The opkg-utils change didn't trigger a full repackage due to its mention
in layer.conf for update-alternatives hash exclusion. Do it manually
to invalidate broken ipks.
(From OE-Core rev: 6dd59dffd73618e4c0979b284a7968055a4eb8fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Older versions break opkg-build when reproducible builds are enabled.
Rather than trying to be selective based on which features are enabled,
lets just make this a minimum version.
(From OE-Core rev: 0fdc43da005c3c6102cf07383ad6f451d2203fa5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The key problem is that currently running setscene tasks are not
accounted for when processing task migrations. This means can allow
two of the same task to execute at the same time with unpredictable
effects.
This change allows us to stop doing that and refactor the code slightly
to make it clearer that these conditions don't arrive even with
deferred tasks.
(Bitbake rev: ac1922d348613ca46a1047ad5ddf755eac16d568)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move bitbake.vim from bitbake/contrib/vim/indent to contrib/vim/indent.
(Bitbake rev: d2654a4ad8b0b885feac697448128baf7bf8a1c9)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bitbake/lib/bb/fetch2/clearcase.py:148: SyntaxWarning: "is" with a literal. Did you mean "=="?
if command is 'mkview':
bitbake/lib/bb/fetch2/clearcase.py:155: SyntaxWarning: "is" with a literal. Did you mean "=="?
elif command is 'rmview':
bitbake/lib/bb/fetch2/clearcase.py:159: SyntaxWarning: "is" with a literal. Did you mean "=="?
elif command is 'setcs':
Python 3.8 is quite correct and we so mean "==" here, fix it to
avoid the warnings.
(Bitbake rev: 1fab03f6e10eaa13b8a89ce0b2f9fe8ce5157189)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
md5_file() uses a mmap() window to improve performance when hashing files, so
refactor the code and do the same for SHA1 and SHA256.
(Bitbake rev: ecf87437ff796e17c3e4f210b5803b0136a9e8a4)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Less was coming from busybox in these images, add the full version.
[YOCTO #13630]
(From OE-Core rev: 42047185d55fc878821defec4908b119884d3d07)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
opkg-build was failing on hosts where tar < 1.28 and reproducibile builds
were enabled but it was doing this silently and generating corrupted
(empty) ipk files. Add a fix for this (submitted upstream).
The fix requires bash but if you're building ipk files this shoudn't be
a problem.
(From OE-Core rev: ff9ec19b02650a3ae230e4d1bdc99ec686cc4c81)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An ipk with a zero size data.tar file caused opkg to crash with a
double free abort. Add the upstream fixes for this.
(From OE-Core rev: aa17a8096263934f5c1877f3ef749df595486a9c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the reproducible_build class is inherited then there may be a
"source-date-epoch" subdirectory in a fetched source tree; devtool
upgrade was not expecting that in the upgraded source. Take a small
snippet of code from recipetool create which already handles this,
and make it a shared function that can be used in both places.
Additionally, fix an assumption that the source is always in a
subdirectory in the cleanup code that blocked debugging this.
[YOCTO #13635]
(From OE-Core rev: 0d642861cd9cf034b8d4951433980addc215d4fd)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This should be no longer needed. if needed then meta-clang might be
better suited
(From OE-Core rev: ad9dd755646fdb42b88440e9464f1d94e244c316)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a regression in this functionality that went unnoticed
due to lack of tests.
(From OE-Core rev: a75e4eceb703b2b13ddd4ba3dea3a86af0b0a9eb)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This code used to construct a single SQL statement that fetched the NVD data for
every CVE requested. For recipes such as the kernel where there are over 2000
CVEs to report this can hit the variable count limit and the query fails with
"sqlite3.OperationalError: too many SQL variables". The default limit is 999
variables, but some distributions such as Debian set the default to 250000.
As the NVD table has an index on the ID column, whilst requesting the data
CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time
different is insignificant: 0.05s verses 0.01s on my machine.
(From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove obsolete Python 2 code, and use convenience methods for neatness.
(From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A previous optimisation was premature and resulted in false-negatives in the report.
Rewrite the checking algorithm to first get the list of potential CVEs by
vendor:product, then iterate through every matching CPE for that CVE to
determine if the bounds match or not. By doing this in two stages we can know
if we've checked every CPE, instead of accidentally breaking out of the scan too
early.
(From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.
(From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Create an index on the PRODUCTS table which contains a row for each CPE,
drastically increasing the performance of lookups for a specific CVE.
(From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Don't hardcode the database filename, there's a variable for this in
cve-check.bbclass.
(From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As upstream has released a new stable version,
the exception is no longer needed.
(From OE-Core rev: fa99c061275cd96cf375ff60d1c73a6e818dca25)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit 41d225f4a3.
Unfortunately this change broke 'devtool upgrade' functionality,
causing 'devtool finish' to write out an upgraded recipe that no
longer includes the original upstream source in SRC_URI.
(From OE-Core rev: 2d6e55192dba0bf7f6e23e5ab5b3dbc68835bb28)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backports, rebase a couple of patches.
This is the second last release of py 2.x; upstream support ends on
1 January 2020, there will be one final 2.x afterwards.
Note that the only thing that still needs python 2.x in oe-core is
u-boot; when the next u-boot update arrives, we should find out
where the py3 migration is for that component before merging the
update.
(From OE-Core rev: 184b60eb905bb75ecc7a0c29a175e624d8555fac)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The extra diretory created by reproducibile_builds was confusing recipetool
and hence devtool. Ignore this directory to restore the correct behaviour and
allow it to work with the class.
(From OE-Core rev: 188ba30ef290efab6d5a9b95fba8e991b779ab33)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
inherits can be unset resulting in:
UnboundLocalError: local variable 'inherits' referenced before assignment
which can mask real errors. Avoid this.
(From OE-Core rev: 29a0502e101ed0667e960f9f8591b0a2d60a4bcb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a native recipe so won't be installed as root.
If the string 'root' is part of the username then the install script
can get tricked into thinking we are root (regardless of the actual
uid or permissions) resulting in attempts to run chown/chgrp
inappropriately.
(From OE-Core rev: 5db7b80140410cd3c164e4522dc87df92fac93b0)
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ltpstress was removed in Oct 2018
e752f7c196 (diff-5231627fc8640e0adb955f9e69c3c08d)
Remove LTP stress tests
ltpstress.sh runs stress.part[1-3]. But these runtest files just
duplicate definitions:
* stress.part1: fs, mm, nfs
* stress.part2: ipc, math, nptl
* stress.part3: net.multicast, pty, syscalls
The definitions are outdated anyway. There is no point trying
to keep them sync.
(From OE-Core rev: 85b3f9ef568a8a11569898c6637b0e80c057fbfb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
done as part of IncompatibleLicensePerImageTests
(From OE-Core rev: b6e66d388001cdbb833a18056781f69a6f8c82fb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
