It can be useful to use git on target (e.g. with some wrapper like
etckeeper for keeping track of changes to /etc), and for such cases,
it is likely one has no need for pulling from/pushing to http[s]
repositories. From the INSTALL file:
- "libcurl" library ... If you do not use http:// or https://
repositories, and do not want to put patches into an IMAP
mailbox, you do not have to have them (use NO_CURL).
- "expat" library; git-http-push uses it for remote lock
management over DAV. Similar to "curl" above, this is
optional (with NO_EXPAT).
Setting --without-expat and --without-curl reduces the size of the
installed "git" package from 18M to 12M, in addition to avoiding
pulling those libraries into the rootfs.
(From OE-Core rev: 49f81198c5d233a9a2612c3b8366681dd85bea59)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The missing gitsm:// mappings looks like an oversight, add them.
(From OE-Core rev: 6600b9fca7888fb41647cd000b9efb7f0762dfde)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When running g-ir-scanner, we get the following error:
Couldn't find include 'GObject-2.0.gir' (search path:
'['/usr/lib64', 'gir-1.0', '/usr/local/share/gir-1.0', '/usr/share/gir-1.0',
'/usr/share/gir-1.0', '/usr/share/gir-1.0']')
This is because g-ir-tool-template.in is not setting girdir correctly.
It's using the prefix instead of the actual girdir.
Note that we don't get such error at do_rootfs time because the extra
directories are speicified. But we will get such error at runtime when
multilib is enabled.
(From OE-Core rev: 4bc68b6a8187947516615e47f22a6b16d71c3b37)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise rendered as "en" dashes by sphinx, for example:
git pull –rebase
instead of
git pull --rebase
Readers could confuse them with normal dashes.
Exception: replace by \-\- in italic text (*text*)
as Sphinx cannot nest italic and quoted text.
For consistency, also update quoting in strings in the same code hunks.
(From yocto-docs rev: 4e7ce372e37f76148f623a5295a15e08bc2603ff)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the list of renamed and removed variables, show how the renaming
script works. Also mention the change in cve-check output.
(From yocto-docs rev: a0b55789035c8d44426b6ff8267b4042ef0a58ba)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I believe we should only be showing the "active" versions in the switchers
base list of releases to show. Zeus and warrior are old and no longer actively
maintained and we don't suggest new users use them. gatesgarth is also
outside it's support window.
I therefore propose removing these leaving us with dev, honister, hardknott,
dunfell (LTS). In addition, any release that is selected will be shown, along
with any later release in that release series.
People can still navigate to the older docs using the releases list or by
direct URL but this highlights to users which releases we'd expect/encourage
them to be using.
(From yocto-docs rev: 5bcd6a632ba2ebace9c65fe8529f8f1de40226ce)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The reasons for this are lost in the mists of time. These are already
in OE-Core as MIRRORS and we should be falling back to the project as
a backup, not a default. Update accordingly.
(From meta-yocto rev: 1b71a3b9418fd928fb72bd23898cffe70c43d9d5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Until now the CVE checker was giving information about CVEs found for
a product (or more products) contained in a recipe. However, there was
no easy way to find out which products or recipes have no CVEs. Having
no reported CVEs might mean there are simply none, but can also mean
a product name (CPE) mismatch.
This patch adds CVE_CHECK_COVERAGE option enabling a new type of
statistics. Then we use the new JSON format to report the information.
The legacy text mode report does not contain it.
This option is expected to help with an identification of recipes with
mismatched CPEs, issues in the database and more.
This work is based on [1], but adding the JSON format makes it easier
to implement, without additional result files.
[1] https://lists.openembedded.org/g/openembedded-core/message/159873
(From OE-Core rev: d1849a1facd64fa0bcf8336a0ed5fbf71b2e3cb5)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add an option to output the CVE check in a JSON-based format.
This format is easier to parse in software than the original
text-based one and allows post-processing by other tools.
Output formats are now handed by CVE_CHECK_FORMAT_TEXT and
CVE_CHECK_FORMAT_JSON. Both of them are enabled by default.
The JSON output format gets generated in a similar way to the
text format with the exception of the manifest: appending to
JSON arrays requires parsing the file. Because of that we
first write JSON fragments and then assemble them in one pass
at the end.
(From OE-Core rev: df567de36ae5964bee433ebb97e8bf702034994a)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Changed urllib3[brotli] extra to favor installing Brotli libraries that are
still receiving updates like brotli and brotlicffi instead of brotlipy.
This change does not impact behavior of urllib3, only which dependencies are
installed.
- Fixed a socket leaking when HTTPSConnection.connect() raises an exception.
