Zygmunt Krynicki authored 2 years ago and Stefan Schmidt committed 2 years ago

Some jobs care about images and licenses, those look at the
$TMPDIR/deploy, taking some effort to find the correct tmpdir while
hard-coding the deploy dir. Take a shortcut and query for the right
variable (DEPLOY_DIR).

This allows non-trivial layouts with DEPLOY_DIR and TMPDIR placed on
distinct filesystems, for efficiency.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>

Pavel Zhukov authored 2 years ago and Stefan Schmidt committed 2 years ago

ABI checker implementation is meta-binaryaudit. Adding it for CI only
to not extend support surface of the project.
Added to three flavours for now. It can be easily extended to all jobs
if needed in the future

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Part of gcc oeself-test is client/server based. It uses qemu vm for
native tests via ssh. The vm is launched by runqemu command which
requires the following changes in the docker image.

* passwordless sudo permission
* package iptables pre-installed

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Oniro documentation recommends using of slirp option to have
network connection from/to the image in qemu. Adjust conf-notes.txt
to be consistent with the docs.

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

The default compression has been changed from bzip to gz. Update
leftovers accordingly

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

The reference is provided only when repo is used with runner persistent
storage. This is not a major change, just a clean-up of the existing
logic.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>

Add basic documentation for the debug mode.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Capitalize the title to match other chapter titles.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Document the change in the default user/password for the production
images.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

The old GPLv2 identifier has been deprecated in oe-core. Time to catch
up with this recipe.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

Fix for CVE-2022-33068 brings a regression in clang builds.
Fixes in upstream with fixup commit.

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* b9bbc38 : protobuf-c: update to 1.4.1 fix CVE-2022-33070 - Wentao Zhang
* 6d1dbf7 : modemmanager: update to 1.18.8 - Adrian Freihofer
* 2dd643a : imagemagick: upgrade 7.0.10-25 -> 7.0.10-62 - Davide Gardenal
* 4eaa309 : ntfs-3g-ntfsprogs: upgrade to 2022.5.17 - Chen Qi
* 1a09e4f : php: upgrade 8.1.6 -> 8.1.7 - wangmy
* e5b177a : cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands - Hitendra Prajapati
* bf2822d : dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291 - Yue Tao
* 97375c7 : emlog: ignore unrelated CVEs - Davide Gardenal
* c455cba : freeradius: mutlilib fixes - Jeremy Puhlman

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* a4bfb5c : libsoup: upgrade 3.0.6 -> 3.0.7 - Alexander Kanavin
* a2871b4 : glib-networking: upgrade 2.72.0 -> 2.72.1 - Alexander Kanavin
* 0d9a2d4 : glib-2.0: upgrade 2.72.2 -> 2.72.3 - Alexander Kanavin
* 3903a24 : weston: update 10.0.0 -> 10.0.1 - Alexander Kanavin
* e008697 : gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3 - wangmy
* 4f00cdf : gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3 - wangmy
* 05f62a8 : gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3 - wangmy
* e1dd7d5 : gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3 - wangmy
* 4aee173 : gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3 - wangmy
* c827ede : gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3 - wangmy
* 0ead6c0 : gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3 - wangmy
* e190d67 : gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3 - wangmy
* 9b8a62d : gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3 - wangmy
* 84b2d19 : gst-devtools: upgrade 1.20.2 -> 1.20.3 - wangmy
* 2c177d0 : gstreamer1.0: upgrade 1.20.2 -> 1.20.3 - Alexander Kanavin
* 2023e33 : binutils : stable 2.38 branch updates - Sundeep KOKKONDA
* 96f6bad : glibc-tests: Avoid reproducibility issues - Richard Purdie
* 05760b2 : glibc: stable 2.35 branch updates - Sundeep KOKKONDA
* 7616275 : openssl: update 3.0.4 -> 3.0.5 - Alexander Kanavin
* 640ccea : vim: upgrade to 9.0.0021 - Ross Burton
* 21b66e6 : u-boot: fix CVE-2022-34835 - Sakib Sajal
* dc627ce : tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058 - Ross Burton
* 537e7d3 : harfbuzz: fix CVE-2022-33068 - Wentao Zhang
* 83ab9f5 : qemu: Avoid accidental libvdeplug linkage - Steve Sakoman
* 84390c3 : qemu: Avoid accidental librdmacm linkage - Richard Purdie
* 171fa2d : qemu: add PACKAGECONFIG for capstone - Steve Sakoman
* 6db1eb6 : ruby: add PACKAGECONFIG for capstone - Steve Sakoman

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

This is required by meta-openharmony layer.

