Commit Graph

5766 Commits

Author SHA1 Message Date
Marta Rybczynska
7a3904c6a7 cve-update-db-native: update structure
Update the database structure and tasks to fit the current YP master.
This means:
- add the unpack task
- update the database structure (CVSS, vector string)
- use the temporary database in the same directory as the download

However, the old feed does not include CVSS4

(From OE-Core rev: dd249921a5d6b8e472242b57415de3f210dc81f1)

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-18 11:56:04 +00:00
Marta Rybczynska
ae7097e4c1 cve-update-db-native: restore
Restore cve-update-db from kirkstone

Use cve-update-db-native.bb from OE 8c10f4a4dc12f65212576e6e568fa4369014aaa0

(From OE-Core rev: c84e19edc15b622bfe4d7e268ca5cb18312f09d6)

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-18 11:56:04 +00:00
Wang Mingyu
c0329693b1 ncurses: Fix install conflict when enable multilib.
The setting of want_xterm_kbs is as following:
case $host_os in
(*linux-gnu|*cygwin|*mingw32|*msys)
    want_xterm_kbs=DEL
    ;;
(*)
    want_xterm_kbs=BS
    ;;
esac

The host_os when enable multilib is as folloing:
host_os of aarch64 : linux-gnu
host_os of aarch32 : linux-gnueabi

So in lib64 package, want_xterm_kbs=DEL, and in lib32 package, want_xterm_kbs=BS.
It results the differences in the terminfo files between lib32 and lib64 packages.

Using --with-xterm-kbs=del to unify the packages of lib32 and lib64 into "want_xterm_kbs=DEL".

(From OE-Core rev: 3868ae96ff32e8335e539ce62f51b7a223547c48)

Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
MAIL: wangmy@fujitsu.com
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-11 11:44:19 +00:00
Ross Burton
78d0ba12ef dbus: explictly set the path to systemctl
The dbus.socket user unit file calls systemctl, and the meson.build uses
find_program() to find the path, falling back to a hardcoded value if it
cannot be found.

On the initial build the sysroot doesn't contain systemctl (as it is not
in the target systemd sysroot), however after the do_package_write_*
tasks have completed there is a systemd-systemctl-native recipe in the
sysroot which will be found and result in host paths being in the target
packages, specifically in /usr/lib/systemd/user/dbus.socket:

  ExecStartPost=-/work/ross/build/tmp/work/core2-64-poky-linux/dbus/1.16.0/recipe-sysroot-native/usr/bin/systemctl

This can be replicated by forcing a rebuild after a forced packaging:

$ bitbake dbus -C do_package_write_ipk
$ bitbake dbus -C configure
ERROR: dbus-1.16.0-r0 do_package_qa: QA Issue: File
/usr/lib/systemd/user/dbus.socket in package dbus-common contains
reference to TMPDIR [buildpaths]

We could do the unit mask manually instead of using systemctl (as it's
just a symlink) but the hardcoded path is still wrong, so write a small
Meson cross file to specify where the binary is.

(From OE-Core rev: 2ebfe3d8df809f6cf057ac7b56cdbc265f05b37a)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-10 13:03:58 +00:00
Mikko Rapeli
3582905ff9 systemd-boot-native: fix kernel signature for secureboot
systemd update from 256 to 257 broke kernel secureboot signatures
inside signed UKI files with u-boot based UEFI firmware, e.g.
meta-arm and qemuarm64-secureboot machine config and secureboot:

$ cd meta-arm
$ kas build ci/poky.yml:ci/qemuarm64-secureboot.yml:ci/uefi-secureboot.yml:ci/testimage.yml

systemd-boot itself is secureboot signed and verified by firmware.
Same for the UKI file which combines kernel, initramfs etc.
Then kernel from UKI is additionally executed using UEFI firmware calls
which check signatures so the kernel binary inside signed UKI
needs to be signed with same keys too. PE file padding added
to systemd ukify in 257 release broke kernel signature validation
for u-boot and sbsign/sbverify tools. EDK2 based firmware like
OVMF may not be affected because systemd-boot is able to disable
signature checking after a signed UKI has been loaded. This feature
is not supported by u-boot.

