Remove obsolete comments/data from the file. Add in three CVEs to ignore.
Two are qemu CVEs which upstream aren't particularly intersted in and aren't
serious issues. Also ignore the nasm CVE found from fuzzing as this isn't
a issue we'd expose from OE.
(From OE-Core rev: 68291026aab2fa6ee1260ca95198dd1d568521e5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use python 'with' symantics to ensure that the /proc/pressure/cpu file
descriptor used in SystemStats init is closed. Previously, this would
lead to a single file descriptor being leaked. For example:
ResourceWarning: unclosed file <_io.BufferedReader name='/proc/pressure/cpu'>
(From OE-Core rev: 643653160cd77d346cdc9b9ec25c7212c7dfe176)
Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need sftp so that scp works with recent openssh. Use the packagegroup
instead of a direct dependency to ensure this.
(From OE-Core rev: 2b76c8e5fc8802bbe54371119e6bf6312bf2a8ec)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The cve-check class writes temporary files to preserve state across the
build, and cleans them up in a CookerExit handler.
However, in memory-resident builds the cooker won't exit in between
builds, so the state isn't cleared and the CVE report generation fails:
NOTE: Generating JSON CVE summary
ERROR: Error adding the same package twice
Easily solved by hooking to BuildCompleted, instead of CookerExit.
(From OE-Core rev: fccdcfd301de281a427bfee48d8ff47fa07b7259)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is fixed in 2.4.2, which we have, but the complex CPE in that CVE
isn't parsed by cve-check correctly so it thinks that we're vulnerable.
(From OE-Core rev: b40dd920f8b40eabe78db363249257818c63c074)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2022-29458
(From OE-Core rev: 6032a1049d4693f17ab7f4b67f9b22719decadde)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The license checksum changed due to a major version change in the referenced file.
(From OE-Core rev: 89f34d8aa4f4572d048dbb732ca4c83d443157fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit bd36593ba3db758b3eacc974e48468a665967961 did introduce a
regression when building package rust-cross-canadian-aarch64
on a x86_64 host. This commit will fix that configuration.
Suggested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: ef566af964e9f9d2c440a3b5771ed801216f30f9)
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
New features
------------
Add support for curves Ed25519 and Ed448, including export and import of keys.
Add support for EdDSA signatures.
Add support for Asymmetric Key Packages (RFC5958) to import private keys.
Resolved issues
---------------
GH#620: for Crypto.Util.number.getPrime , do not sequentially scan numbers searching for a prime.
(From OE-Core rev: 5ed8d56bfcc5b38746d27585e064ff2a0489c1c0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
The NumPy 1.23.0 release continues the ongoing work to improve the
handling and promotion of dtypes, increase the execution speed, clarify
the documentation, and expire old deprecations. The highlights are:
Implementation of loadtxt in C, greatly improving its performance.
Exposing DLPack at the Python level for easy data exchange.
Changes to the promotion and comparisons of structured dtypes.
Improvements to f2py.
(From OE-Core rev: 8ac4f77e10b5c73b05c06a712b4c4eccd7681762)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
Again works on RHEL/CentOS 8 (0.27 broke there), now in CI
Avoid glib GI dependency for main dbusmock, for running in virtualenv
(From OE-Core rev: f56350997a8e4678d14abe798d6eb2356b061147)
(From OE-Core rev: e14def00341b3f2f03e9fc8857aa804daaf329e9)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog
=========
Fallback count=”other” format in format_currency() (#872)
Fix get_period_id() with dayPeriodRule across 0:00 (#871)
Add support for b and B period symbols in time format (#869)
chore(docs/typo): Fixes a minor typo in a function comment (#864)
(From OE-Core rev: 57fe354881a31b8a60d32db4aa561e22fc7bf0a5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This release is the first release of chardet that no longer supports Python < 3.6.
