bind mounts don't use the SELinux label of the target, but the SELinux
label of the source.
This patch restores the SELinux context of the bind mount recursively using
restorecon.
(From OE-Core rev: 6f3e231dc9bc11772573bf9683de9804460362d1)
Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libcidn has been dropped since glibc 2.28
(From OE-Core rev: cf83790728ad569af01300f793754c0108c78b4e)
Signed-off-by: Fred Liu <yclw3d2y@live.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sort the list of files to ensure the pkgdata output is deterministic.
(From OE-Core rev: 82e683f8f9ae630dea46ec6be6e636e498579835)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
By enabling TPM support the boot will be measured into the TPM's
Platform Configuration Registers (PCRs).
(From OE-Core rev: e71280883c217d86b4636da6e549334183f1aff7)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recipe can't be built for riscv32 so exclude it alongside riscv64.
(From OE-Core rev: 61feb650ac450db0a30675fc40bb65fab773159a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The class adds an emtpy PACKAGES setting but most code now uses the
nopackages class which is much clearer. It also adds recursive do_build
dependencies which don't really serve any useful purpose any more.
Simplify the code and drop the class use.
(From OE-Core rev: 030d56e2e8ece93472adc51fe467221d846c9ac0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, if you change the site files, nothing rebuilds since they are
not accounted for in task checksums. They could/should be through the
file-checksums task flag. We need to cache all the files looked for,
whether the exist or not so that if they do exist and didn't,
the checksum also changes.
This gets complicated by the need to clean out hardcoded build
paths from the variable and that other layers can have site files.
This patch adds this functionality. A new variable, SITEINFO_PATHVARS
is added which controls which substitutions to make on the file-checksum
values to remove the hardcoded paths. Layers adding site files will need
to set this to a variable that has the layer path in it and is excluded
from task hashes (COREBASE is the one the core layer uses).
This patch will cause yocto-check-layer to fail for some layers
where site files are added yet the layer isn't a machine specific layer.
This is arguable correct since these additional site files apply to
all recipes and things from a layer like core could be changed by such
changes so it is right they should rebuild. There is a determinism issue
potentially there if not. meta-openembedded does have some such references
but looking at them they should move to core or likely just be removed as
most look obsolete anyway.
[YOCTO #13729]
(From OE-Core rev: 29daffc2410f06f36b779d5bf1fd1ef6e900ca8f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
sometimes we can find release tarballs from sourceforge are not fully
distributed along all download mirrors leading to fetching faiilures,
depending on what download mirror will be chosen by sourceforge
servers.
As the project moved to github anyway, it's better to pull the tarballs
directly from github releases - serving the very same static artifacts.
Add an override UPSTREAM_CHECK_URI to enable devtool upgrade checks
(From OE-Core rev: 9b5b797b0e9e6f2cb3e29be92c4f9b763c4a41e9)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The TPM2 support is used, among other things, for unlocking encrypted
volumes.
(From OE-Core rev: 7b7dfbfaedde775add3be7a3cb44b115d8ec5036)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
raw.h has been dropped in linux-libc-headers-5.14 leading to:
configure: error: raw selected, but required raw.h header file not available
WARNING: exit code 1 from a shell command.
(From OE-Core rev: 7f577c10913104860121f682b9b3754870c4db23)
Signed-off-by: MarkusVolk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the distro does not include the group 'wheel' systemd will
complain when trying to parse ACL rules for tmpfiles.d.
systemd-tmpfiles[273]: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Systemd has a configuration parameter to avoid using 'wheel'
group in the standard config files for tmpfiles. Add this as
a PACKAGECONFIG and enable it by default to keep default.
(From OE-Core rev: 1b5648e6aeb9837cb807ce086c26fbfaa16f6f8b)
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
/tmp is half that, and lttng-ptest writes just under 1G there
(and just over 1G on aarch64), so let's have a safe margin.
(From OE-Core rev: ef39039cac5819b2e1d65838367ff2be69eab4c2)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
(From OE-Core rev: 5ace3ada5c54500c71becc8e0c6eddeb8bc053e3)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If systemd is built with fdisk support[1] and the openssl and cryptsetup
PACKAGECONFIG are enabled, systemd-homed[1] is automatically enabled.