Upstream systemd bug report:

https://github.com/systemd/systemd/issues/35851

Backport of:

38801c9129

Cc: Jon Mason <jdmason@kudzu.us>
Cc: meta-arm@lists.yoctoproject.org
(From OE-Core rev: 979d8b16a5238ea368b2ee39d436b6e13d94b076)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-10 13:03:58 +00:00
Mikko Rapeli
29bccf5ae1 systemd-boot-native: move do_install() to after do_patch()
The tasks were deleted and do_patch() was run after do_install()
which means that patches applied in SRC_URI were not in the
ukify.py binary installed. Moving do_install() to after do_patch()
fixes this.

(From OE-Core rev: 0218a7a7dbf12ef817608881a3a17d9670c0778a)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-10 13:03:58 +00:00
Khem Raj
123f8e78f3 glibc: Upgrade to 2.41 release
License-Update: Added license for e_gammaf_r.c [1]
                added url of CORE-MATH project [2]

* Testing support with different compilers (series)
* Remove XXX math functions from installed math.h (patch)
* Remove "%n" from assert (commit)
* Improve executable stack handling
* Compile glibc tests with Clang (series 1, series 2)
* asprintf should write NULL on failure
* Revert TCB layout changes
* Fix ld.so crashes with golang test suite
* Fixes after GET_ADDR_ARGS removal
* Extend Rseq Support, plus x32 fixup
* sh4: ensure FPSCR.PR==0 when executing FRCHG [BZ #27543]
* affinity-inheritance test: overallocate CPU sets
* rseq-related aarch64 test failures
* arc4random test failure under load
* benchtests: Add dummy in put files cospi, cospif, sinpi, sinpif, tanpi, tanpif
* pthread condvar missing signal, bug 25847
* aarch64: Add support for Guarded Control Stack extension
* testsuite: Make stdio-common/tst-printf-format-*-mem UNSUPPORTED if the mtrace output does not exist

Further Release Notes [3] [4]

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=2843e78b30da0aa743fdfb0ac61435c925182c04
[2] https://sourceware.org/git/?p=glibc.git;a=commit;h=d421d36582281a62e05f96a1bfb085db9d85f40b
[3] https://sourceware.org/glibc/wiki/Release/2.41

[4] https://sourceware.org/pipermail/libc-announce/2025/000045.html

(From OE-Core rev: 73b34ff50c8e5b05eca8f9a236bd1b155bd14324)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-05 12:49:56 +00:00
Ross Burton
a86627cffa systemd-serialgetty: add comments explaining use
Add some comments to clarify exactly what this recipe is for.

(From OE-Core rev: bbaafe11189b4b14ab84576e5eddd709b7f0ef1b)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-05 12:49:55 +00:00
Artur Kowalski
aab0fdf3b7 systemd-systemctl: fix handling of instance unit files
This fixes handling of units with instance name in theirs filenames such
as `gnome-shell@wayland.service` or `gnome-shell@x11.service`. Such
files cause template file to be ignored (for the specific instance).

Thanks to Markus Volk <f_l_k@t-online.de> for noticing the breakage when
building images with gnome-shell:

| Error: Systemctl preset_all issue in org.gnome.Shell@wayland.service
| WARNING: /home/flk/poky/build/tmp/work/intel_corei7_64-poky-linux/gnome-image/1.0/temp/run.systemd_preset_all.2011511:158 exit 1 from 'systemctl --root="/home/flk/poky/build/tmp/work/intel_corei7_64-poky-linux/gnome-image/1.0/rootfs" --global --preset-mode=enable-only preset-all'

The problem manifested after cdc3b3028f6d71788b5fdd99436f69fbf18f613e
because we enabled preset-all for user units -
org.gnome.Shell@wayland.service is a user service, so prior to that
change the file wasn't processed at all.

The error was triggered because there is no org.gnome.Shell@.service
file. With this patch applied systemctl script looks for instance unit
file and falls back to template unit in case of lack thereof, keeping
the same behavior upstream systemctl does.

