Peter Korsgaard [Fri, 9 Mar 2018 14:30:43 +0000 (15:30 +0100)]
utils/scanpypi: correctly handle license dirs in subdirs for .hash files
create_hash_file() used basename(licensefile) when it writes the entry for
the license file in the .hash, which is obviously not correct when license
file is locate in a sub directory.
Instead copy the logic from __create_mk_license() to strip the directory
prefix from the absolute filename instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Carlos Santos [Fri, 2 Feb 2018 15:56:11 +0000 (13:56 -0200)]
tpm2-tss: new package
OSS implementation of the TCG TPM2 Software Stack (TSS2). This stack
consists of the following layers from top to bottom:
* System API (SAPI) as described in the system level API and TPM command
transmission interface specification. This API is a 1-to-1 mapping of
the TPM2 commands documented in Part 3 of the TPM2 specification.
Additionally there are asynchronous versions of each command. These
asynchronous variants may be useful for integration into event-driven
programming environments. Both the synchronous and asynchronous API
are exposed through a single library: libsapi.
* TPM Command Transmission Interface (TCTI) that is described in the
same specification. This API provides a standard interface to transmit
/ receive TPM command / response buffers. It is expected that any
number of libraries implementing the TCTI API will be implemented as a
way to abstract various platform specific IPC mechanisms. Currently
this repository provides two TCTI implementations: libtcti-device and
libtcti-socket. The prior should be used for direct access to the TPM
through the Linux kernel driver. The later implements the protocol
exposed by the Microsoft software TPM2 simulator.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
v2.0.0 has been released after commit 1d949e4bf79b694ea883c325f5813e87ddc2a687, which we currently use, and
it has the advantage of fixing the build with recent versions of czmq.
Yann E. MORIN [Mon, 26 Feb 2018 17:47:21 +0000 (18:47 +0100)]
package/linux: drop useless intermediate DTS booleans
Just use whatever the user specified in the list. An empty list means no
DTS was specified.
No need to add legacy option, as the behaviour does not change.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Simon van der Veldt <simon.vanderveldt@gmail.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Joshua Henderson <joshua.henderson@microchip.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Timo Ketola [Thu, 8 Mar 2018 07:22:05 +0000 (09:22 +0200)]
fbgrab: add patch fixing pixel format report
When verbosive, fbgrab reports pixel format. Green and blue offset and
msb_right fields are accidentally swapped there. This commit adds a patch
which straightens them up.
Yann E. MORIN [Wed, 7 Mar 2018 21:51:24 +0000 (22:51 +0100)]
support/check-bin-arch: exclude kernel modules for merged /usr
When using a merged /usr, the kernel module path is really
/usr/lib/modules, as /lib is a symlink to usr/lib .
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages (mostly, out-of-tree) may want to install binary blobs for
another architecture, outside the locations we currently exclude, like
in /opt or whatever...
Add support in check-bin-arch to accept any arbitrary location, that
individual package can each request to excude from the check, when they
are installed.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, static libray is always built as BUILD_STATIC_LIBS is ON by
default so correctly set BUILD_STATIC_LIBS depending on BR2_SHARED_LIBS
variable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This defconfig fails to build with gcc 6.x, even though we switched to
using gcc 6.x as the default gcc version in May 2017.
It hasn't been updated since April 2017, and the original submitter,
Fabio Porcedda said:
Unfortunately a newer kernel doesn't boot and I don't have the time
to fix the issue. If having a defconfig that doesn't build on gcc
6.x is unacceptable feel free to remove it.
So, let's get rid of this defconfig, which will remove the following
build error:
Baruch Siach [Wed, 7 Mar 2018 06:59:41 +0000 (08:59 +0200)]
ntp: fix build without SSP support
In version 4.2.8p11 ntp changed its configure script build hardening
parameter to '--with-hardenfile'. Update the parameter name to avoid
-fstack-protector-all when the toolchain does not support this option.
Baruch Siach [Tue, 6 Mar 2018 17:00:47 +0000 (19:00 +0200)]
ntp: security bump to version 4.2.8p11
Fixed or improved security issues:
CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
malicious authenticated peer can create arbitrarily-many ephemeral
associations in order to win the clock selection algorithm
CVE-2018-7182: Buffer read overrun leads to undefined behavior and
information leak
configs/ts4900: explicitly specify Linux kernel version
The ts4900 defconfig currently fails to build because it selects
kernel headers 4.12, but doesn't specify a kernel version, and
therefore 4.15 is built causing the following error:
Incorrect selection of kernel headers: expected 4.12.x, got 4.15.x
In commit 7c3a7d808e751d4b608a4c50a0ae4d13dedebab7 ("configs/ts4900:
bump kernel version to 4.12"), when this defconfig was switched from
using a vendor provided kernel to the mainline kernel, the kernel
version was no longer explicitly specified.