The org.freedesktop.home1.conf file was forgotten, so this commit adds
the file and make enabling homed a explicit choice.
systemd-homed.service and systemd-homed-activate.service have a Also= on
each other, so "systemctl" has been fixed to handle the circular
dependency.
userdb isn't strictly speaking needed for homed but "systemctl" can't
handle the missing unit file and upstream recommend enabling both[3].
[1] Automatically enabled if the fdisk dependency is installed which it
is as util-linux is pulled in by systemd
[2] https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html
[3] 871dc8d644
(From OE-Core rev: fff339b5bd7789db5d0c024fc84490ac17fa4fe9)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
"BSD" is ambiguous, use the precise license BSD-2-Clause-Patent.
(From OE-Core rev: 3e5c91e3517f15c25ecf56877a15962427dd0f3b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
readline uses ncurses for terminal capabilities database, but it fails to
specify it correctly in the pkg-config .pc file, resulting in:
Requires.private: termcap
As ncurses by default provides newer terminfo instead of termcap, there's
no termcap.pc in the system and pkg-config fails when linking with readline:
readline.pc X-> termcap.pc
Help configure script to set pkg-config to use ncurses for the correct
terminal capabilities database:
Requires.private: ncurses
This fixes pkg-config dependency chain:
readline.pc -> ncurses.pc -> tinfo.pc
(From OE-Core rev: b4364cc44ae47d3b41a4fd181c904ae97e213842)
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd-repart[1] is useful for partitioning the disk:
"systemd-repart grows and adds partitions to a partition table, based on
the configuration files described in repart.d(5)."[1]
openssl is required by repart, so it can be enabled like so:
PACKAGECONFIG += "openssl repart"
[1] https://www.freedesktop.org/software/systemd/man/systemd-repart.html
(From OE-Core rev: a9fb51b75d4536d13734d91222bb0bc612555ae2)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 91cd1ef01a3f3883c04bac67af2672ec60e20fb8)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
(From OE-Core rev: 93ac180d8c389f16964bce8bd5538d9389e970e6)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kernel commit 12dd461ebd19 ("crypto: arm64 - generate *.S by Perl at
build time instead of shipping them") uses perl to generate assembler
files for crypto functionality, which relies on the integer.pm module to
be provided.
Add perl module to package group and export it in SDK.
(From OE-Core rev: 9f4c95a874f6a463b7d56bacea9ba321e29499f9)
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop upstream patch
This brings in following fixes
* 3f701faa (upstream/master, origin/master) fix libc-internal signal blocking on mips archs
* 0fbd7d66 fix broken struct shmid_ds on powerpc (32-bit)
* 4f3d346b math: fix fmaf not to depend on FE_TOWARDZERO
* 937822ab fix TZ parsing logic for identifying POSIX-form strings
* 1f0c7cb1 riscv: rename __NR_fstatat __NR_newfstatat
* d8cb888d remove return with expression in void function
* b7a130e0 remove unnecessary cast for map_library return
* bd3b9c4c add pthread_getname_np function
* e1a51185 fix popen not to leak pipes from one child to another
* e74acd59 remove spurious lock in popen
* 9a40e842 define __STDC_UTF_{16,32}__ macros
(From OE-Core rev: da8fcd0155f1cf3394d0886c940bee77669009d4)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since upstream commit [d8ea0d0168 Add an internal wrapper for clone, clone2
and clone3] applied, start a unprivileged container (docker run without
--privileged), it creates a thread failed in container.
In commit d8ea0d0168, it calls __clone3 if HAVE_CLONE3_WAPPER is defined. If
__clone3 returns -1 with ENOSYS, fall back to clone or clone2.
As known from [1], cloneXXX fails with EPERM if CLONE_NEWCGROUP,
CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID, or CLONE_NEWUTS
was specified by an unprivileged process (process without CAP_SYS_ADMIN)
[1] https://man7.org/linux/man-pages/man2/clone3.2.html
So if __clone3 returns -1 with EPERM, fall back to clone or clone2 could
fix the issue.
