When enabling ipcs and ipcrm configuration into busybox, both tools are
built and then deployed during do_rootfs. These operation lead to below
issue (similar behavior happens for ipcs):
do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
update-alternatives: Error: not linking .../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm
to /bin/busybox since .../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm exists and is not a link
Binaries enter in conflict with same named util-linux utilities during
do_rootfs step.
Adding ALTERNATIVE_LINK_NAME for both tools fix the issue.
(From OE-Core rev: dc4099307100de817110958c9426ced4189fd0ac)
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e4d60408b869c9cc2ccff794d4e271d993ec8a97)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If the instance name indicated by %i begins with a number, the meaning of the
replacement string "\\1{}".format(instance) is ambiguous.
To indicate group number 1 regardless of the instance name, use "\g<1>".
(From OE-Core rev: 70107f1bc33b45da794b7a24b7325eb476516fdf)
Signed-off-by: Yuta Hayama <hayama@lineo.co.jp>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d18b939fb08b37380ce95934da38e6522392621c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The ptest problems reported in e21021dc00ec ("mdadm: drop from PTESTS_SLOW")
should now be fixed, so mdadm can be added back to PTESTS_SLOW (a qemux86-64
test run takes about ~12 minutes to execute with kvm).
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
2023-06-30T08:25
BEGIN: /usr/lib/mdadm/ptest
PASS: /usr/lib/mdadm/ptest/tests/00linear
PASS: /usr/lib/mdadm/ptest/tests/00multipath
...
PASS: /usr/lib/mdadm/ptest/tests/19repair-does-not-destroy
PASS: /usr/lib/mdadm/ptest/tests/20raid5journal
PASS: /usr/lib/mdadm/ptest/tests/21raid5cache
DURATION: 723
END: /usr/lib/mdadm/ptest
2023-06-30T09:16
STOP: ptest-runner
TOTAL: 1 FAIL: 0
For the testcases to run correctly, there must be enough rootfs space to create
13 loop devices. Similar to strace and lttng-tools, add a new
IMAGE_ROOTFS_EXTRA_SPACE entry for mdadm-ptest.
(From OE-Core rev: 174ef92965acd605e5aa5ed26afb3f8d556e98b2)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dfefff63c547adb1add0c8e3a308b2d0bd6cfc8c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There are four directories in which scripts can be placed which will
always be run for any interface during certain phases of ifup and ifdown
commands:
/etc/network/if-pre-up.d/
/etc/network/if-up.d/
/etc/network/if-down.d/
/etc/network/if-post-down.d/
Even if there are no scripts in these directories, ifup and ifdown
commands will also search these directories by using run-parts command.
Install these directories to fix the following runtime errors:
$ cat /etc/network/interfaces
auto lo
iface lo inet loopback
$ ifdown lo
ifdown: interface lo not configured
$ ifup lo
run-parts: failed to open directory /etc/network/if-up.d: No such file or directory
ifup: failed to bring up lo
(From OE-Core rev: c248473e2d60cfa67c64aa586b404119dec728ff)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 277bc7ab1fedd81f4df578e544ec381c819a10f9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2 issues:
- the .so extension is hard-coded, and therefore the libxcryt package compiled with
meta-darwin is empty, because the dylib files are not contained in FILES_${PN}
- nothing actually produces a file libcrypt-*.so (the symlink file is libcrypt.so, without dash), thus
defining FILES:${PN} manually to contain libcrypt-*.so has no effect.
(From OE-Core rev: 06f8aaf8ee03b07f79e1a17708b5946782e389bd)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7ed6bfa2428b4f1ba7f09d6e9e67c462ff355153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There were vestigal remains of API key support which could be removed,
but as using an API key - in theory - gives the user larger rate limits
it's probably wise to expose it.
If the user has an API key, then set NVDCVE_API_KEY.
(From OE-Core rev: 64784e90c5ff559f4da6faadb970cc7aff549592)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a542de684282bfec79f24ae2f1a2027ffde319d8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add a note of what range we're fetching, and use bb.note() instead of
debug() as messages about retrying shouldn't really be considered debug
logging.