Since this commit indicated 4.12, and the kernel headers version
selected is also 4.12, we also use that as the fixed kernel version.
configs/qemu_x86_defconfig: remove kernel options that need openssl
Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
configs/qemu_x86_64_defconfig: remove kernel options that need openssl/libelf
The ORC unwinder requires libelf to be available on the host, so use
the frame pointer unwinder instead. Using the frame pointer unwinder
is probably good enough in our default Qemu configurations.
Wireless support ends up enabling CONFIG_SYSTEM_TRUSTED_KEYRING, which
requires openssl to be available on the host, so disable wireless
support, which isn't needed in Qemu.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some Linux kernel configuration options (such as CONFIG_UNWINDER_ORC)
require building a host program that needs libelf.
Users who have libelf installed on their system won't see a problem,
but users who don't have libelf installed will get a build
failure. Therefore, this commit adds an option that allows a user to
indicate that his Linux kernel configuration requires libelf. When
this option is enabled, we add host-elfutils to the dependencies of
the linux package (host-elfutils provides the libelf library).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some Linux kernel configuration options (such as
CONFIG_SYSTEM_TRUSTED_KEYRING) require building a host program called
extract-cert, which itself needs OpenSSL.
Users having OpenSSL installed on their system won't see a problem,
but users who don't have OpenSSL installed will get a build
failure. This commit adds a new option that allows users to indicate
that their Linux configuration requires building host-openssl.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We were passing HOSTCFLAGS="$(HOSTCFLAGS)" to Linux. However:
- HOSTCFLAGS in Buildroot doesn't exist, and is empty, so this
assignment never did anything. The name of the variable in
Buildroot in HOST_CFLAGS.
- HOSTCFLAGS in Linux isn't used everywhere, and passing it overrides
the default HOSTCFLAGS value defined in the main Linux kernel
Makefile.
In addition, there is no way to pass additional host LDFLAGS in the
Linux kernel build system.
Therefore, we simply shoehorn our HOST_CFLAGS and HOST_LDFLAGS while
passing HOSTCC to the Linux kernel build system. This has been tested
to work fine with host OpenSSL and host libelf only available in
$(HOST_DIR).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Frank Hunleth <fhunleth@troodon-software.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 6 Mar 2018 05:05:53 +0000 (07:05 +0200)]
iptables: fix build with older kernel headers
iptables version 1.6.2 uses the BPF_OBJ_GET macro that is only available
since kernel version 4.4. Add a patch fixing the detection of the
feature availability.
In addition, the U-Boot build had already been removed in commit 12c01e4a05c8e4f4e0c4e8b74fac7824efdc8b41
("configs/freescale_mpc8315erdb: remove U-Boot build"), back in
October 2016, and nobody bothered fixing it.
This defconfig was originally contributed and maintained by Gustavo
Zacarias, but he is no longer active in Buildroot, and nobody
expressed interest in this defconfig, so let's get rid of it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 17:06:16 +0000 (18:06 +0100)]
package/skeleton-systemd: invert factory logic
Currently, we handle the factory by redirectoring /var with a symlink at
build time, and with some trickery during the filesystem generation,
depending on whether we need to remount the filesystem read-write or
not.
However, this is causing quite some pain with the latest systemd, now that
they have moved their dbus socket to /run instead of /var/run.
As such, trying to play tricks with /var/run as a symlink is difficult,
because at times it is in .usr/share/factory/var/run (during build) and
then it is in /var/run (at runtime). So a relative symlink is not
possible. But an absolute symlink is not possible either, because we are
installing out-of-tree.
Oh the joys of cross-compilation... :-)
We fix all this mess by making /var a real directory from the onset, so
that we can use the runtime-expected layout even during the build.
Then, during filesystem generation, we move /var away to the factory,
and populate it as we used to do. This still requires a post-fs hook to
restore /var after the filesystem generation.
This leaves a situation that, should the filesystem generation fails,
/var will be left in an inconsistent state. But that is not worse than
what we already had anyway.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Trent Piepho <tpiepho@impinj.com> Cc: Adam Duskett <aduskett@gmail.com> Cc: Romain Naour <romain.naour@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Trent Piepho [Sun, 4 Mar 2018 17:06:15 +0000 (18:06 +0100)]
package/skeleton-init-systemd: work around for /var/lib not populating
When using a RO root with systemd, it is intended that /var/lib should be
populated at boot time by tmpfiles system mirroring it from
/usr/share/factory/var/lib.
However, this will only happen if /var/lib does not already exist at the
time systemd-tmpfiles runs. If it does exist, then tmpfiles will
(silently) skip it and do nothing.
It turns out /var/lib will exist, because some part of systemd creates
/var/lib/systemd/catalog on boot before tmpfiles runs.
The fix used here is to also create tmpfiles entries for the contents of
/var/lib/* and /var/lib/systemd/*. This way, when those directories
already exist, the entire tree is not skipped and instead the
not-yet-existing contents of /var/lib and /var/lib/systemd will be still
be mirrored from the factory dir.