(From OE-Core rev: 234a3e84640c1bb6df5fa4d3d7089a854b19d108)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- update to next stable version 1.34.0
- refresh defconfig
- remove and refresh already merged patches
(From OE-Core rev: d0e694ef4ec7bd862bdefee494210e3878152b44)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When pam is enabled, it complains installed-vs-shipped QA issue:
| ERROR: libcgroup-2.0-r0 do_package: QA Issue: libcgroup:
Files/directories were installed but not shipped in any package:
| /lib/security/pam_cgroup.a
(From OE-Core rev: 21eccd79bdaa93b407da9cf0902d57fd225141ee)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop merged 0001-correctly-use-3-parameters-for-close_range.patch
(From OE-Core rev: 592335a75dbf28d2e3c5f0c62ad96d38420ae1f9)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch changes are all git rearranging chunks on rebase; there are no functional changes.
(From OE-Core rev: 88cfba0762fe3bb6f593901f9a673b373534b756)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
file /usr/include/bits/pthread_stack_min.h conflicts between attempted installs of libc6-dev-2.34-r0.aarch64 and lib32-libc6-dev-2.34-r0.armv7ahf_neon
(From OE-Core rev: 40d131ff65d36022ca604d1153c5948eb888a2e3)
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Our UPSTREAM_CHECK_URI was looking at SourceForge, but development has
moved to GitHub so update the URI.
Update to 2.0.
Swap musl-decls-compat.patch for a backport of an upstream commit.
Replace do_install commands with a backport of an upstream commit to
install the PAM module correctly.
Don't mess about installing the library into base_libdir as the /lib vs
/usr/lib prefix split is moot these days.
Delete libcgroupfortesting.so as we don't install the test suite.
(From OE-Core rev: 466c1c674e3da1fdbe1eae1cd90637d79a1500f5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In glibc 2.34, the libraries libpthread, libdl, libutil, libanl have
been integrated into libc. To retain compatibility with old binaries the
shared libaries are still shipped but are empty, and to keep software
building there are empty static libraries.
However, these static libraries get packaged into glibc-staticdev (as
they should be), but by this design they should be in glibc-dev.
https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html
(From OE-Core rev: f42658198193dcf88814513e1fa09bf484777079)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
https://gitlab.freedesktop.org/dbus/dbus/-/issues/1986072f8b241
Currently, if the "dbus" security class or the associated AV doesn't
exist, dbus-daemon fails to initialize and exits immediately. Also the
security classes or access vector cannot be reordered in the policy.
This can be a problem for people developing their own policy or trying
to access a machine where, for some reasons, there is not policy defined
at all.
The code here copy the behaviour of the selinux_check_access() function.
We cannot use this function here as it doesn't allow us to define the
AVC entry reference.
See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2
(From OE-Core rev: 0441b53d55a919b5ac42e997f4092053b017b553)
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a time that util-linux requres asciidoctor to be there
to have man pages. However, now the tarball ships generated man
pages and will use them. So add back the related settings. Otherwise,
we get the following error when enabling 'doc-pkgs' image feature.
+ update-alternatives --install /usr/share/man/man1/kill.1 kill.1 /usr/share/man/man1/kill.1.procps 200
update-alternatives: Error: not linking /.../tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/rootfs/usr/share/man/man1/kill.1 \
to /usr/share/man/man1/kill.1.procps since /.../tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/rootfs/usr/share/man/man1/kill.1 exists and is not a link
(From OE-Core rev: 3d66fcc425495b5b68caf1a63c7118c692236cc4)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Switch the default PACKAGECONFIG for compression feature from xz
to zstd. zstd is significantly faster than xz with only slightly
worse compression ratios. It is therefore much better suited for
activities like systemd-journald.
(From OE-Core rev: b1558bb058243f3a3de600ef5cf04bfaeac4fdeb)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd supports using zstd compression for journald and core files.
Add the necessary PACKAGECONFIG to enable zstd.
(From OE-Core rev: 0e0f8b708beeb1f6add5168b92a5a6a2c8ce96cd)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for selinux rather than disable it directly. This is
useful for selinux distro feature.
(From OE-Core rev: a4544876ad08c5169c07c49d351bedf6f2a16ce4)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for audit and selinux rather than disable them
directly. This is useful for selinux distro feature.
(From OE-Core rev: 139e9a0fe59413fc98f1fb6112765a7a40192a4f)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a testsdk task, which is essentially the same as testsdk.bbclass but
the test case directory is changed. This lets us exercise the
buildtools tarballs at build time.
(From OE-Core rev: 39a0e45ced42826832f84cfbf1cf50ed7c334997)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
