Testing shows the worst case CDN response time can be up to 100s. The wget fetcher
is used for accessing sstate from the CDN so increase our timeouts there to match
our worst case repsonse times.
(Bitbake rev: 70b09f62bc5622fa64bb668cdad610bd48bf7bb9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Removes the code in bitbake to show custom backtrace formatting for
exceptions. In particular, the bitbake exception code prints function
arguments, which while helpful is a security problem when passwords and
other secrets can be passed as function arguments.
As it turns out, the handling of the custom serialized exception stack
frames was pretty much made obsolete by d7db75020ed ("event/msg: Pass
formatted exceptions"), which changed the events to pass a preformatted
stacktrack list of strings, but the passing of the serialized data was
never removed.
Change all the code to use the python traceback API to format exceptions
instead of the custom code; conveniently traceback.format_exception()
also returns a list of stack trace strings, so it can be used as a drop
in replacement for bb.exception.format_exception()
(Bitbake rev: 1f7889c2f5e192fb108b51883aac8685ccb187f2)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add a section on providing global level configuration from the
layer.conf file. Since this file is parsed at an earlier stage in the
parsing process, it's not possible to combine bb.utils.contains and
{DISTRO,MACHINE}_FEATURES to conditionally set some configurations.
This patch documents:
- First that this file can be used for providing such configuration.
- Then demonstrate how to conditionally provide them, using a technique
that is currently used in meta-virtualization
(https://git.yoctoproject.org/meta-virtualization/tree/conf/layer.conf#n50).
Fixes [YOCTO #12688].
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: b73e99b161a11a46a1a96ff42135893e0c978e2a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 31e5bd3e82e11f77da2abd96eb8c17a7c8194b7c)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
To make references to the bitbake repo, add an extlink for it and use it
in the docs with ":bitbake_git:`lib/bb/utils.py </tree/lib/bb/utils.py>`".
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 5efb5f678278276aebd6809ab785dcea8c732de3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 8bf3c656ec54a582c75ca7c135121a15f8e4f631)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This variable was removed from the Sphinx-generated
documentation_options.js, thus breaking the current implementation of
our switchers.js. Like searchtools.js, which is also generated by
Sphinx, use document.documentElement.dataset.content_root as a
replacement.
To be backwards-compatible to get one or the other.
(From yocto-docs rev: 1771d1b174b42ae9de5b46898a805bee7e10c076)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 2849690abf94872e259e712128e90413f3b9a2f2)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These files are placed in the _static directory during publish. Note
that Sphinx does not complain if files do not exist during compilation
(since they are copied at the end). This is why this was used instead of
the ":download:" role.
(From yocto-docs rev: 3f6848dd88cd4266e721cc7bbb2460b1e9d24f2b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 38aa55418426227203fe3a106fa1e85494a57c12)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch makes the "latexpdf" target compile the documentation with
xelatex instead of the default pdflatex engine.
The reason behind this is stated in [YOCTO #14357]: pdflatex does not
support compiling foreign characters, so we need to resort to another
engine, here xelatex.
It also increases the texmf config buf_size to 10000000 to avoid a
compilation error.
(From yocto-docs rev: 9a297c65942a52d6165378d6792d5e0788b492ba)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 93848842b3ad8aa6b9c9f46d60f2c2ad396c6971)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Remove inkscape as it is not part of meta/, and use librsvg so we can
ship it in a buildtools tarball for the autobuilder workers.
(From yocto-docs rev: 65db816385dd985bfc3bc895102b25e9ea5d9adf)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0caa432b888209bd80443df230143761e1faf415)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In embedded box, sed might be provided another providers like Busybox,
hence use generic options whenever possible.
/bin/sed -> /etc/alternatives/sed
/etc/alternatives/sed -> /bin/busybox.nosuid
Here used 'sed -u' option is not necessary, hence removed it.
Fixes below error:
sed: invalid option -- 'u'
Also added 'set -eux' option which halts execution of the script
on any failures.
(From OE-Core rev: 045d50e63bcaf13056ce749c616eecc4d4516958)
Signed-off-by: Aditya Tayade <Aditya.Tayade@kpit.com>
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07caee1829d2a61bc018fe0e37ecd482922179ee)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
With rdp enabled, nothing from freerdp is installed in the rootfs, and
rdp is not usable. It seems there is no actual build time dependency
other than the meson check itself, so add an explicit runtime
dependency.
(From OE-Core rev: a378c75bfb7d3be5f8af4947465349266eef8a84)
Signed-off-by: Tom Hochstein <tom.hochstein@oss.nxp.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 23271a1f908a223b4eb56d6034cbb1ac23da14fe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.