- Fixed server_hostname being forwarded from PoolManager to HTTPConnectionPool
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
(From OE-Core rev: 1c44078db4e8fc3ed992ede38708bea0dcf87f11)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Fixed support for pytest 7.0, and pytest>=7.0 is now required.
(From OE-Core rev: 34f6bc8ca0cfc310fd6ba494b995fa86d28b5a6e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Improve error detection and message when Hypothesis is
run on a Python implementation without support for "-0.0", which is
required for the "floats()" strategy but can be disabled by unsafe
compiler options (issue #3265).
If the "shrink" phase is disabled, stop the "generate" phase as
soon as an error is found regardless of the value of the
"report_multiple_examples" setting, since that's probably what you
wanted (issue #3244).
(From OE-Core rev: 56702a6c8e066d3730dd336eeb98d10534226601)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: year updated to 2022
Changelog:
=========
- Handle RSASSA-PSS in keys.PrivateKeyInfo.bit_size and
keys.PublicKeyInfo.bit_size
- Handle RSASSA-PSS in keys.PrivateKeyInfo.wrap and keys.PublicKeyInfo.wrap
- Updated docs for keys.PrivateKeyInfo.algorithm and
keys.PublicKeyInfo.algorithm to reflect that they can return "rsassa_pss"
(From OE-Core rev: 8fbe3bd4aca7a8906e342bcc9f27e205398919c3)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Replace hyphens by em dashes when necessary
See https://www.grammarly.com/blog/hyphens-and-dashes/
- No uppercase after em dashes
- No uppercase after colons if what follows is not a
complete sentence.
- Fix spacing before colons ":"
- Replace em-dashes with colons for consistency in a section
(Bitbake rev: 72230d6a9976b3bfca1f1e6fb09736fec195e2fe)
(Bitbake rev: f1c4ac816e927f490fb9852c12aa408e8c9403b1)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The "force" option to parser shutdown was often the cause of lockups and
there is no good reason we should have two different behaviours.
Change and unify the codepaths to always:
* Wait for longer for a controlled shutdown of a process (0.5s). Usually
it will be much faster if it has finished so the delay doesn't really matter.
* Send processes a SIGINT
* Failing that, send a SIGTERM
* Call .close() if available to release zombies
This means we no longer need the "force" parameter to the function so it is removed.
(Bitbake rev: de88c62ef873e9fce78ba162f5311d846de96f2b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a parser process is terminated while holding a write lock, then it
will lead to a deadlock (see
https://docs.python.org/3/library/multiprocessing.html#multiprocessing.Process.terminate).
With SIGTERM, we don't want to terminate holding the lock. We also don't
want a SIGINT to cause a partial write to the event stream.
I tried using signal masks to avoid this but it doesn't work, see
https://bugs.python.org/issue47139
Instead, add a signal handler and catch the calls around the critical section.
We also need a thread lock to ensure other threads in the same process don't
handle the signal until all the threads are not in the lock.
(Bitbake rev: a40efaa5556a188dfe46c8d060adde37dc400dcd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Not sure why this is so convoluted but we should simplify it!
(Bitbake rev: 6195343c46ba9d2685fc2d42366922f88ff3f369)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If an exception occurs in the parsing process, ensure the cleanup
is called via all codepaths using a try/finally.
(Bitbake rev: e1ba2a69f1fc02f01a851bce20b1badf0b991f03)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When parsing, the parser isn't servicing the main loop so a Ctrl+C in the
UI won't be seen on the cooker/server side. Fix this by returning when queue
timeouts occur. This helps where there is a hung or slow parsing thread.
(Bitbake rev: a2cde38311a51112dca5e7bb4e7feaf4e6a281b3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We shouldn't be generating exception inside a generator. Rearrange the
code to improve the handling of this. Also fix the misconverted code
from when multiconfig was added and pass the exception as "result".
(Bitbake rev: ae89e23696de2f27c00ae00922933395171de5d5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use the new MOUNT_COPYBIND_AVOID_OVERLAYFS flag provided by mount-copybind.
When SELinux is enabled, processes accessing OverlayFS mounts will get a denial
if the process setting up the mount doesn't have all the permissions that
the accessor has.
(From OE-Core rev: 6002bdc77643c363a8326bf163baecba8b36e3e0)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It was found when a end user wants to build a squashfs type initramfs
into fitimage, it just fails without printing out any error or warning
messages, which is not right.
Introduce a FIT_SUPPORTED_INITRAMFS_FSTYPES variable to avoid
hard-coding the supported initramfs types, and it could be overridden
in config files. Also break the build when none of a supported
initramfs type is found.
(From OE-Core rev: b0f8d8a4c063936b50d3ec7c066b29157b3c3544)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
