The current security-related documentation is a bit hard to find and
hidden within the development manual. However these are processes that
are not part of a development task but is rather a vulnerability
reporting process.
Create a new "Security" section in the documentation to gather this
information. This will be directly visible in the sidebar when opening
the documentation.
Split the previous security-subjects.rst document into 2 documents:
- security-team.rst: defines the roles of the security teams and its
members.
- reporting-vulnerabilities.rst: guide to report vulnerabilities to the
security team.
The plan is to backport these documents to active releases. As a
consequence, this section should be free of instructions and information
that only make sense for a specific release. It should _not_ contain
documents on how to enable security features with Yocto on target
devices, this is unrelated and can be left in the development manual
(for example: dev-manual/vulnerabilities.rst to deal with CVEs).
(From yocto-docs rev: 80556704f8b60b5bf903da497909cfda7dd1b28b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 81e14ca2d5cff9e2104c556655144b069633790c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix the definition of WORKDIR to match OE-Core.
Rename the Source Directory to "project" as part of the transition to
bitbake-setup and the removal of Poky as in "the Poky repository".
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
(From yocto-docs rev: c1db422b9cba0bc475295bf1c2d72bcb2a6beed9)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 9cb0e8a94590563491e210b403519ccfbde866e9)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We should recommend using bitbake-getvar command wherever possible as
its output is much less confusing and overwhelming than bitbake -e.
Unfortunately, bitbake-getvar currently doesn't list Python tasks or
functions, unlike bitbake -e, so keep the latter for some corner cases.
[AG: Moroever -> Moreover typo fix]
(From yocto-docs rev: 3f1ca1c3ef60dfabe5b2a2c6e53d14edad64fb06)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 41e4e05369c4e028c679749b7b62434327927a09)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix typo "whith", should be "which".
(From yocto-docs rev: bec165a3505f298b668bcf2a0f03fb8dcfccc510)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f98b25f7f7522cf223beb001cabef870d6dd8c10)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Replace the legacy call to 'bitbake -e' to get the value of a recipe's
variable with the newer call to 'bitbake-getvar'.
(From yocto-docs rev: 042c4cb8c6291be857a672144b573a5eb10f1ead)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ed7c0766ef5f13b90943a69e64f8e8713d05e864)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update the output of "recipetool -h" to include the missing "edit"
subcommand.
(From yocto-docs rev: 09039d05e485a842690f9f54930400e02eef1c2c)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 092d688349b0b6bb10ae6fbbab7d82801964daf5)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The "show-machines" subcommand is not mentioned in the docs; add it.
(From yocto-docs rev: 98190334b2ad75421e8bf2cc84bd920311398670)
Signed-off-by: Robert P. J. Day <Crpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b4320cdc4df08c59a24d5247b3895dd602554fa0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Since nanbield (b34032ec "defaultsetup: Inherit create-spdx by
default"), the create-spdx class is pulled in by default, not only by
poky.
Adapt the text to reflect this and also change INHERIT to INHERIT_DISTRO
since this is the more concrete variable to modify for disabling
create-spdx.
[AG: fix conflicts]
(From yocto-docs rev: 4c47eb98e096121d71663342dde86b8c9256c9b5)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 2b6228943443faf76c9869a0daeccfe7f93688ca)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The current autobuilder cluster is at valkyrie.yocto.io, published files
on autobuilder.yocto.io will be missing or out-of-date.
(From yocto-docs rev: b3b95e590248025d59a7cef311bb0abf207e72fb)
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 9ed06c070e309b52f1dbf8877867dcede79f4cb6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The filename is outdated as its version was already bumped and there are
also different files for different feed choices.
Use glob to match any available file.
(From yocto-docs rev: 6cd7492bf83232744390f34e496367e94b63e701)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix as many instances of unbalanced-inline-literals-delimiters as reported by
'make sphinx-lint' as possible. Sphinx and/or its linter seem to get tripped
up randomly when references contain links to heading which contain literals
enclosed in double-back-tics, and not all of them can be "fixed" to pass both
building and linting.
(From yocto-docs rev: 0ba5429953dfa0cdc983ed13ddd06351116031c7)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This document was written with SPDX 3.0 in mind (create-spdx-3.0 class)
on OE-Core's master, but Scarthgap only supports SPDX 2.2
(create-spdx-2.2).
The create-spdx-2.2 class only generate a tar.zst output, so remove the
other outputs listed here.
Also, ancillary outputs are not only deployed in tmp/deploy/spdx/MACHINE
but tmp/deploy/spdx in general.