(From OE-Core rev: 55069a5f68ade552e3c45333d441dc2d18753476)
Signed-off-by: Regis Dargent <regis.dargent@gmail.com>
Fixes [YOCTO 15616]
network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160f7139172ffdf510a0d7d4e85f7fbaac7fd000)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Import a merged patch that sort external libs in the wheel file
generated by maturin. That improve reproducibility.
(From OE-Core rev: 055519ae0da73afd1bfb89d74193b41751dc9a80)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
CC: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 66da28f85727206c0e647efba93c1be028519fe5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The '-fdebug-prefix-map' options are used to map source files locations,
otherwise, DW_AT_comp_dir will contain buildpath.
The '-gno-record-gcc-switches' option is used to fix the buildpath introduced
by '-fintrinsic-modules-path' option, which is automatically added by fortran.
Here's some output from 'readelf --debug-dump libgfortran.so.5.0.0' when this
option is not added:
"""
<0><1a37d3>: Abbrev Number: 4 (DW_TAG_compile_unit)
<1a37d4> DW_AT_producer : (indirect string, offset: 0xd653): GNU Fortran2008 14.2.0 -m64
-march=core2 -mtune=core2 -msse3
-mfpmath=sse -mshstk -g -O2 -O2 -fstack-protector-strong -fimplicit-none
-fno-repack-arrays -fno-underscoring -fcf-protection=full
-fallow-leading-underscore -fbuilding-libgfortran -fPIC
-fintrinsic-modules-path /ala-lpggp72/qichen/Yocto/builds/build-poky/tmp/work/
core2-64-poky-linux/libgfortran/14.2.0/recipe-sysroot-native/usr/bin/x86_64-poky-linux
/../../lib/x86_64-poky-linux/gcc/x86_64-poky-linux/14.2.0/finclude
-fpre-include=../../../../recipe-sysroot/usr/include/finclude/math-vector-fortran.h
"""
See https://gcc.gnu.org/pipermail/fortran/2024-October/061204.html for more
detailed information.
(From OE-Core rev: ba53108d33267b58306c6406ec90455bc221edaf)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1eb084956bcba83782bc2b24cf8cc89459a57e34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cortexa32 is a 32-bit armv8a architecture processor, so set the tune feature
as armv8a instead of aarch64 which is 64-bit armv8a architecture.
It solves the following build error while compiling libgcc-initial
and libssp-nonshared.
-- snip --
aarch64-poky-linux-musl-gcc: error: unrecognized command-line option '-mfpu=neon'
aarch64-poky-linux-musl-gcc: error: unrecognized command-line option '-mfloat-abi=hard'
-- snip --
(From OE-Core rev: 19402b5e867616e26c0013402a3b9f32acb6d9fc)
Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3b898270aca62559dfa42ed71d296fe8a8b46a41)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The bash completion scripts for `umount`, `fstrim` and `fsfreeze` make
use of `findmnt` so add it to the bash completion RDEPENDS.
(From OE-Core rev: 2fa36487777ec352f5fb1379657236da342367a7)
Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8703b486a6ccf39225815362acadafb890ca56e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It's possible to build the hdtbl examples before grn has been build:
groff: error: couldn't exec grn: No such file or directory
Backport a dependency fix from upstream.
[ YOCTO #15610 ]
(From OE-Core rev: 1c007c8dab24da03c739d4cccdaabfcf78807b5b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d590a32423d05cefc4e7282f971f633b3fa0b941)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---- Result was:
{abcdefghj
01234} 0
---- Result should have been (exact matching):
{abcdefghj
} 1 01234 0
==== io-13.6 FAILED
This test is documented as failing on slow machines, so just skip it.
[ YOCTO #15407 ]
(From OE-Core rev: 8b608a5f40c6c40d0fd1091c8943eae61adc1df0)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f69183586655294c9aed6687cebe57767c2f3eb8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
While enabling multilib, build gcc-source-14.2.0 and lib32-gcc-source-14.2.0
at the same time:
$ MACHINE = "qemux86-64"
$ require conf/multilib.conf
$ MULTILIBS = "multilib:lib32"
$ DEFAULTTUNE:virtclass-multilib-lib32 = "x86"
$ bitbake gcc-source-14.2.0 lib32-gcc-source-14.2.0
...
$ cat tmp-glibc/work-shared/gcc-14.2.0-r0.vr2401/temp/log.task_order
20241012-064533.415426 do_recipe_qa (2688052): log.do_recipe_qa.2688052
20241012-064533.463783 do_recipe_qa (2688051): log.do_recipe_qa.2688051
20241012-064533.805164 do_fetch (2688257): log.do_fetch.2688257
20241012-064533.852955 do_fetch (2688256): log.do_fetch.2688256
20241012-064617.823714 do_unpack (2698542): log.do_unpack.2698542
20241012-064617.871730 do_unpack (2698541): log.do_unpack.2698541
...
