Update the section on describing the Beaglebone contents to reflect
the current content in the meta-yocto-bsp layer.
(From yocto-docs rev: 8ebcf1ea8e4add4045f643bde3bb48d5ff560497)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit bd5be9cc9d5aa7cca63877f3a22089c9dc02f135)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
In the intro to the BSP guide, mention that a BSP layer might also
contain content related to the bootloader and device tree files.
(From yocto-docs rev: ba48bdeee06522d7334ccb624053f4f363556a15)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a6eca1e7c67225de8b32638b4ba10aa73efe5030)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Minor rewording in two places.
(From yocto-docs rev: d08a1381231b068461f39de47154e971c71acd52)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 382f2cbea16efc13a1bcf14a3276add8aabeec4e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The Recipe Style Guide makes it clear that you can't have hyphens in
the version part of a recipe file name.
(From yocto-docs rev: 935bdb0d03bdb3f186ffd36faf37d5255a5b9522)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b9c7aa835576f154dff1c565e835bffd298af7c3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Obviously, this sentence should say "colon", not "semi-colon".
(From yocto-docs rev: f87c6ee9a2965b2978b93ccfd76dce0cb853bd9f)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 837e4de00f67b87c60faf21aab2dee913ba813b0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Even though it's mentioned a little earlier on that same page, when
defining the properties of a "Distro Layer," remind the reader that
"meta-poky" is an example of such a layer.
(From yocto-docs rev: 27a3d7d4c30f2957661d00455c15f830e1281bb9)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 4c57f21b681ca92e89903a79b2404132d5b00f10)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Similar to :yocto_bugs: but directly create a hyperlink to the bug
displayed with its identifier. Use as :yocto_bug:`12345`.
(From yocto-docs rev: a84f0e63550c2c72497c5b563f72fcfa16c3ee8f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 24e227262df909353ef8874335cdeb114b9d4203)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Defines three new bitbake_path, meta_yocto_path, and oecore_path roles
that can be used to quickly reference a file or directory in one of
those repositories and link to our web interface for the path, e.g.
:oecore_path:`meta/conf/bitbake.conf`.
(From yocto-docs rev: cc2bb929002ed29fdb2601cf02f47de315656d27)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 89cf4b98686f6f353811d444f36848410ffd2929)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Use the extlinks extension to create new roles to quickly reference a
commit from openembedded-core, bitbake, or meta-yocto.
For example, use as: :oecore_rev:`437e0419608e`.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 54cd2278e9f72837013831b6ce6d4aff61982899)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 79552b4a764d16282a86c8e017270a258a26240e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
(Bitbake rev: d0bc6eafbefcbc20657028640cd1e17584434ad3)
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 16ef07c851f3438c0e6034b9a2fe2c708b766aa2)
[YC: migrated some more hash values with new_value = sha256(old_value)
matching what was done in the original patch]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Use cpio --no-absolute-filenames when unpacking RPM and SRPM archives so
absolute paths and parent-directory components in cpio member names are
extracted relative to the intended unpack directory.
(Bitbake rev: 37beb06ba9329cd16976273efbb341f781d4e749)
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b1a71586aa93678c1d9ca40ef2c6fa518f89356)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
BB_GIT_SHALLOW_EXTRA_REFS can include wildcard entries. Matching refs
advertised by the remote are later passed to git fetch and update-ref
while creating shallow tarballs.
Quote the generated command arguments and pass the fetched ref after --
so shell metacharacters and option-like ref names are not interpreted as
command syntax or git fetch options.
(Bitbake rev: 6d3f8bd4ddc955b49eaa124e0724ea589da30646)
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9a06f79d9ec767c9d95470be78b006d6fd0d59c)
[YC: Only the quote part of the master patch applies.
The "--" part does not. This part is handled by bin/git-make-shallow
which only pass arguments to git rev-list and rev-parse through arrays]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The striplevel URL parameter is appended to tar_cmd, which is later run
through the shell. Validate it as a decimal count before using it in the
tar arguments.