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

This is required by meta-openharmony layer.

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

* d0a0285 : kernel-initramfs: fix typo for ALTERNATIVE - Yi Zhao

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* db6e0ed : arm/oeqa: Use linuxboot and OEFVPSerialTarget instead of noop - Peter Hoyes
* 72a3dfa : arm/oeqa: Create new OEFVPSerialTarget with pexpect interface - Peter Hoyes
* 3ead3aa : arm/classes: Change FVP_CONSOLE to FVP_CONSOLES in fvpconf - Peter Hoyes
* ae48e65 : arm/oeqa: Refactor OEFVPTarget to use FVPRunner and pexpect - Peter Hoyes
* fb794c8 : arm/oeqa: Add selftests for FVP library - Peter Hoyes
* d2685ae : scripts,arm/lib: Refactor runfvp into FVPRunner - Peter Hoyes
* 528d28f : runfvp: ignore setpgid errors when spawned - Bertrand Marquis

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* e3e5687 : Merge pull request #1137 from Freescale/backport-1133-to-kirkstone - Otavio Salvador
* 033a380 : weston: 9.0.0.imx: fix build with latest master - Max Krummenacher
* 2b07a82 : Merge pull request #1136 from Freescale/backport-1134-to-kirkstone - Otavio Salvador
* 5ae86e7 : remove random file - Max Krummenacher
* cdd3880 : Merge pull request #1135 from Freescale/backport-1132-to-kirkstone - Otavio Salvador
* 54e519e : Revert "imx-base.inc: upgrade to gstreamer 1.20.2" - Max Krummenacher
* f2253aa : Merge pull request #1131 from Freescale/backport-1130-to-kirkstone - Otavio Salvador
* 05e0dbe : imx-base.inc: Use ??= for PREFERRED_VERSION - Tom Hochstein

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* fb7b26b : fix(syslog-ng): warning about conf version - Aurélien Bertron
* 1cd38ee : strongswan: upgrade 5.9.5 -> 5.9.6 - Yi Zhao
* e4c5f5b : postgresql: upgrade 14.3 -> 14.4 - wangmy
* 6ff027e : exo: upgrade 4.16.3 -> 4.16.4 - Yue Tao
* 7040cff : networkmanager: fix build with enabled ppp - Javier Viguera
* d7aaee2 : chrony: create /var/lib/chrony by systemd-tmpfiles - Changqing Li
* 3d47772 : dnsmasq: Security fix CVE-2022-0934 - Yi Zhao
* 18767f1 : libgpiod: move test dependencies to ptest package - Peter Marko
* 16621ac : python3-pybluez: fix a runtime issue with python 3.10 - Bartosz Golaszewski
* 9c3976a : iperf: Set CVE_PRODUCT to "iperf_project:iperf" - Akash Hadke
* fad4c40 : ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g" - Akash Hadke
* 3a019f2 : tesseract-lang: switch from master branch to main - Martin Jansa
* 14023da : netserver: don't change permissions on /dev/null - Ashish Sharma
* caab54d : leveldb: switch from master branch to main - Martin Jansa

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

For now, it only handles the depndency to ninja-native and handling the
export of the MAXLOAD_NINJA variable.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

We provide recipes that other projects/layers do as well (for example gn
is also provided by meta-arm). Make sure that our layer has a higher
priority when most of the upstream layers use the default 5.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

oe-core recommends openssh-sftp-server since [1] this causes conflict
between openssh and dropbear when -tests image is building.
This happens because openssh-ptest is pulled in as complementary package
of openssh-sftp-server
Adding openssh to PACKAGE_EXCLUDE_COMPLEMENTARY excluded openssh from
the list. As a downside of this openssh-ptest,  -dev or -dbg packages
will not be installed using install_complementary and have to be
installed manually (IMAGE_INSTALL:append or similar).
Proper fix should go to oe-core (use -O flag to switch back to old scp
protocol if newer openssh server is used) however it's not clear if
openssh will keep this feature.