License-Update: Adjust document format, change "St" to "Street"
(From OE-Core rev: d8bc9503058b067d4157b9177c16d06136918071)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The last time of sampling would be updated within the SystemStats class
but not re-recorded into the datastore, leading to multiple samples being
collected in the same second in the sample function of buildstats.py.
Fix this to collect and store only one sample per second within a
certain tolerance to deal with variation in the arrival time.
This fix elimates the spikiness of sampled data, in cases where the difference
between the current and the last sample is taken. Previously, since many
samples per second were recorded, certain types of data would result in a
very small elapsed time and hence a small numerical difference. For example,
the CPU usage from /proc/stat is a running total of usage and taking the
difference between data collected 0.1 seconds apart would result in usage
appearing lower than it actually was.
(From OE-Core rev: 0e2df45ab066bb4ad2c4f8622ee9c1a8ecdea9cb)
Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add two new, separate charts showing the avg10 and delta
total pressure over time for the CPU and IO resources. The height of
the avg10 data in each chart represents the percentage of time "some"
task was delayed over the specific resource during the last 10
seconds of the build. The height of the delta total data in each chart
represents the total time "some" task was delayed since the last sample
was collected. If the reduced_proc_pressure data is not present in the
buildstats log, then the new charts are not shown at all rather than
being present but unpopulated.
Note that the delta total graphs may appear "spikey",
oscillating from high values to low. This behaviour is fixed in a
subsequent commit.
(From OE-Core rev: fb9ff46dc3059cb3f4c8df8e4654184c3eab1571)
Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The Linux pressure monitoring system helps determine when system resources
are being overutilized by measuring how contended the CPU, IO and memory are.
This information can be found under /proc/pressure/ which contains 3 files -
cpu, memory and io. In each of the files, the format is as follows:
some avg10=70.24 avg60=68.52 avg300=69.91 total=3559632828
full avg10=57.59 avg60=58.06 avg300=60.38 total=3300487258
The "some" state of a given resource represents when one or more tasks are delayed
on that resource whereas the "full" state represents when all the tasks are
delayed. Currently, we only collect data from the "some" state but the
"full" data can simply be appended to the log files if neccessary.
The "avg10", "avg60" and "avg300" fields represent the average percentage
of time runnable tasks were delayed in the last 10, 60 or 300 seconds
respectively. The "total" field represents the total time, in microseconds,
that some runnable task was delayed on a resource.
More information can be found at:
https://www.kernel.org/doc/html/latest/accounting/psi.html
and in the source code under kernel/sched/psi.c
This commit adds functionality to collect and log the "some" CPU, memory and IO
pressure. The "avg10", "avg60" and "avg300" fields are logged without change.
In place of the "total" field, the difference between the current "total" and
the previous sample's "total" is logged, allowing the measurement of pressure
in between each polling interval, as was done for /proc/stat data. The log files
are stored in:
<build_name>/tmp/buildstats/<build_time>/reduced_proc_pressure/{cpu,io,memory}.log
mirroring the directory structure of /proc/pressure. If the /proc/pressure
directory does not exist or the resource files can't be read/opened, the
reduced_proc_pressure directory is not created.
(From OE-Core rev: 061931520b8baa7f3a03bf466aa9ec8bf995bc14)
Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Switch the default DEPENDS for ${PN}-dev to be a RRECOMMENDS instead. This
takes advantage of a change to complmentary package globbing to not follow
RRECOMMENDS and means and SDK for an image with both openssh and dropbear
compoments will now build successfully.
(From OE-Core rev: 6f28420ab0e8f2ab5eb06326024777a40aded0a6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is a pattern that several recipes need to break the dependency of ${PN}-dev
on ${PN}, most often as ${PN} may be be empty. Add a new variable to parameterise
this and allow it to be changed more easily.
(From OE-Core rev: a5b381c0f45c590a762647a9956a8f41e2e2315e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We've some long standing bugs where the RDEPENDS from -dev packages causes
problems, e.g. dropbear and openssh components on an image working fine together
but then the SDK failing to build as the main openssh and dropbear packages
conflict with each other (pulled in by openssh-dev and dropbear-dev).