(Bitbake rev: 3a8937cc4b6513f9ed54fee0b0347589a892c8d7)
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 934fe718bfe29c7ec921e6b598d81ec2ebe8f7c7)
[YC: Removed the striplevel="1\n" subtest case. The URL-decoding regex
in decodeurl uses `.*` without `re.DOTALL`, causing literal newlines in
parameters to be silently truncated during parsing.]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The deb/ipk unpack path selects a data archive member from 'ar -t'
output and then passes that member name to a shell command. Previously,
any member beginning with data.tar. was selected.
Only select known deb/ipk data archive member names when datafile is
created. Quote the package path used in the shell command as it can come
from the local fetch path.
Add local fetcher regression coverage for quoted package filenames,
valid compressed data members, and unsupported or unsafe data member
names.
(Bitbake rev: a32064d0f10b9f5a163a25f410a4e39dccf9cb93)
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 73ae3a2447ec93df39bc66cf3d8f9b2ea1bfe3bf)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Correct "maintainance" typo in recipe-style-guide.rst.
(From yocto-docs rev: f39ba5141cd518f08d491b2255a4acd74442e87b)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit d7376cca64a0784e59d4fd60b9baefb4da2ce289)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
As with "setup" versus "set up", the pedants at grammarist.com explain
that "checkout" is used as a noun or adjective, while the
corresponding verb is two words, "check out."
https://grammarist.com/spelling/checkout-check-out/
(From yocto-docs rev: 85852e0a1e5ddf034cff979329591af786967beb)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1d5f0fea4e150be0ef9b10d5733eeaba06c78e6f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Tweaks:
- Update "Software Overview" link to go to "Technical Overview"
- use proper capitalization for "Git" when referring to the product
- numerous grammar adjustments to basic skills list
(From yocto-docs rev: 9b440c5116828f131a304b77f5da8c98c0d27c62)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit ffd69f11172c2b0d8f52bd967c7983220d133e0d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Tweaks:
- grammer adjustments
- hyphenation
- monospace font for layer and file names
(From yocto-docs rev: 8e98a7264bf9d0d975b5c8fb2062ed907273ff5c)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 801f719458d0d9670debad4ddc379e3ade4d85f9)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Delete inconsistent periods in software versions list so it doesn't
look weird.
(From yocto-docs rev: a106dea889259a872fdbe69215fe4de740bc49f4)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 94ebe744d0e95672456b8157daf0ffba333397bd)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
When referring to buildbot, add a link to its home page.
(From yocto-docs rev: 40b6f86daea61e545d94e92b8eed11c8038573ad)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 7a9247175e1afc74371708d4bad629941477eb57)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
There seems to be be little value in continuing to point readers to
two references, one almost a decade old, the other almost 15 years
old, especially in the middle of a guide that ostensibly is part of
the introductory material.
(From yocto-docs rev: eb92a7cc3fe7772f202e9955974d79b359a257d7)
Signed-off-by: Robert P. J. Day <robday@acresecurity.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 5b4ffc020a9b0c7a877c119058cd43a51f91687f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Fix the title and link so it goes directly to the
Technical Overview.
(From yocto-docs rev: 1ba3a389b47188b6c664ae3a0bee7ca70e462650)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0143b586572e15cac438f0fa6f3c1e7446597020)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Two of the tests were still using git protocol to access git services.
For the submodule test, the upstream repo has been updated.
In the other case, we need to pass the correct command to the manual
git commandline, we can't use a recipe url that previously just happened
to work.
(Bitbake rev: 82abbfcdbda949851a03bb2cb2049ea689564ad6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5d722b5d65e4eef7befe6376983385421e993f86)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
We create a temporary directory for holding a clone but we never clean it
up. Fix this by using a context manager areound the temporary directory.
This resolves a buildup of tmp directories in DL_DIR in builds.
(Bitbake rev: 1a62878a790ed9630d5ca2fa099d1604540e153a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Fixes [YOCTO #16265]
The glibc recipe is supposed to be building with
--enable-stack-protector=strong, but some CACHED_CONFIGVARS values are
actually breaking this, causing glibc to be built with no stack
protector at all.
Remove these CACHED_CONFIGVARS values so that stack protector support is
detected properly in do_configure and then enabled properly during
do_compile.