(From OE-Core rev: cc82df9c0ff8ba17196b578e0182a5c726cfbbff)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b64a869b9c5e1d504f1011da16b5c5ff721afbf0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Current 503 errors seem to last several seconds.
In most cases there are two errors and third request succeeds.
However sometimes the outage takes more than time needed
for two retries and third one also fails.
Extend retry count from 3 to 5 to improve the probablity
that the fetcher succeeds.
(From OE-Core rev: 5ca193e287c54bcb17f26e82e61e9446c21cd7e4)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f4d118af2360cff7f234102fd5e4b65a6f4146a6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Last couple days it is not possible to update NVD DB as servers
are returning lot of errors.
Mostly "HTTP Error 503: Service Unavailable" is observed but
sporadially also some others.
Retrying helps in most cases, so extend retries to all errors.
Additionally add sleep which is recommended by NVD between requests.
These retries are already implemented between successful requests,
but giving servers time between failed ones is important, too.
(From OE-Core rev: 75d2c50a10b8b506096b43a15bca3f06c6734e2f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 88dad8f198baa80af5ab576498f4df6ed639d551)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
After upgrade to soon-to-be-released kirkstone 4.0.11 CVE annotations got broken.
Anything which has only cvssV3 does not resolve properly.
Fix the API fields used to extract it.
i0.0 score is now at level of NVD DB 1.1.
All CVEs with UNKNOWN vector are not present in NVD DB 1.1.
NVD API 1.1:
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|4776
LOCAL|32146
NETWORK|167746
PHYSICAL|185
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|73331
1.8|7
1.9|3
...
NVD API 2.0 (broken):
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|4587
LOCAL|26273
NETWORK|150421
UNKNOWN|24644
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|205925
NVD API 2.0 (fixed):
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|5090
LOCAL|32322
NETWORK|168004
PHYSICAL|213
UNKNOWN|511
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|73841
1.8|7
1.9|3
...
(From OE-Core rev: babf20391305e514ddcd24be261b9b8487c8c767)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61a5857efdcc0f49c69c0deb24fce99007aeef19)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When requesting updates in a specific range, use the actual current time
and database mtime instead of truncating to midnight, and explicitly set
the timezone to UTC so that NIST don't treat the timestamps as _their_ local
time when they're _our_ local time.
(From OE-Core rev: aa03556732b295fcf4bc2de11e3bc2e2b364580e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9aa0ec37f5f74252588d2494a71c71a7d8e68df9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Some CVEs, such as CVE-2013-6629, list multiple configurations which are
vulnerable. The current JSON parser only considers the first
configuration.
Instead, consider every configuration. We don't yet handle the AND/OR
logical operators, but this is a step in the right direction.
(From OE-Core rev: a2d50c0fd1e1be869d8786b920f8b428a3292ed1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1bf4f6dd686055fe9a8bdcc3f739eac2807bae0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Needs to go to master branch before stable branches.
This reverts commit 7702dc8fc6c9b34647067ffabbc0e24d6109abe7.
(From OE-Core rev: ac4c9f5aa967507d028caa3ee70f3fce580f9a09)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The eagain patch is currently using G_IO_ERROR_BUSY as part of the check
to retry when the simul_read_thread test fails during ptests, but the
actual error code is 27, which corresponds to G_IO_ERROR_WOULD_BLOCK.
Change the check so that it looks for the right code.
(From OE-Core rev: 669bb92fde575d3f9674b87044575873c3506df5)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8574fb1371e2d83c1c7ee58067c50319a62a22ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
lld ends up with errors on some tests
| riscv64-yoe-linux-ld.lld: error: section size decrease is too large
Therefore do not use lld when building ptests
(From OE-Core rev: 23bcd0dbf3aeaff6b6914d347954bec22a133e23)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 154e81bb6b05b23c0c673b431cb7cee868421335)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
glibc configury tries to detect ld version and assumes BFD or gold
linker but when system ld is pointing to lld or mold it might fail the
linker check, therefore pass LD variable to explicitly point at ld.bfd
we are using BFD linker only to link glibc after all.