(From OE-Core rev: 7eaad7c2a118b3d9db8b694730535afcd3ca985e)

Signed-off-by: Artur Kowalski <arturkow2000@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-05 12:49:55 +00:00
Richard Purdie
c2da016918 meta/meta-selftest: Fix variable assignment whitespace
Recipes are much more readable with whitespace around the assignment operators.
Fix various assignments in OE-Core to show this is definitely the preferred
formatting.

(From OE-Core rev: 30ea609d3357fb3de911f2f6a5e6856c151b976a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-01 13:42:34 +00:00
Daniel McGregor
49f9970c75 util-linux-libuuid: use util-linux's CVE_PRODUCT value
util-linux and util-linux-libuuid should use the same CVE_PRODUCT
since they're the same product. They're just split off for package
dependency reasons.  Prior to this patch the libuuid recipe gave the
wrong CVE_PRODUCT value, causing some CVE check tools to fail on it.

(From OE-Core rev: 5c6abb099d579b9451fc2cb38c5d8860cfa6d52f)

Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-01 13:20:45 +00:00
Alexander van Gessel
0a3a771c23 busybox: Change symlink locations to match alternative
Change the symlink locations of start-stop-daemon and base32 to from
BASE_S?BINDIR to S?BINDIR, to match dpkg and coreutils, respectively.

Related to bug #14804 [1].

[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=14804

(From OE-Core rev: 9998d91f982cd323fa5da20edda8b1828bd4fb5d)

Signed-off-by: Alexander van Gessel <ai0867@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-02-01 13:20:45 +00:00
Bastian Germann
e8304fa3f5 busybox: Correct SPDX license reference
Commit 6238ee3ecd (recipes-core/busybox: fixup licensing information)
claims that there is no applicable license identifier in SPDX, so a
bzip2-1.0.4 is made up.

There is no bzip2-1.0.4 license defined in SPDX. However, bzip2-1.0.6 is
the same license.

License-Update: wrong SPDX identifier

(From OE-Core rev: 1b51a0cbfbb64d85756ef231c81aeff02b74bd52)

Signed-off-by: Bastian Germann <bage@debian.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-27 15:47:10 +00:00
Marek Vasut
bc5d66e793 base-files: Drop /bin/sh dependency
Remove /bin/sh from bash RPROVIDES as this has a side-effect which
confuses rpm package manager when also busybox provides /bin/sh and
base-files depend on /bin/sh . The problem is broken down below.

First, bash depends on base-files and bash pkg_postinst must run
after base-files was installed, because it requires /etc/shells
provided by base-files to be in place.

Second, base-files depends on /bin/sh, which is provided by either
bash or busybox in this case. This is the actual problem here, if
bash is selected as /bin/sh provider, then there is cyclic dependency
between bash and base-files, and that confuses dnf which may install
the packages in the wrong order, bash first and base-files second .

To make this worse, if busybox is also /bin/sh provider, it can and
does happen that some systems pick busybox as the /bin/sh provider,
while others pick bash as the /bin/sh provider, and that cyclic
dependency does not always appear.

Attempt to break this dependency, remove pre-inst script from the
base-files recipe, which removes its dependency on /bin/sh and
allows it to be installed very early, and always before bash.

(From OE-Core rev: e71b64a9b22c7db316e92e78a4bce8b9f994a4ae)

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-27 15:47:09 +00:00
Bastian Germann
d456553ca3 util-linux: Document more specific BSD-4-Clause-UC
LIC_FILES_CHKSUM in the util-linux recipe already contains the more
specific license reference BSD-4-Clause-UC that takes a copyright
addendum by University of California into account.

License-Update: reference can be more specific

(From OE-Core rev: 7cc73cb77e6e783a903978221cb502bb359412f6)

Signed-off-by: Bastian Germann <bage@debian.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-27 15:47:09 +00:00
Ross Burton
59db27de56 build-appliance-image: Update to master head revision
(From OE-Core rev: 3ca9192cf16e15e95ba1c3db4ba28fc6130de8e0)

Signed-off-by: Ross Burton <ross.burton@arm.com>
2025-01-23 12:19:50 +00:00
Peter Kjellerstedt
73a7cb2701 systemd: Remove /var/log/README using a patch
Commit f82d9c997ba (systemd: enable create-log-dirs) removed the
creation of the /var/log/README symbolic link by using sed. However, the
update to 257 changed the target line and the sed expression no longer
matches. Rather than correcting the sed expression, use a patch to
remove /var/log/README so that any future changes do not go unnoticed.