We propose changing the behavour of complementary package installation to
ignore RRECOMMENDS. If we then change the ${PN}-dev dependency on ${PN}
to a RRECOMMENDS, we can avoid many of the issues people run into yet still
have the desired behaviour of ${PN}-dev pulling in ${PN}.
This therefore changes the package manager code so that it doesn't follow
RRECOMMENDS for completementary package globs.
[RP: Added deb support]
(From OE-Core rev: b44b0b9294675f89aa51ff84f532664f4c479677)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Seems sad to have to do this but openssh is moving to use sftp instead
of scp to move files. This means scp from Fedora 36 will no longer be
able to move files to/from a dropbear based image. This breaks a number
of our key QA tests and I suspect will cause users pain too.
The sftp server from openssh is small (200kb uncompressed) and standalone
so adding it to the packagegroup seems to be the best way to preserve user
sanity. If people really don't want it, they can just use dropbear instead
of the packageground.
(From OE-Core rev: a98188e83b2c027d99cc38e3367e1ec2a98efbb0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The original site went down, and at is more or less
maintained in Debian anyway; the tarballs are identical in name
and content.
(From OE-Core rev: 5fcf9e5c368188e920a995492b342012cbc7016d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With nodejs 16, the simple 'npm cache add' approach does not work
anymore because its fetcher implementation downloads also meta
information from the registry.
We have to generate these information and add them to the cache.
There is no direct support in 'npm' for task so we have to implement
it manually.
This implementation consists of a openembedded python module (in
oe-core) and a nodejs version specific helper (in oe-meta).
(From OE-Core rev: 019b9c341d539939098962c228c1fd5c99331312)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Helper module to:
- generate meta information from package.json content. This data has
a format as provided by https://registry.npmjs.org
- put this meta information and the corresponding tarball in the
nodejs cache. This uses an external, nodejs version specific helper
script (oe-npm-cache) shipped in oe-meta
To avoid further nodejs version dependencies, future versions of this
module might omit the caching completely and serve meta information
and tarball by an http server.
(From OE-Core rev: 6cd5886ad05fee704e8a5892bd370c360c8c3b54)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We know the content of 'package.json' from earlier patches; there is
no need to parse the tarball name to extract the version.
(From OE-Core rev: f553e528e76f7e3925ed1c0950d96e73aec37da9)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have to read 'package.json' to calculate the name of the tarball.
This content is interesting for later patches.
(From OE-Core rev: d67367e389c492ae90f9021066d6a4d5ebcf68e5)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'npm pack' is a maintainer tool which tries to execute 'prepare'
and similar scripts. This fails usually in OE because it requires
completely installed 'node_modules'.
Earlier nodejs versions supported an undocumented 'ignore-scripts'
option. This has been removed in nodejs 16.
We could patch 'package.json' and remove the unwanted scripts. But
this might complicate local workflows (applying patches) and installed
packages will contain the modified 'package.json'.
Instead of, package it manually by 'tar czf'. As a sideeffect,
'do_configure' is running much faster now.
(From OE-Core rev: 68b480d64ffb6750699cc8fa00d2ac0bc6a2e58a)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PACKAGES uses ${PN}-dev so be consistent with the addition to the
variable to avoid weird variable conflicts.
The flags variable used here is messy, key expansion and overrides are
not supported by flags. The plain variable access does happen to work
though, so leave it as is for now and note.
(From OE-Core rev: a5edae117d0d2a59fd3456ccbeeb6cd35dd1951f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
idna was removed in 3.1, asn1crypto in 2.8, six in 3.3.1; setuptools
never appears to have been a runtime requirement. With these removed the
recipe both builds and passes ptest:
===== 2824 passed, 52 skipped, 85319 subtests passed in 3932.89s (1:05:32) =====
Also drop redundant ${PYTHON_PN}-setuptools-rust-native DEPENDS as this
comes from python_setuptools3_rust.bbclass.