Upstream-Bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14858

Fixes:
Error:
 Problem: problem with installed package dropbear-2020.81-r0.cortexa53_crypto
  - package dropbear-2020.81-r0.cortexa53_crypto conflicts with openssh provided by openssh-8.9p1-r0.cortexa53_crypto
  - package openssh-8.9p1-r0.cortexa53_crypto conflicts with dropbear provided by dropbear-2020.81-r0.cortexa53_crypto
  - package openssh-ptest-8.9p1-r0.cortexa53_crypto requires openssh, but none of the providers can be installed
  - conflicting requests
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)

[1] https://git.openembedded.org/openembedded-core/commit/?id=a98188e83b2c027d99cc38e3367e1ec2a98efbb0



Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 24ec778 : Merge pull request #1128 from Freescale/backport-1127-to-kirkstone - Otavio Salvador
* f1a3d00 : imx-boot: Use public key injected DTB when FIT signature is enabled - Loic Poulain
* 270f0f6 : Merge pull request #1125 from Freescale/backport-1124-to-kirkstone - Otavio Salvador
* 79b65da : firmware-imx: create symbolic links for CODA VPU firmwares - Ming Liu
* 5b45301 : Merge pull request #1123 from Freescale/backport-1122-to-kirkstone - Otavio Salvador
* 4b6cb47 : imx-base.inc: upgrade to gstreamer 1.20.2 - Daiane Angolini
* 85fd006 : Merge pull request #1120 from Freescale/backport-1119-to-kirkstone - Otavio Salvador
* 7f6d0c0 : isp-imx: fix source and build directories - Luca Ceresoli
* 418a52c : Merge pull request #1118 from Freescale/backport-1117-to-kirkstone - Otavio Salvador
* ec2b487 : vf: follow SoC override changes also for vybrid - Max Krummenacher
* 515ec30 : Merge pull request #1116 from Freescale/backport-1114-to-kirkstone - Otavio Salvador
* 8ffdd58 : Update xorg.conf - Wouter Vanhauwaert
* 47bc547 : recipes-kernel: drop lzop kernel compression - Andrey Zhizhikin
* 59fd90d : linux-fslc-imx: update to v5.15.48 - Andrey Zhizhikin
* 8306ac7 : linux-fslc-lts: update to v5.15.48 - Andrey Zhizhikin
* ceed4bf : linux-fslc: update to v5.18.5 - Andrey Zhizhikin
* 25f3697 : linux-fslc-imx: update to v5.15.47 - Andrey Zhizhikin
* 94568f0 : linux-fslc-lts: update to v5.15.47 - Andrey Zhizhikin
* d8d616b : linux-fslc: update to v5.18.4 - Andrey Zhizhikin
* a94debb : dynamic-layers: add meta-arm to provide upstream TF-A - Andrey Zhizhikin
* 546a884 : recipes-bsp: drop custom deploy location for TF-A binary - Andrey Zhizhikin
* 9c62ef8 : layer-wide: define configurable default TF-A provider - Andrey Zhizhikin
* bdead7c : linux-fslc-imx: update to v5.15.46 - Andrey Zhizhikin
* a3fc2c6 : linux-fslc-lts: update to v5.15.46 - Andrey Zhizhikin
* 351545f : linux-fslc: update to v5.18.3 - Andrey Zhizhikin
* 3142822 : kernel-itbimage: delete this bbclass - Thomas Perrot
* 5d6c2ba : imx-base.inc: Set virtual/opencl-icd provider for i.MX - Tom Hochstein
* 092de7a : linux-fslc-imx: update to v5.15.45 - Andrey Zhizhikin
* 93b4349 : linux-fslc-lts: update to v5.15.45 - Andrey Zhizhikin
* 56c9cd3 : linux-fslc: update to v5.18.2 - Andrey Zhizhikin
* c5736e5 : alsa-lib: drop not applying patch - Max Krummenacher
* 52306c4 : linux-fslc-imx: upgrade to lf-5.15.5-1.0.0 from NXP - Andrey Zhizhikin
* da3807a : linux-fslc-lts: re-sync configs with upstream - Andrey Zhizhikin
* 96ee3d0 : linux-fslc-lts: upgrade to 5.15.x+fslc - Andrey Zhizhikin
* b8ad321 : linux-fslc: drop config option not present in upstream - Andrey Zhizhikin
* 745f6c8 : linux-fslc: re-sync configs with upstream - Andrey Zhizhikin
* 99a93c4 : linux-fslc: upgrade to 5.18.x+fslc - Andrey Zhizhikin
* 2c1ff19 : kernel-module-nxp89xx: fix compatible machine override - Ricardo Salveti
* 84da967 : rcw: Use SPDX-style license - sean-anderson-seco
* 3c64e4a : optee-test: Rework the OPTEE_ARCH logic - Tom Hochstein
* 78a38a7 : optee-os: Simplify OPTEE_ARCH assignment for 32-bit - Tom Hochstein
* 3b4476e : kernel-module-isp-vvcam: fix error found by gcc 12 - Max Krummenacher
* 2b18c77 : imx-atf: fix patch applying - Thomas Perrot
* 5fe3067 : imx-atf: Suppress array-bounds error - Tom Hochstein
* 6752c74 : machines: follow kernel deployment changes - Max Krummenacher
* d5ced4c : Merge pull request #1111 from Freescale/backport-1110-to-kirkstone - Otavio Salvador
* fb8f6dd : mfgtool-initramfs-image: Fix override of IMAGE_FSTYPES - Tom Hochstein
* ce8de11 : Merge pull request #1108 from Freescale/backport-1104-to-kirkstone - Otavio Salvador
* 2a248ce : classes: IMAGE_FSTYPES as weak variable in mfgtool-initramfs-image - Walter Bonetti