Second problem in such a case is that some partial objects are linked
with CC -r which will fail if we do not inform the compiler to use BFD
linker thusly pass it via appending to CC variable
(From OE-Core rev: d1a9d11130b2e0ee4fac8665f0b4c63084d85a86)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 63248d2cbd7a15aec5b864d0058fe919eb17c46c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Commit 6fe23ff31c0 changed README to a symlink to README.logs, and
install README.logs under systemd doc dir.
But for OE, systemd doc dir is splited into package systemd-doc, when it
is not installed on the target, there will be an dead link:
Eg:
root@intel-x86-64:/var/log# ls -l README
lrwxrwxrwx 1 root root 39 Jun 20 08:57 README -> ../../usr/share/doc/systemd/README.logs
root@intel-x86-64:/var/log# ls -l ../../usr/share/doc/systemd/README.logs
ls: cannot access '../../usr/share/doc/systemd/README.logs': No such file or directory
Meantime, relative path for a symlink also will meet issue like
"No such file or directory"
Since OE have set ForwardToSyslog=yes, this README is not needed.
So remove this symlink from package systemd
(From OE-Core rev: 7702dc8fc6c9b34647067ffabbc0e24d6109abe7)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update dbus to 1.14.8 to fix CVE-2023-34969 and serveral bugs
changes:
f90d4f1693/NEWS
commits:
55d11f57 doc/dbus-api-design: fix wrong closing tag
a96f417f CI: Run a detached pipeline for merge requests
9e0477fc CI: Only run for pushes to dbus
077f7e43 CI: Remove an obsolete workaround
07fe44f4 CI: Update Windows runners
ec708d55 CI: Avoid using a no-op download location that gives a 403 error
45e6e93e dbus_message_iter_get_signature: Fix two memory leaks on OOM
0bb1942e dbus-internals: use `_DBUS_FUNCTION_NAME` in `_dbus_verbose()`
8df1b8be dbus-sysdeps-win: do not log function name twice
5c3a4e81 dbus-spawn-win: use `_DBUS_FUNCTION_NAME` instead of `__FUNCTION__`
8e457296 Update NEWS
e1ffce17 Revert "CI: Remove an obsolete workaround"
40c0802f monitor test: Log the messages that we monitored
a70c8f2f bus: Assign a serial number for messages from the driver
39b5c617 monitor test: Reproduce #457
f99e5de1 Update NEWS
21414587 AUTHORS: Update
f90d4f16 Release v1.14.8
(From OE-Core rev: c1f21ec27cc7ac54040457c8591fdfedf25440bf)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Refactor _process_deps to expand systemd instance specifier "%i" to the
template instance.
This change expands on prior commit e510222b57 ("systemd-systemctl: fix
instance template WantedBy symlink construction") by substituting every
"%i" pattern-match with the instance name.
The regexp handles the following cases:
* svc-wants@%i.service
* sys-subsystem-net-devices-%i.device
(From OE-Core rev: c734906a901c5dead9d879df0f251ba848fdb577)
Signed-off-by: Ian Ray <ian.ray@ge.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9356276137267a29ae2289d796a2940918375308)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch should have been dropped when upgrading to 253
since its already available upstream since then
(From OE-Core rev: a0f5dc78f030a3c4efbc864c385b6592a22ef1ec)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b677b766280b39e8bf507d5aec4f08e49fd72a9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bug fix release. 1.36.1 has fixes for line editing, detection of hardware
sha1/sha256 support, unzip (do not create suid/sgid files unless -K),
shell (printf and sleep with no args, handing of SIGINT in sleep), ed.
- regression on x86 is still in place
(From OE-Core rev: a30ec03e3b59a596f48b9a6b8cf1d41d76e33bf3)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 09c5499f5885662a55a8810078e7208a1696b29f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
ver 0.57:
Fix issue with handling Generic Netlink cancel requests.
ell 0.57 is required for iwd 2.5
(From OE-Core rev: 3d3f9b4dce794114628a15bf375a8f91b7169a27)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f13fe33403f077802640e70a84596546d555c3b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When the protocol used to fetch the Git repository was changed from
"git" to "https" in commit 139102a73d (recipes: Default to https git
protocol where possible), the URI was not updated to match.