(From OE-Core rev: 76cf5994262f9fd76cf27e111eb67ad1645541f1)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
2025-01-23 12:14:29 +00:00
Richard Purdie
90e0a0f7f4 classes/recipes: Switch virtual/XXX-gcc to virtual/cross-cc (and c++/binutils)
The idea of the base class dependency is to say "yes, I need a C cross compiler"
and this was never meant to be gcc specific. Looking at the codebase, whilst we
code triplets into this, it does overcomplicate things as there are only ever
limited, "target", "sdk" and the class extended versions like mutlilib.

After much thought, we can simplify this to virtual/cross-cc and virtual/nativesdk-cross-cc.

This lets us remove the "gcc" specific element as well as removing the over
complicated triplet usage.

At the same time, change the much less widely used "g++" variant to "c++" for
similar reasons and remove the triplet from virtual/XXX-binutils too.

Backwards compatibility mappings could be left but are just going to confuse
things in future so we'll just require users to update.

This simplification, whilst disruptive for any toolchain focused layers, will
make improved toolchain selection in the future much easier.

Since we no longer have overlapping variables, some code for that can just
be removed. The class extension code does need to start remapping some variables
but not the crosssdk target recipe names.

This patch is in two pieces, this one handles the renaming with the functional
changes separate in a second for easier review even if this breaks bisection.

(From OE-Core rev: 4ccc3bc8266c327bcc18c9a3faf7536210dfb9f0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-21 23:09:33 +00:00
Artur Kowalski
1bb9a3caf3 systemd-systemctl: add support for --global flag
The flag is similar to --user flag as it causes systemctl to operate on
user units, but it performs operations globally for all users. This is
required for user presets support.

(From OE-Core rev: ab6476d28485598ae842472a7b15ca7bf244c776)

Signed-off-by: Artur Kowalski <arturkow2000@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-21 12:07:56 +00:00
Hiago De Franco
e330214c2c eudev: backport patch to fix udevd hanging while trying to access /dev/urandom
Linux kernel commit 48bff1053c17 ("random: opportunistically initialize
on /dev/urandom reads") introduced a change where /dev/urandom blocks if
the random pool is insufficiently initialized during hardware boot. This
behavior causes /dev/urandom reads to hang for approximately 5 seconds,
delaying the boot process with eudev init script (when it calls udevd).

This issue has already been solved upstream, therefore backport the
upstream patch to fix this.

(From OE-Core rev: cd5f630581f3e38645a92ad75b496bce92b679cb)

Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-21 12:07:56 +00:00
Alexander Kanavin
5b6c0bfbf5 dbus: update 1.14.10 -> 1.16.0
Convert from autotools to meson.

Drop tmpdir.patch (replaced by -Dtest_socket_dir=/tmp --Dsession_socket_dir=/tmp).

License-Update: license texts split into separate files, SPDX ids added.

(From OE-Core rev: b0241aa9b1ecc38be1ca016f36075552a2eba48a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-20 13:38:59 +00:00
Lei YU
47d5dcef90 systemd: PACKAGECONFIG mountfsd and nsresourced
systemd v256 introduces `mountfsd` and `nsresourced` as meson options,
make them PACKAGECONFIG so recipes could enable or disable the feature
by selecting PACKAGECONFIGs.

(From OE-Core rev: b091917424ac31fc9c188a16e653501d3a8b0afd)

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-14 11:57:52 +00:00
Alexander Kanavin
46fb35a2a2 sysvinit: update 3.11 -> 3.13
Remove patches:
install.patch
(merged upstream)

realpath.patch
0001-include-sys-sysmacros.h-for-major-minor-defines-in-g.patch
(musl fixes, no longer needed)

pidof-add-m-option.patch
(not a backport, not used in core, and isn't carried by either debian or fedora)

(From OE-Core rev: 228e1fb5632061fccf58bec93b843e6d7a0827dd)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-14 11:57:52 +00:00
Joshua Watt
58bbcc3de4 udev-extraconf: Allow FAT mount group to be specified
Adds a variable that allows the group given permissions to access FAT
mounted file systems to be specified, instead of being hardcoded to
'disk'.