And if /var/lib/systemd, or a prefix of that, stops getting created and
does not exist, it'll still mirror properly.
It does cause some warnings from systemd:
systemd[1]: Starting Create Volatile Files and Directories...
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:7] Duplicate line for path "/var/lib/systemd", ignoring.
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:8] Duplicate line for path "/var/lib/systemd/coredump", ignoring.
But they can be ignored.
IMHO, I think a better solution would be for systemd-tmpfiles to gain a
"merge tree" operation that is like "C" but doesn't abort if the
destination exists, but rather merges the source into it.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
[yann.morin.1998@free.fr: slight rework of commit title] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Tested-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:06 +0000 (11:29 +0100)]
core: drop no-longer used C.UTF-8 locale option
Its use has been globbed into the more generic
BR2_NEEDS_HOST_UTF8_LOCALE option now.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Julius Kriukas <julius@kriukas.lt> Cc: Christian Stewart <kidovate@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:05 +0000 (11:29 +0100)]
package/systemd: needs any UTF-8 locale
Not all distributions have the language-agnostic C.UTF-8 locale (Gentoo,
I'm frowning at you!).
Instead, use any UTF-8 locale provided by the system.
Reported-by: Christian Stewart <kidovate@gmail.com> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Julius Kriukas <julius@kriukas.lt> Cc: Christian Stewart <kidovate@gmail.com> Cc: Trent Piepho <tpiepho@impinj.com> Cc: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:04 +0000 (11:29 +0100)]
core: find a host UTF-8 locale
Some packages really want to use an UTF-8 locale, or they break.
However, there is no guarantee that any given locale is available on a
system. For example,, while most mainstream distros (Debian and
derivatives, Fedora...) do have the generic, language-agnostic C.UTF-8
locale, Gentoo does not provide it.
So, find the first UTF-8 locale available on the system, and take any
that is available. We however do favour using the user-set current
locale, then using the language-agnostic C.UTF-8, and eventually any
random UTF-8 locale.
Note: we only need to enforce LC_ALL, because setting it implies
everything else:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
"""
1. If the LC_ALL environment variable is defined and is not null,
the value of LC_ALL shall be used.
"""
[Peter: use same regexp as in dependencies.sh] Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 4 Mar 2018 10:29:03 +0000 (11:29 +0100)]
support/dependencies: unbreak check for UTF-8 locale
Although the UTF-8 locales in mainstream distributions all are suffixed
with just 'utf8', the nomenclature is a bit ambiguous with the way they
are to be specified with the various LC_* variables, suffixed there with
'UTF-8'.
Also, POSIX, ISO, and IEC do not enforce any specific suffix in LC_*
variables:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
"""
If the locale value has the form:
language[_territory][.codeset]
it refers to an implementation-provided locale, where settings of
language, territory, and codeset are implementation-defined.
"""
To avoid any confusion, use a regexp that is a bit more lax when
matching locales.
Also, quote the regexp, so that the '?' and '$' are not interpreted by
the shell.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 3 Mar 2018 16:55:56 +0000 (17:55 +0100)]
package/systemd: create groups required for udevd
udevd needs extra groups for its bundled rules:
Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'render' unknown
Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'kvm' unknown
Add those missing groups.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Julius Kriukas <julius@kriukas.lt> Cc: Trent Piepho <tpiepho@impinj.com> Cc: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add upstream submission link as suggested by Baruch] Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Sat, 3 Mar 2018 19:43:56 +0000 (21:43 +0200)]
dhcp: add upstream security fixes
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.
CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.
Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qemu-system-ppc64le doesn't necessarily exist: it isn't installed by
Qemu, and only created as a symlink to qemu-system-ppc64 by some
distributions (Ubuntu). Other distributions (Fedora) just have
qemu-system-ppc64.
But qemu-system-ppc64 is capable of running little-endian PPC64
systems, so use this one instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/dependencies/dependencies.sh: check for Python argparse module
The script support/scripts/check-uniq-files uses the argparse Python
module. In most recent Python versions (starting with 2.7), the
argparse module is part of the standard library, and we already check
for the availability of Python in
support/dependencies/dependencies.sh.
However, when running on an ancient distribution with Python 2.6, the
argparse module is not part of the Python standard library, but
available as an external module. Without this module, the build fails,
because check-uniq-files, which is used in target-finalize, fails to
run.
To avoid this failure, this commit adds a check in
support/dependencies/dependencies.sh to verify that the argparse
module is available.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/scripts/check-uniq-files: add indices in format string
Using {} in format strings is only supported in sufficiently recent
Python versions. Python 2.6 doesn't support this, and only format
strings with numbered arguments: {0}, {1}, etc.
$ python -c 'print("foo {}".format(12))'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ValueError: zero length field name in format
$ python -c 'print("foo {0}".format(12))'
foo 12
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>