(From yocto-docs rev: deedc7395f565e9820d914de9ffc3b14f8b143eb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
After introducing the DISTRO_LATEST_TAG and DISTRO_REL_LATEST_TAG
macros, use them in links that currently use DISTRO/DISTRO_REL_TAG. When
building for the tip of a branch, this will replace the current A.B.999
in links to the latest existing tag.
The links were found across the documentation by running 'grep -r
"http.*5\.2\.999"' inside the _build/html output after building the
docs.
[YOCTO #14802]
(From yocto-docs rev: d1f3616b373334a5aa75ad7874f05ee4b0e6591f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 29be069ebbf2c55d72fc51d99ed5a558af37c05e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
core-image-lsb was removed in 2019[1], so remove all of the incredibly
obsolete references in the documentation.
[1] oe-core fb064356af615d67d85b65942103bf943d84d290
(From yocto-docs rev: 05029257d0c5f090d5c0a96c6244bfaf40615178)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 062445a49919eff117b5478c1fb18d125c1f895c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The text format has been removed, so also remove references and examples
using this format. Replace with examples with the JSON format.
(From yocto-docs rev: 3757ace0581e6279aa7c065b21cee56edfe985dd)
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a52cd7bcadccc53e982f90d6e170d00798322597)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
[ YOCTO #14747 ]
Adding a initramfs is a common task, and the way oe-core offers to do so
is by using the initramfs-framework recipe and companion modules. There
was already documentation on adding an initramfs but the documentation
was lacking details on this framework. Add it before the multiconfig
section because it is a bit more important IMO.
Reported-by: Alejandro <alejandro@enedino.org>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: e1aa69d00e20a5d3c948c430ed10eb01e7baa574)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit caedbca4eced4cf5bc74aaae64e4ad2887c2fc65)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In the same fashion as the previous commit ("ref-manual/packages: move
ptest section to the test-manual"), move the runtime testing section of
the development tasks manual to the test environment manual.
Add a link to it from the test-manual/intro document.
(From yocto-docs rev: 79aa34db34def525a11c41d951365bcb891318c4)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 6b44257874858db3aa426d3e84a79c41cb4937a3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
[ YOCTO #15106 ]
It makes more sense to document ptests in the test-manual. Since ptests
are still related to packages, keep a link to ptests from packages.rst
to the test-manual.
Reported-by: Yoann Congal <yoann.congal@smile.fr>
(From yocto-docs rev: 110e15c4407dfc03c7d931e4488eb43dbfad7570)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b389c06b709e4791e1cce5e8a5b58f6b0cd03a14)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- Remove duplicate instructions
- Detail how to run bmaptool directly if you installed it on your host
instead of building it through the ``bmaptool-native`` recipe,
as running "oe-run-native bmaptool-native bmaptool ..." won't work
in this case.
- Use "chmod a+w" instead of "chmod 666", better advice,
and only run "chmod" in the option that runs "oe-run-native"
(From yocto-docs rev: a1e4f18af6b0b10cece83c53ebb14052a0b94314)
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 4afa71ef6e5bf1db126c80e6d987f588d0b5a086)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
To follow the styling conventions when we are
refering to the name of a tool instead of the command itself
(documentation/standards.md).
This also improves the HTML rendering of the bmaptools subsection.
(From yocto-docs rev: 55146fae45e8c2de1d0f7242f1c89f3e165d77c9)
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit c569d840c4b6f43e10629b6f1ff45189211e27a9)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The variable SRCPV is deprecated since 4.3. Instead of including SRCPV
in PV, including the sign "+" is enough for bitbake to add the source
control information to PKGV during the packaging phase.
Update the documentation for SRCPV and the places where it was used.
When instructions previously referred to SRCPV, replace by mentioning to
include "+" in the assignment.
In most examples, "+git" is added to PV as it is the most popular SCM.
Simply adding "+" is also possible, although it is better practice to
include the SCM name, so give that example.
Update the gcompat example with l3afpad as it didn't include "+git" in
its PV definition anymore.
(From yocto-docs rev: ef4d259842d9b1dd2d08ee38e00f932852f70543)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ee16c96202e5027d1a8d7e89e11c25f127c78326)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add a section on providing global level configuration from the
layer.conf file. Since this file is parsed at an earlier stage in the
parsing process, it's not possible to combine bb.utils.contains and
{DISTRO,MACHINE}_FEATURES to conditionally set some configurations.
This patch documents:
- First that this file can be used for providing such configuration.