There are two tasks for do_fetch, do_unpack and others, so there are race issues.
Both of them have the same hardcode 'gcc' prefix in ${WORKDIR} and
${S}, explicitly disable lib32-gcc-source-14.2.0 for multilib
Set gcc-source as BPN of gcc-source-14.2.0
(From OE-Core rev: 9609a7c9c6d809cc02480c3f12f8dd7c6f3fe9fc)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 901c47877e0710af50639f688e0bfdb851b762b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Avoid "RuntimeError: release unlocked lock" since the lock shouldn't
be locked even in the error path. Add a try/finally path to ensure
this.
(From OE-Core rev: 0d08aab2e1c1ff1a8cb41b62b2e763bb88ca8b5a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b0732ee009ca47580d1d2ad75334f4aa50e6efd5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We can skip processing the installed-pkgs file if globs is empty.
This is the case if self.d.getVar for IMAGE_INSTALL_COMPLEMENTARY
returns an empty string. If globs is an empty string the result from
processing with empty glob in oe-pkgdata-util will always be 0 packages
to install.
Instead of return early on this we just skip and still generate the
locale archive if needed.
(From OE-Core rev: be4dbec9e79b51b9b72670291ba02c4f6d3258dd)
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160c45c83d5addf01e4834cf896af871bd6fca7f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Exception handler tries to read() /etc/passwd file in sysroot
and if file doesn't exist for any reason then it raises FileNotFoundError
exception which mask the original source of the problem and makes
debugging of the issue more difficult.
Fixes:
Exception: FileNotFoundError: [Errno 2] No such file or directory:
'/codebuild/output/src1899304708/src/build/tmp-container/work/core2-64-oe-linux/emqx-bin/4.3.12/recipe-sysroot/etc/passwd'
(From OE-Core rev: 17c8560f323d619b4a98d2276b4c0bf04c8196fd)
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4ad9a0e0b11eb7bc5a3dd45fc8945e094ea949e9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixed:
1) $ bitbake virtual/kernel -cmenuconfig
Do some changes and save the new config to default .config.
2) $ bitbake virtual/kernel -cdiffconfig
The config fragment is dumped into ${WORKDIR}/fragment.cfg.
But the .config which was saved by step #1 is overridden by .config.orig, so
the changes will be lost if run 'bitbake virtual/kernel'
And the following comment is for subprocess.call(), not for shutil.copy(),
so move subprocess.call() to the correct location.
# No need to check the exit code as we know it's going to be
# non-zero, but that's what we expect.
(From OE-Core rev: 3647eb69038917971a9d8ca9553875adddcc893f)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6cccf6b02f92dad514e65fd779ff659b19eb6be7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
I'd meant to change the command timeout in the previous change, fix
the correct one.
(From OE-Core rev: 41ab062f0b711e30720d0e52aab79ef387ec4f28)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb991988cb23be2c8947171726ada321f27e6eed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
After the changes to improve this test, we keep seeing image testing ssh
failures, particularly on mips.
It looks like part of the problem is that on a loaded system, 5s is too short
for mips to reliably establish an ssh connection. I've seen logs where it keeps
timing out and fails to work, then the debug code successfully uses ssh later after
everything else fails.
Change the timings/retries to give slow platforms enough time to respond.
(From OE-Core rev: 5158ceb4179ec53e396a57068714aea7d81e3f59)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba64ccf3ad6e40461219b72d60eb0fe5cb38fddd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix int conversion related error during compilation
as some of the platforms where EGLNativeDisplayType
is an int instead of a pointer with GCC-14.
(From OE-Core rev: c1992859ad2284170e66769d59b342a58fa05700)
Signed-off-by: Purushottam Choudhary <purushottam27.kumar@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f71f4936a273262343e34f278e6cfcc1e419aea3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When LD_LIBRARY_PATH is set, post-relocate-setup.sh will fail and
exit properly. But such failure is ignored and the SDK installation
will continue and tell user that things succeed. This is misleading.
So exit immediately if post-relocate-setup.sh fails.
Fixes [Yocto #15586]
(From OE-Core rev: 0d75c64b6d4b57800c844993876840f281b877d9)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8e2dcc1f71aa33cc6e56dfdebebbe7ef010c944)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Switch to downloading the release tarballs from GitHub. Their CDN is
rock solid, and strace.io is hosted inside Russia which some networks
are blocking.
(From OE-Core rev: f0ae7467e194c79778a0561b4cd1eda99f9cc5a8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bbdbd6d943a64e5b0dae4c2ee705d017fb7ef80e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.