Full details are here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=16265
(From OE-Core rev: 7952d214393b6c5230ba115f63b6f6d245a728bc)
Signed-off-by: Ivan Nestlerode <ivan.nestlerode@sonos.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43f0602ede37428f3c35cf665bba934b84355240)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This stops 'devtool modify foo' from failing with an error message like
ERROR: Execution of 'git -c user.name=\"OpenEmbedded\" -c
user.email=\"oe.patch@oe\" commit -q -m "Initial commit from upstream at
version 1.90.0"' failed with exit code 128:
error: cannot run ssh-keygen: No such file or directory
error:
fatal: failed to write commit object
when GPG signing is enabled in the git configuration.
(cherry picked from commit b5c84b07b87eafb4f68f7662b6cf26d8b73e3247)
(From OE-Core rev: bbe0df71933174d8becc52184cd235277f10a141)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This removes rust uutils coreutils CVEs from reports.
Comparing sbom-cve-check shows that only
CVE-2026-35338..CVE-2026-35381 are removed and all of them contained
reference to uutils.
(From OE-Core rev: 348391ccf91ac474252f75a5679fc42505faa54d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 5c39687f62e5864ea783cbed497c2eb5387dcf96)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
[ Upstream commit 42b530581f7246b3143ee50e3c6f981dcbb1dc74 ]
Grub would report an error message in boot stage as below:
"error: no such device: ((hd0,gpt1)/EFI/BOOT)/EFI/BOOT/grub.cfg"
Consequently, the root variable is not set, and the intended protection
against cross-device configuration loading (the purpose of the original 2014 commit)
is lost.
The most robust fix is to use the --hint parameter.
This separates the search target from the device hint, avoiding
fragile string concatenation and supporting both prefixed and
non-prefixed $cmdpath formats.
Fixes: 5ce73b6055ac ("grub: add cmdpath to grub configuration file")
(From OE-Core rev: 2f509e353e2fc04923fc742312c81ed69b419643)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
The code defines a custom 'bool' type (as an 'int'), which is incompatible
with C23 in which bool is a keyword, and trying to use <stdbool.h> fails
because 'int' and 'bool' are used interchangeably in the code.
Add the flag to CC variable, since CFLAGS is used by both c and c++ compilers
and clang++ is less forgiving when C compiler only option is used on its
cmdline so it complains about -std=gnu17 and bails out.
(From OE-Core rev: 0647201fb4729be3b10b3da2b19645c59147b40a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 49657089ef215824f8f79a81deb7baf4f27d0030)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
- Keep both the older deprecated debian:apt alias and the active
debian:advanced_package_tool identity in CVE_PRODUCT.
- This preserves completeness and avoids missing CVEs in case older
aliases are still used in NVD records.
(From OE-Core rev: 28d3ab81b9386bda16e196ed2934967843413186)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c777220ee5740b800f4128da79c24f7e42c7b88)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
[FT: Rebase onto scarthgap-next]
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
According to [1],
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of
Sensitive Information to an Unauthorized Actor” by local access. Successful
exploitation of this vulnerability will lead to possible information disclosure
or escalation of privilege and impact Confidentiality.
Backport a patch [2] from upstream to fix CVE-2024-38798
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-38798
[2] 0cad130cb4
(From OE-Core rev: ed444adf325d3a985ed8f9ae0a009ecbaf67c3fd)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
According to [1], EDK2 contains a vulnerability in BIOS where an attacker may
cause “ Improper Input Validation” by local access. Successful exploitation of
this vulnerability could alter control flow in unexpected ways, potentially
allowing arbitrary command execution and impacting Confidentiality, Integrity,
and Availability.
Backport patches from upstream [2] to fix CVE-2025-2296
Note: backport 0001-AmdSev-Halt-on-failed-blob-allocation.patch to apply
the CVE patches without confliction
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2296
[2] https://github.com/tianocore/edk2/pull/10628
(From OE-Core rev: 09be6658833e7ac4143eeb26bdaf67c6c94e260a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
According to [1], Improper access control for volatile memory containing boot
code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019,
IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker
to execute arbitrary code.
Backport a patch [2] from upstream to fix CVE-2025-24857
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-24857
[2] 87d85139a9
(From OE-Core rev: 6f69c878896b536f5f7b16c566d420e188c82c7f)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