As a note, the usage of 'disk' as the mount group is not a very secure
default, since the disk user usually has read/write access to all block
devices in /dev/, meaning that adding a user to this group for the
purpose of accessing FAT file systems effectively gives the write access
to all block devices.

(From OE-Core rev: c723dbc329d4cf2a75022f8dd1cfa304383bb4f5)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-14 11:57:52 +00:00
Benjamin Bara
61faf62853 glibc: set ld.so.conf as conf file
This enables simple overwriting when multilib is in use.

(From OE-Core rev: 52e57a13f874cf4093682c9d9463e9b964f6de17)

Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-11 18:37:14 +00:00
Richard Purdie
cfabbd46f5 util-linux: Improve PACKAGES_DYNAMIC handling for util-linux-native
DEBUG: Assuming util-linux-swapon-native is a dynamic package, but it may not exist
DEBUG: Assuming util-linux-swapon-native is a dynamic package, but it may not exist
DEBUG: providers for util-linux-swapon-native are: ['util-linux', 'util-linux-native']
DEBUG: sorted runtime providers for util-linux-swapon-native are: ['recipes-core/util-linux/util-linux_2.40.2.bb', 'virtual:native:recipes-core/util-linux/util-linux_2.40.2.bb']
NOTE: Multiple providers are available for runtime util-linux-swapon-native (util-linux, util-linux-native)

The PACKAGES_DYANMIC line could match native and non-native packages so
tweak to improve -native handling and avoid the above warnings in world builds.

(From OE-Core rev: 5577bb4772a76b3e419cf1f8f2a439bc1b15a9b5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-10 11:23:45 +00:00
Richard Purdie
68fee9588b coreutils: Improve core-utils-native dependency handling
bash-dev-native does not exist, nor should it. Tweak the recipe so that if/as/when
we fix native ${PN}-XXX handling, this doesn't break. Use variable indirection
as the least worse solution as an override directly will get overwritten with
variable renaming, resulting in a warning.

(From OE-Core rev: 879590563bc43a303e77541cd99979a449d9bfed)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-10 11:23:45 +00:00
Alexander Kanavin
e8db9d1eae blktool: remove the recipe
It was created in 2004 as an alternative to hdparm and never updated since
(while hdparm remains in active development).

(From OE-Core rev: 54c1243a259a2f6407c0202d03414fc5272b2d90)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-10 11:10:00 +00:00
Alexander Kanavin
defeea4c2e libxcrypt: update 4.4.36 -> 4.4.37
Drop patch merged upstream.

(From OE-Core rev: b66d046a3fe4230ba3b74c6741419f51bbfca9bd)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-10 11:10:00 +00:00
Benjamin Szőke
7f9b94a8a2 systemd: Add WATCHDOG_RUNTIME_SEC optional variable
To make use of the hardware watchdog it is sufficient to set
the RuntimeWatchdogSec= option in /etc/systemd/system.conf.
It defaults to 0 (i.e. no hardware watchdog use). Set it to
a value like 20s and the watchdog is enabled.

ref: https://0pointer.de/blog/projects/watchdog.html
(From OE-Core rev: 1c61a1eb9c4faa9ab32b0440bbdd88c22c3cd945)

Signed-off-by: Benjamin Szőke <egyszeregy@freemail.hu>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-08 13:25:11 +00:00
Walter Schweizer
e78b72075f initrdscripts: add UBI support
Mounting the rootfs failed when it was on UBI.
This patch allows the rootfs to live on UBI.

(From OE-Core rev: 197867f854cc19493b28fcd2300179cfc407e0a6)

Signed-off-by: Walter Schweizer <walter.schweizer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-08 12:37:20 +00:00
Yi Zhao
ab81268a42 util-linux: add volatile file for lastlog2
Add volatile file for lastlog2 to fix runtime error with sysvinit:
$ lastlog2
lastlog2: Couldn't read entries for all users
lastlog2: Cannot open database (/var/lib/lastlog/lastlog2.db): unable to open database file

(From OE-Core rev: 440f4830d1f1bac9d55584fc4e48627920493cb9)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-04 12:34:04 +00:00
Yi Zhao
bb719cb783 util-linux: replace local patch with upstream patch
There is a better solution upstream to fix the pam_lastlog2 installation
issue[1]. Backport this patch to replace the local patch.