(From OE-Core rev: 4907bf80e6d3e98c005bcfbc690b75fab104c166)
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This release has:
* SBI PMU improvements
* RISC-V AIA v0.3.0 draft support
* Simple external interrupt handling framework
* Xilinx UART-Lite driver
* RISC-V privilege specification v1.12 support
* RISC-V Svpbmt extension support
* RISC-V Smstateen extension support
* RISC-V Sstc extension support
* RISC-V privilege specification version detection
* Platform callback to populate HART extensions
* Compile time C arrays support
* Probing FDT based drivers using compile time C arrays
* SBI HSM improvements
* Allwinner D1 platform support
* Trap redirection improvements related to [m|h]tinst CSR
* SBI v1.0 specification support
Overall, this release mainly adds support for various RISC-V ISA
extensions ratified in December 2021 along with other improvements.
(From OE-Core rev: 337da2a521b060c72375279dac20bc8e3878926e)
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The test for obsolete licenses used in INCOMPATIBLE_LICENSE_EXCEPTIONS
tried to match the "<package>:<license>" tuples with the obsolete
licenses and thus never matched anything.
(From OE-Core rev: 3ad994d95815eefed2a72b675c7a323b3ed38191)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The '.include' syntax has been dropped from latest systemd releases,
we need drop the systemd-udevd.service here, introduce a postinst
function to add "MountFlags=shared" to systemd-udevd.service.
Also lsblk binary is being called in mount.sh automount_systemd
function, add it to RDEPENDS.
(From OE-Core rev: 356520d60b9429c6f62124821e42468ff2b7b1d6)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix some hyphens being improperly used as em dashes.
See https://www.grammarly.com/blog/hyphens-and-dashes/
Using em dashes may also allow Sphinx to hyphenate
and break lines in the best way.
Note that the first character after an em dash not
supposed to be capitalized, unless a specific
rule applies, typically when what follows is a proper noun.
Fix a few misuses of parentheses in following text.
(From yocto-docs rev: 5918f019f63f6e820b1168f4cc001faa1d1cdc6f)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make DISTRO_FEATURES description more explicit by specifying
that DISTRO_FEATURES alone can't select build configurations,
and need mechanisms like PACKAGECONFIG setup to take care of
selecting build configurations.
Signed-off-by Aatir Manzur <aatrapps@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
(From yocto-docs rev: 4b39a4434ee658512050c50f6ebd5ad5dc900fb1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I realised only the first logging message was being displayed in a given
parsing process. The reason turned out to be the UI handler failing
with a "pop from empty list". The default handler was then lost and
no further messages were processed.
Fix this by catching the exception correctly in the connection writer code.
(Bitbake rev: d3e64f64525187f1409531a0bd99df576e627f7f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recent change enabling parallel make for ptest compile/install caused
autobuilder failures in these two recipes. Disable parallel make here
for now until someone can debug the race and get it fixed (preferably
upstream).
(From OE-Core rev: 12755e3e771eb2f1628e2b3dd7138c8766973d82)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fedora is switching to use sftp as the backend for scp. This means the
scp test fails on Fedora 36 hosts with a dropbear target as dropbear
doesn't support sftp. This change is in the upstream openssh code, other
distros have not yet changed the default but probably will follow.
The easiest way to resolve test failures in dropbear images is to stop
testing this against dropbear as it is no longer expected to work and will
likely spread as the change filters through other distros.
(From OE-Core rev: a71fc7d455400f406b0d607be712a1133fe91166)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Python 2.x has been EOL for a while, and so this test
never runs.
(From OE-Core rev: b687627e9cffb8123c156413f55ea1929f1a7831)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PARALLEL_MAKE is now honored in ptest.bbclass, so drop redundant
parameter from oe_runmake call.
(From OE-Core rev: 1e351aef06acd383bb5a57a6e0b8a23370d22152)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