(From OE-Core rev: 111024b00dab52e6c1e382d931f97af4b90d7683)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d80e20d70d170397f9827c5a5fc75ad1f2e8cd94)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Currently weston 13.0.3 with neatvnc 0.8.1 does not compile when using
VNC:
| Dependency neatvnc found: NO found 0.8.1 but need: '< 0.8.0' ;
matched: '>= 0.7.0'
However weston upstream already increased the allowed version to 0.9.0,
since neatvnc 0.8.0 does not introduce any changes that breaks API used
by the VNC backend. Therefore, backport this patch.
(From OE-Core rev: fc88bc296fad8b016f7f8ebea4035becb70ac702)
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8516496018a3ee9e81a67d4682bf9784d0eab2bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
https://nvd.nist.gov/general/news/cvss-v4-0-official-support
CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024
Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260
(From OE-Core rev: 7ce34ce58f83bc02fa2c04bec54e358e8614157e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 358dbfcd80ae1fa414d294c865dd293670c287f0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Added the "modified" field to the JSON export in the
cve-check.class. This field captures the last modification date of each
CVE, providing more detailed information on changes and updates within
the exported data.
(From OE-Core rev: 242bf4dcd4f85ec4d212fd68e060cf9fb307e96e)
Signed-off-by: Katawann <quent_55@hotmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 740b8a0b23c4021d07c3714420e3ea8b46e61454)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
bblock is a helper tool to lock/unlock tasks and recipes to specific
signatures. Add a documentation page for it.
(From yocto-docs rev: 5692ad6f023289dda63567c1f79132854ae3899d)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a082aa39840587d3af6c3f4a2c2747564ca37414)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Variables SIGGEN_LOCKEDSIGS, SIGGEN_LOCKEDSIGS_TASKSIG_CHECK and
SIGGEN_LOCKEDSIGS_TYPES are used to lock specific tasks to specific
signatures. They are used by bitbake -S <lockedsigs> and bblock, so add
documentation for them.
(From yocto-docs rev: 3351a0bdeddf7ea930ec9f80f596a9f11671775c)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 32e3995bed2836f549866ec3b8ad254bdda37dbf)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add sstate as an accepted word to avoid errors when runnign make
stylecheck.
(From yocto-docs rev: f196b33ebda35bce94c987892a6bf9fd9f58b670)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1c50726296e876747ea3f862729e953f025ce619)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
make sphinx-lint runs sphinx-lint on the whole documentation which can be
long and reports a lot or errors/warnings. Let's add a new
SHPINXLINTDOCS variable to allow specifying a subset, just as VALEDOCS
does. Keep variable assignment aligned and also use $(SOURCEDIR) by
default for SPHINXLINTDOCS and VALEDOCS variables.
Also update the README file and fix a typo in Link checking section
title.
(From yocto-docs rev: 46a9480f4904d00dbce103be52cf7dd4d14c27b9)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Tested-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 3dfe7b5c746af31de74f67cf88214e5d52bdb65d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
make stylecheck runs Vale on the whole documentation which can be long
and reports a lot of errors/warnings. We can run Vale on a subset using
the VALEDOCS variable, so update documentation to highlight it.
(From yocto-docs rev: ba8642cd423b59ecff5e74a0ed0469deef9f5d18)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Tested-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 262237f72534c983e178231cb6839ed69709c443)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Newer versions of Sphinx already define a :cve: role that points to
cve.org, instead of the role we defined in conf.py that points to
nvd.nist.gov.
Rename our role to :cve_nist: to avoid warnings (treated as errors).
This is also backwards compatible, meaning we can build the doc with an
older Sphinx if needed.
The file were automatically replaced with following command:
find . -name '*.rst' -exec sed -i 's/:cve:/:cve_nist:/g' {} \+
Suggested-By: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 1e5e574a6cdb6b086da2c5a981446b522e80cf2d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 15fa3b7e85dde50d7236c1738ad607531cc654b8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport the fix for glibc bug 32214.
The missing randomness in early boot may cause some systemd services
to fail when they occasionally try to create tempdirs like
/run/systemd/namespace-aaaaaa at the same time.
The error messages can contain things like
"Failed to set up mount namespacing".
(From OE-Core rev: 92cc48d51c763249b2eb8b4181bc20056fc72264)
Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
However, there are also vulnerabilities where the product is "libswresample",
and "libavcodec" as shown below.
https://app.opencve.io/vendors/?vendor=ffmpeg
Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
where the product is "libswresample libavcodec" as well.
(From OE-Core rev: 0b0299415ec719bb4c3764dfa0740e4ff6cc0362)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9684eba5c543de229108008e29afd1dd021a9799)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