[1] https://github.com/util-linux/util-linux/pull/3173

(From OE-Core rev: 1c984d0a06cdcba49f8b0acd12edebfeaedf3aa5)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-04 12:34:04 +00:00
Alexander Kanavin
59486c6506 kbd: update 2.6.4 -> 2.7.1
(From OE-Core rev: 1e116a0f45a218a751a8c11faa642d976182c021)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-04 12:34:04 +00:00
Alexander Kanavin
c76f119db8 gettext: update 0.22.5 -> 0.23.1
Drop patches:
parallel.patch
(obsolete as no .a files are installed)

0001-intl-Fix-build-failure-with-make-j.patch
(backport)

Gettext no longer installs anything into $libdir/gettext by default
but still creates the directory and so it should be packaged.

(From OE-Core rev: a414f47009811fa6886e43fd2b4c928a906a65f3)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-04 12:34:03 +00:00
Changqing Li
f1f926c70a systemd: enable create-log-dirs
By default, create-log-dirs  is enabled in systemd, and a link
/var/log/README will be created, point to {{DOC_DIR}}/README.logs, but,
for oe, there are two problems here, firstly, DOC_DIR is packaged in
another package systemd-doc, so /var/log/README is a dead link when
systemd-doc is not installed, secondly, even systemd-doc is installed,
when volatile log is used, DOC_DIR is a wrong relateive path, Refer [1].

So in commit [2], we disable create-log-dirs for above issue. with this
change, /var/log/journal is not created, and /run/log is used, this
makes systemd log always non persistent, refer [3][4]. if user need
persistent log, they need to disable volatile log, and also  change
journald.conf, make "Storage" to "persistent". This is a behavoir change.
Previously, to make systemd log persistent, user only need to disable
volatile log.

This commit reenable create-log-dirs to revert the behavior change, and
since README is not very userful, just remove it.

[ YOCTO #15678 ]

[1] https://github.com/systemd/systemd/blob/main/tmpfiles.d/legacy.conf.in#L16
[2] https://git.openembedded.org/openembedded-core/commit/?id=18d46e11d85da1f6feaba5a135931e43060024d6
[3] https://github.com/systemd/systemd/blob/main/src/journal/meson.build#L189
[4] https://www.freedesktop.org/software/systemd/man/journald.conf.html
[5] https://bugzilla.yoctoproject.org/show_bug.cgi?id=15678

(From OE-Core rev: f82d9c997ba8cc23b472d44a43489c597bf452af)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 11:05:03 +00:00
Wang Mingyu
577d978f9c systemd: upgrade 257 -> 257.1
(From OE-Core rev: 4c4f4798862d80f44e03ccbbe7efc2d8b723968c)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 11:05:03 +00:00
Hongxu Jia
85cbf033b4 packagegroup-core-tools-profile: skip VALGRIND for loongarch64
Due to packagegroup-core-tools-profile run time depend
on package valgrind and recipe valgrind does not support
loongarch64, then skip VALGRIND for loongarch64

$ echo "MACHINE = 'qemuloongarch64'" >> conf/local.conf
$ bitbake world
|ERROR: Nothing RPROVIDES 'valgrind' (but oe-core/meta/recipes-core/
packagegroups/packagegroup-core-tools-profile.bb RDEPENDS on or
otherwise requires it)
|valgrind was skipped: incompatible with host loongarch64-wrs-linux
(not in COMPATIBLE_HOST)
|NOTE: Runtime target 'valgrind' is unbuildable, removing...
|Missing or unbuildable dependency chain was: ['valgrind']
|ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
|Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
'packagegroup-core-tools-profile', 'valgrind']

(From OE-Core rev: 2ef616b4e43f5c4d3155201f743e48d6ff6bb400)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 11:05:03 +00:00
Hongxu Jia
6a0323daf4 packagegroup-core-tools-testapps: skip KEXECTOOLS for loongarch64
Due to recipe packagegroup-core-tools-testapps run time depend
on package kexec and recipe kexec-tools does not support
loongarch64, then skip KEXECTOOLS for loongarch64