(From OE-Core rev: bb3c35309e23121dfc9b0f2f06d31f38554a3820)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0434a5ae168f737741e66a7fe1e30a8703b8ce16)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
autoconf-archive is a collection of m4 autoconf macros needed at
build-time, and autoconf-archive-native is a suitable provider as there
is nothing in the recipe that needs to be cross-compiled.
Also if we use DEPENDS=autoconf-archive then the recipe's -dev package
ends up RDEPENDing on autoconf-archive, which isn't correct.
Universally change any DEPENDS on autoconf-archive to the -native form,
and add any missing dependencies that were implicit before.
(From OE-Core rev: be5534a8ca4a5ab7323039123e680ba1f6ede908)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 571132415ea7fe2d91c62948f2b6aa553eafa83d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The recommendation from server maintainers is that the https protocol
is both faster and more reliable than the dedicated git protocol at this point.
Switch to it where possible.
(From OE-Core rev: 8f3669f81db8a58f8ed2faef76acab3499f59619)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 139102a73d4151f4748b4a861bd4ab28dda7dab7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix issue of the below instance template systemd service dependency
[Install]
WantedBy=svc-wants@%i.service
creating the symlink (instance "a" example)
/etc/systemd/system/svc-wants@%i.service.wants/svc-wanted-by@a.service
which should be
/etc/systemd/system/svc-wants@a.service.wants/svc-wanted-by@a.service
as implemented by this change.
The functionality appears regressed just after "thud" baseline when the
logic was refactored from shell script into python (commit
925e30cb10)
(From OE-Core rev: 308397f0bb3d6f3d4e9ec2c6a10823184049c9b5)
(From OE-Core rev: 372b29c8ad270d4d430c26a4e614976c7029afaf)
Signed-off-by: Martin Siegumfeldt <mns@gomspace.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
these tests do not work with musl's iconv implementation and would need
enabling icu support using --with-icu which we do not enable by default
Additionally enable locale with musl too.
(From OE-Core rev: 1fbab00c9d887285a9e966e81ff75a7fc7039baa)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 03980db15fa1de2f970705364c2316f17428a3aa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In autobuilder testing we regularly see glib-networking ptest fail with a
"Resource temporarily unavailable (g-io-error-quark, 27)" error.
Add a patch to see if a retry can resolve the issue.
(From OE-Core rev: 6282f64a6673bcd9b0a6cedfcb8cd3d1a6de1077)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4deb03ee5af8fcf7c2b1c81c686839341cf753c4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
hwclock.sh had default update-rc parameters which made it run after
other tasks that work with the clock such as connman. This causes a
time obtained by NTP to be clobbered by a potentially incorrect time
in the RTC.
Provide non-default INITSCRIPT_PARAMS to have hwclock.sh run during
the rc startup before runlevel initscripts start.
(From OE-Core rev: 3012bac35ada9a9f66d9e6e2fecaee09527b9d44)
Signed-off-by: Chris Elledge <celledge@siteworx.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add new fetcher for the NVD database using the 2.0 API [1].
The implementation changes as little as possible, keeping the current
database format (but using a different database file for the transition
period), with a notable exception of not using the META table.
Minor changes that could be visible:
- the database starts in 1999 instead of 2002
- the complete fetch is longer (30 minutes typically)
[1] https://nvd.nist.gov/developers/vulnerabilities
(From OE-Core rev: fb62c4c3dbca4e58f7ce6cf29d4b630a06411a97)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A recent package.py change has highlighted some corruption issues with -dev
pkgconfig package dependencies. Bump the output versions to trigger a rebuild
and ensure everything is consistent.
Take the opportunity to also drop all HASHEQUIV_HASH_VERSION entries since the
main version is changing.
(From OE-Core rev: f45ddfbf007de858327eef0ffefd5840ef4c69b8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
