes/python_pep517.bbclass @@ -4,17 +4,16 @@ # This class will build a wheel in do_compile, and use pypa/installer to install # it in do_install. -DEPENDS:append = " python3-installer-native" +DEPENDS:append = " python3-picobuild-native python3-installer-native" # Where to execute the build process from PEP517_SOURCE_PATH ?= "${S}" -# The PEP517 build API entry point -PEP517_BUILD_API ?= "unset" - # The directory where wheels will be written PEP517_WHEEL_PATH ?= "${WORKDIR}/dist" +PEP517_PICOBUILD_OPTS ?= "" + # The interpreter to use for installed scripts PEP517_INSTALL_PYTHON = "python3" PEP517_INSTALL_PYTHON:class-native = "nativepython3" @@ -31,8 +30,7 @@ python_pep517_do_configure () { # When we have Python 3.11 we can parse pyproject.toml to determine the build # API entry point directly python_pep517_do_compile () { - cd ${PEP517_SOURCE_PATH} - nativepython3 -c "import ${PEP517_BUILD_API} as api; api.build_wheel('${PEP517_WHEEL_PATH}')" + nativepython3 -m picobuild --source ${PEP517_SOURCE_PATH} --dest ${PEP517_WHEEL_PATH} --wheel ${PEP517_PICOBUILD_OPTS} } do_compile[cleandirs] += "${PEP517_WHEEL_PATH}" diff --git a/poky/meta/classes/python_poetry_core.bbclass b/poky/meta/classes/python_poetry_core.bbclass index 577663b8f1..0aaf66b194 100644 --- a/poky/meta/classes/python_poetry_core.bbclass +++ b/poky/meta/classes/python_poetry_core.bbclass @@ -1,5 +1,3 @@ inherit python_pep517 python3native setuptools3-base DEPENDS += "python3-poetry-core-native" - -PEP517_BUILD_API = "poetry.core.masonry.api" diff --git a/poky/meta/classes/python_setuptools_build_meta.bbclass b/poky/meta/classes/python_setuptools_build_meta.bbclass index b2bba35a0b..974054fe5a 100644 --- a/poky/meta/classes/python_setuptools_build_meta.bbclass +++ b/poky/meta/classes/python_setuptools_build_meta.bbclass @@ -1,5 +1,3 @@ inherit setuptools3-base python_pep517 DEPENDS += "python3-setuptools-native python3-wheel-native" - -PEP517_BUILD_API = "setuptools.build_meta" diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass index 3f9fdb602d..452b87f9b3 100644 --- a/poky/meta/classes/rootfs-postcommands.bbclass +++ b/poky/meta/classes/rootfs-postcommands.bbclass @@ -1,5 +1,5 @@ -# Zap the root password if debug-tweaks feature is not enabled +# Zap the root password if debug-tweaks and empty-root-password features are not enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'empty-root-password' ], "", "zap_empty_root_password; ",d)}' # Allow dropbear/openssh to accept logins from accounts with an empty password string if debug-tweaks or allow-empty-password is enabled @@ -8,7 +8,7 @@ ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'deb # Allow dropbear/openssh to accept root logins if debug-tweaks or allow-root-login is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "ssh_allow_root_login; ", "",d)}' -# Enable postinst logging if debug-tweaks is enabled +# Enable postinst logging if debug-tweaks or post-install-logging is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'post-install-logging' ], "postinst_enable_logging; ", "",d)}' # Create /etc/timestamp during image construction to give a reasonably sane default time setting @@ -140,7 +140,7 @@ read_only_rootfs_hook () { } # -# This function is intended to disallow empty root password if 'debug-tweaks' is not in IMAGE_FEATURES. +# This function disallows empty root passwords # zap_empty_root_password () { if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then @@ -202,7 +202,7 @@ python sort_passwd () { } # -# Enable postinst logging if debug-tweaks is enabled +# Enable postinst logging # postinst_enable_logging () { mkdir -p ${IMAGE_ROOTFS}${sysconfdir}/default diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass index eb0ca05804..b1fac107d5 100644 --- a/poky/meta/classes/sanity.bbclass +++ b/poky/meta/classes/sanity.bbclass @@ -858,7 +858,7 @@ def check_sanity_everybuild(status, d): mirror_vars = ['MIRRORS', 'PREMIRRORS', 'SSTATE_MIRRORS'] protocols = ['http', 'ftp', 'file', 'https', \ 'git', 'gitsm', 'hg', 'osc', 'p4', 'svn', \ - 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az' ] + 'bzr', 'cvs', 'npm', 'sftp', 'ssh', 's3', 'az', 'ftps'] for mirror_var in mirror_vars: mirrors = (d.getVar(mirror_var) or '').replace('\\n', ' ').split() diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass index 3513269bca..0aa901fe89 100644 --- a/poky/meta/classes/sstate.bbclass +++ b/poky/meta/classes/sstate.bbclass @@ -977,15 +977,19 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, localdata.delVar('BB_NO_NETWORK') from bb.fetch2 import FetchConnectionCache - def checkstatus_init(thread_worker): - thread_worker.connection_cache = FetchConnectionCache() + def checkstatus_init(): + while not connection_cache_pool.full(): + connection_cache_pool.put(FetchConnectionCache()) - def checkstatus_end(thread_worker): - thread_worker.connection_cache.close_connections() + def checkstatus_end(): + while not connection_cache_pool.empty(): + connection_cache = connection_cache_pool.get() + connection_cache.close_connections() - def checkstatus(thread_worker, arg): + def checkstatus(arg): (tid, sstatefile) = arg + connection_cache = connection_cache_pool.get() localdata2 = bb.data.createCopy(localdata) srcuri = "file://" + sstatefile localdata2.setVar('SRC_URI', srcuri) @@ -995,7 +999,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, try: fetcher = bb.fetch2.Fetch(srcuri.split(), localdata2, - connection_cache=thread_worker.connection_cache) + connection_cache=connection_cache) fetcher.checkstatus() bb.debug(2, "SState: Successful fetch test for %s" % srcuri) found.add(tid) @@ -1005,6 +1009,8 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, except Exception as e: bb.error("SState: cannot test %s: %s\n%s" % (srcuri, repr(e), traceback.format_exc())) + connection_cache_pool.put(connection_cache) + if progress: bb.event.fire(bb.event.ProcessProgress(msg, len(tasklist) - thread_worker.tasks.qsize()), d) @@ -1025,13 +1031,13 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, fetcherenv = bb.fetch2.get_fetcher_environment(d) with bb.utils.environment(**fetcherenv): bb.event.enable_threadlock() - pool = oe.utils.ThreadedPool(nproc, len(tasklist), - worker_init=checkstatus_init, worker_end=checkstatus_end, - name="sstate_checkhashes-") - for t in tasklist: - pool.add_task(checkstatus, t) - pool.start() - pool.wait_completion() + import concurrent.futures + from queue import Queue + connection_cache_pool = Queue(nproc) + checkstatus_init() + with concurrent.futures.ThreadPoolExecutor(max_workers=nproc) as executor: + executor.map(checkstatus, tasklist.copy()) + checkstatus_end() bb.event.disable_threadlock() if progress: diff --git a/poky/meta/classes/testimage.bbclass b/poky/meta/classes/testimage.bbclass index 8ffaeab284..7898223bce 100644 --- a/poky/meta/classes/testimage.bbclass +++ b/poky/meta/classes/testimage.bbclass @@ -472,6 +472,9 @@ def create_rpm_index(d): package_list = glob.glob(idx_path + "*/*.rpm") for pkg in package_list: + if os.path.basename(pkg).startswith(("curl-ptest")): + bb.utils.remove(pkg) + if not os.path.basename(pkg).startswith(("rpm", "run-postinsts", "busybox", "bash", "update-alternatives", "libc6", "curl", "musl")): bb.utils.remove(pkg) diff --git a/poky/meta/classes/utils.bbclass b/poky/meta/classes/utils.bbclass index b4eb3d38ab..e6f7f95d80 100644 --- a/poky/meta/classes/utils.bbclass +++ b/poky/meta/classes/utils.bbclass @@ -184,6 +184,43 @@ END chmod +x $cmd } +create_cmdline_shebang_wrapper () { + # Create a wrapper script where commandline options are needed + # + # These are useful to work around shebang relocation issues, where shebangs are too + # long or have arguments in them, thus preventing them from using the /usr/bin/env + # shebang + # + # Usage: create_cmdline_wrapper FILENAME <extra-options> + + cmd=$1 + shift + + echo "Generating wrapper script for $cmd" + + # Strip #! and get remaining interpreter + arg + argument="$(sed -ne 's/^#! *//p;q' $cmd)" + # strip the shebang from the real script as we do not want it to be usable anyway + tail -n +2 $cmd > $cmd.real + chown --reference=$cmd $cmd.real + chmod --reference=$cmd $cmd.real + rm -f $cmd + cmdname=$(basename $cmd) + dirname=$(dirname $cmd) + cmdoptions=$@ + if [ "${base_prefix}" != "" ]; then + relpath=`python3 -c "import os; print(os.path.relpath('${D}${base_prefix}', '$dirname'))"` + cmdoptions=`echo $@ | sed -e "s:${base_prefix}:\\$realdir/$relpath:g"` + fi + cat <<END >$cmd +#!/usr/bin/env bash +realpath=\`readlink -fn \$0\` +realdir=\`dirname \$realpath\` +exec -a \$realdir/$cmdname $argument \$realdir/$cmdname.real $cmdoptions "\$@" +END + chmod +x $cmd +} + create_wrapper () { # Create a wrapper script where extra environment variables are needed # |