$ echo "MACHINE = 'qemuloongarch64'" >> conf/local.conf
$ bitbake world
|ERROR: Nothing RPROVIDES 'kexec' (but oe-core/meta/recipes-core/packagegroups/
packagegroup-core-tools-testapps.bb RDEPENDS on or otherwise requires it)
|kexec-tools RPROVIDES kexec but was skipped: incompatible with host
loongarch64-wrs-linux (not in COMPATIBLE_HOST)
|NOTE: Runtime target 'kexec' is unbuildable, removing...
|Missing or unbuildable dependency chain was: ['kexec']
|ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
|Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
'packagegroup-core-tools-testapps', 'kexec']

(From OE-Core rev: 37ff515da6e13126f8822b3a55e44cdc62882a51)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 11:05:03 +00:00
Hongxu Jia
deb0df0774 initramfs-module-install: remove loongarch64 from COMPATIBLE_HOST
Due to initramfs-module-install runtime depend on grub, and grub did not
support loongarch64, remove loongarch64 from COMPATIBLE_HOST

$ echo "MACHINE = 'qemuloongarch64'" >> conf/local.conf
$ bitbake world
|ERROR: Nothing RPROVIDES 'grub' (but oe-core/meta/recipes-core/initrdscripts/
initramfs-module-install_1.0.bb RDEPENDS on or otherwise requires it)
|grub was skipped: incompatible with host loongarch64-wrs-linux (not in
COMPATIBLE_HOST)
|NOTE: Runtime target 'grub' is unbuildable, removing...
|Missing or unbuildable dependency chain was: ['grub']
|ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
|Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
'initramfs-module-install', 'grub']

(From OE-Core rev: 6440e1010ade2b4207879a2e8cd288bcd714a445)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 11:05:03 +00:00
Chen Qi
4fe8c5de06 systemd: upgrade from 256.9 to 257
Patch changes:
* 0003-coredump-set-ProtectHome-to-read-only.patch is drop as it's a backported patch.
* 0009-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch is drop as
  AT_SYMLINK_NOFOLLOW has been supportd in musl.
* Other patches are either refreshed or changed to fit the current version.

systemd-boot changes:
* Use src/boot instead src/boot/efi in do_install and do_deploy. See upstream
  change 97318131fd06 (Rename src/boot/efi to just src/boot).

(From OE-Core rev: 4891f47cdaf919033bf1c02cc12e4805e5db99a0)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 11:05:03 +00:00
Richard Purdie
a290c63449 init-system-helpers: upgrade 1.67 -> 1.68
(From OE-Core rev: e901a0f154fe6149b9cfb9b0e7b9289f31f441b9)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 10:51:27 +00:00
Richard Purdie
95950cfff1 base-passwd: upgrade 3.6.5 -> 3.6.6
(From OE-Core rev: 29e96baca3916c2f686717e922c079a332b21970)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-01-03 10:51:27 +00:00
Mikko Rapeli
7a1f8970a8 systemd: add fido to PACKAGECONFIG options
To enable FIDO support.

meta-oe can provide libfido2 but it depends on udev
which creates a dependency loop between systemd (provider of udev)
and libfido2 which is currently unresolved. systemd recipe
could split udev to a separate recipe to solve this, or libfido2
could be compiled in systemd source tree after udev but before
rest of systemd.

(From OE-Core rev: 1e347c36b0d3910cd71b24a4e4ab8e2dd49063d1)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-23 11:35:35 +00:00
Mikko Rapeli
30000c1b3d systemd: add apparmor PACKAGECONFIG support
For meta-security to enable with "apparmor" in DISTRO_FEATURES.