- Then demonstrate how to conditionally provide them, using a technique
that is currently used in meta-virtualization
(https://git.yoctoproject.org/meta-virtualization/tree/conf/layer.conf#n50).
Fixes [YOCTO #12688].
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 36f2a230ca810b1dd221b7c8ce71e8086291131a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 31e5bd3e82e11f77da2abd96eb8c17a7c8194b7c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
bblock is a helper tool to lock/unlock tasks and recipes to specific
signatures. Add a documentation page for it.
(From yocto-docs rev: e882cb3e5816d081eb05cb83488f286cca70e0c6)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a082aa39840587d3af6c3f4a2c2747564ca37414)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In keeping with the addition of the motd message pointing out that
the poky DISTRO is a reference distribution, adjust the opening of the
Creating Your Own Distribution section to match. Additionally, add a
section on the end pointing out what users need to consider if they just
take a copy of the poky distribution and modify it.
(From yocto-docs rev: 3dc812e7255ba7c0ddd7b43b9b1319ea4ef3161e)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Script is now .py
* In the example, we would most likely be within the build directory
already, so the path would be just "sstate-cache" not
"build/sstate-cache"
(From yocto-docs rev: a655ef8f5fee98e55277cbd40a092fcae697cbae)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As reported by "make sphinx-lint"
Tabs are even removed in Makefile examples,
as Sphinx turns them to spaces anyway in the generated output.
(From yocto-docs rev: 20e9c0c9fad3109567948af6bc40bb0fa2a5552b)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Try to particularly emphasize that it can be used to find
out why something rebuilds when it shouldn't.
(From yocto-docs rev: cfaf2707b4a77888316d5eb24bf41ccc21e2c12b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
What was previously known variously as Bmaptool, bmaptools, bmap-tool,
and/or bmap-tools has been updated to the singular name: bmaptool. Update
all references to suit.
Since we are not in charge of debian's package naming policy, any
references that relate to debian package(s) will stay as "bmap-tools".
(From yocto-docs rev: 9c1505eabd69af548652381cf996d44f40a4fa8a)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Document the convention to use variables prefixed by VIRTUAL_RUNTIME.
Add references to the new term where possible.
Another reason is that such variables are recommended
in a warning issued by meta/classes-global/insane.bbclass
(From yocto-docs rev: 11e1ba97edac979868f199e43c1004db6678044c)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enough free storage space is needed to apply package upgrades.
(From yocto-docs rev: 6571eb02cbd5c2b96df0f279f25b63255ab7eac4)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To simplify the style, replace "Following is" and "Following are"
by "here is" and "here are", sounding more natural.
In some cases, also go further by simplifying "Here are/is xxx"
by "xxx are/is" when the "are" or "is" are not two far at
the end of the sentence.
In some cases too, completely remove the sentence, when
it's redundant with the preceding title.
(From yocto-docs rev: 52ba6bb16c73cbc2c0e77496d5226c49bce786f5)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
CC: Daniel Ammann <daniel.ammann@bytesatwork.ch>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the options more clear by providing them in a list instead of plain prosa.
Also add a ref for a presentation wrt spdx 3.0 in the Yocto project.
Fixes [YOCTO 7476]
(From yocto-docs rev: a15e354f98607592a67d2df91dfa2bf0707d8f38)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes an issue introduced by d8fdec653f96c4ddcb705ff0ef17ed641afcfe2d
(From yocto-docs rev: bd970a2101df6e7437fce9cd74deb8bb86aedbd0)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the hint to the test setup that runqemu-gen-tapdevs will need the
iptables package installed.
(From yocto-docs rev: 4a688fb991282bf606f080d748f5290d988e4354)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The VSCode extension is now officially maintained and published by the
Yocto Project so it should be referenced in the manuals to help users
discover it.
I located the most relevant places to reference the extension by looking
at how the old Eclipse plugin was documented in the 2.6 manuals as well
as the current Toaster references.
(From yocto-docs rev: 645153504690aa8a69b028e95a5e9d2da9644cf1)
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After changes in openembedded-core@1a4ab9f, image licenses moved one
directory down into ${SSTATE_PKGARCH} subdir.
(From yocto-docs rev: ea9675f079cef919a9d13ab12d095144b2eae6ab)
Signed-off-by: Ilya A. Kriveshko <iillyyaa@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The yocto website has changed its structure. Update the section for
Accessing the Downloads page to match the new structure.
(From yocto-docs rev: d8fdec653f96c4ddcb705ff0ef17ed641afcfe2d)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