(From OE-Core rev: 804b462b826edf04182c77b6405a52a1c9b9b1f6)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-23 11:35:35 +00:00
Khem Raj
9008c64e67 musl: Upgrade to latest
Brings following changes

* 61399d4b loongarch64: add TLSDESC support
* 9b6a24f9 wire up vdso clock_gettime for riscv32 and riscv64
* f2375aac wire up vdso clock_gettime for powerpc, powerpc64, and s390x
* bc5f816a mips: use preferred asm mnemomic jr for better assembler compatibility
* 4e6c827c mntent: exclude trailing newline from parsed field
* 9929a571 arm: fix _init/_fini alignment in crti.o

(From OE-Core rev: 77a1992eeda6cc6d6f52b50311fb4d98f6e58fc3)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-20 15:47:14 +00:00
Richard Purdie
7adaec468d cve-update-nvd2-native: Tweak to work better with NFS DL_DIR
After much debugging, the corruption issues on the autobuilder appear to
be due to the way sqlite accesses database files. It doesn't change the
file timestamp after making changes, which for reasons unknown, confuses
NFS. As soon as the file is touched, NFS becomes fine again accross the
whole cluster, as if by magic.

We could try and debug further but putting a "touch" call into the code
is easy and harmless. Lets hope this removes this annoying source of
errors.

(From OE-Core rev: f642edb006a8c16dbe45681afe547eabfae17073)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-18 11:58:23 +00:00
Markus Volk
2333609ac2 glib-2.0: update 2.82.2 -> 2.82.4
- remove backported patches

Overview of changes in GLib 2.82.4, 2024-12-11
==============================================

* Fix a double-unref crash which affects many apps which use pygobject to
  export objects on D-Bus (#3559, work by Sebastian Dröge, Philip Withnall)

* Bugs fixed:
  - #3559 2.82.3 regression: lollypop crashes on startup (Philip Withnall)
  - !4430 Backport !4427 “Revert "gdbus: Fix leak of method invocation when
    registering an object with closures"” to glib-2-82
  - !4434 Backport !4432 and !4433 “ci: Add release component to automate
    tarball publishing” to glib-2-82

Overview of changes in GLib 2.82.3, 2024-12-09
==============================================

* Fix compatibility with tzdata 2024b (#3502, work by Rebecca N. Palmer and
  Simon McVittie)

* Bugs fixed:
  - #3502 Test regressions with tzdata 2024b (Rebecca N. Palmer)
  - !4357 Backport !4356 “gdatetime test: Do not assume PST8PDT was always
    exactly -8/-7” to glib-2-82
  - !4370 Backport !4350 “glib: Don't require GLIB_DOMAIN to be a NUL-terminated
    string” to glib-2-82
  - !4380 Backport !4378 “gio: Fix GFileEnumerator leaks in gio tools” to
    glib-2-82
  - !4381 Backport !4373 “macos: Remove extraous space from type identifier” to
    glib-2-82
  - !4388 Backport !4232 “refstring: Fix race between releasing and re-acquiring
    an interned GRefString” to glib-2-82
  - !4397 Backport !4395 “appmonitor: Fix warning building test” to glib-2-82
  - !4400 Backport !4398 “grefstring: Mark a variable as potentially unused” to
    glib-2-82
  - !4417 Backport !4415 “gdbus: Fix leak of method invocation when registering
    an object with closures” to glib-2-82

(From OE-Core rev: 63a276d65a2cc34a8cd7756091f7f0b3908cf625)

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-17 11:41:53 +00:00
Mikko Rapeli
16f1f4d63f systemd: set CVE_PRODUCT
systemd.inc is used by systemd, systemd-boot and
systemd-tools-native recipes so make sure all
match to "systemd" product in CVE database. The
split between systemd, systemd-boot and
systemd-tools-native is specific to oe-core and
upstream just refers to systemd. Not limiting
to "systemd_project" vendor since multiple
vendor names have been used in the past.

(From OE-Core rev: eb46ad379170f0a80ac2d061fa02c118f5ed1d31)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-17 11:41:52 +00:00
Adrian Freihofer
4920a08a2b systemd: split networkd into its own package
Support of images with different network management implementations
without having to recompile systemd and other components.

Fedora does this as well since systemd version 246.6-2:
https://src.fedoraproject.org/rpms/systemd/blob/rawhide/f/systemd.spec#_578
This proves that it is technically possible and officially supported by
systemd.

(From OE-Core rev: 3664d14ef97281961d166f16e7d47996370e405d)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-17 11:41:52 +00:00