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* ef3aa30 : linux-intel-rt/5.15: update to v5.15.43 - Naveen Saini
* 21bfed2 : linux-intel/5.15: update to v5.15.43 - Naveen Saini
* 8f771fa : intel-compute-runtime: upgrade 22.11.22682 -> 22.22.23355 - Anuj Mittal
* 26d268b : intel-graphics-compiler: upgrade 1.0.10395 -> 1.0.11279 - Anuj Mittal
* 6702aec : linux-intel-rt/5.10: update to v5.10.115 - Naveen Saini
* e8acb82 : linux-intel/5.10: update to v5.10.115 - Naveen Saini

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 4667abc : dropbear: break dependency on base package for -dev package - Steve Sakoman
* f90647e : openssh: break dependency on base package for -dev package - Steve Sakoman
* d6344cc : oe-selftest-image: Ensure the image has sftp as well as dropbear - Richard Purdie
* e2dfd3b : packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation - Richard Purdie
* a7ae2ad : oeqa/runtime/scp: Disable scp test for dropbear - Richard Purdie
* 7a8d374 : curl: backport openssl fix CN check error code - Jose Quaresma
* 1a6396c : glibc-tests: not clear BBCLASSEXTEND - Kai Kang
* 5a1fd88 : recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG - Thomas Roos
* dc17985 : rust: fix issue building cross-canadian tools for aarch64 on x86_64 - Peter Bergin
* e52deac : at: take tarballs from debian - Alexander Kanavin
* aa1c109 : coreutils: Tweak packaging variable names for coreutils-dev - Richard Purdie
* fb9e455 : base.bbclass: Correct the test for obsolete license exceptions - Peter Kjellerstedt
* 53eca71 : oeqa/sdk: drop the nativesdk-python 2.x test - Alexander Kanavin
* a9debe6 : sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity - David Bagonyi
* 3aaf970 : insane.bbclass: host-user-contaminated: Correct per package home path - Ahmed Hossam
* 3f8a49c : kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set - Raju Kumar Pothuraju
* 70d4a09 : perf: sort-pmuevents: really keep array terminators - Lucas Stach
* 772c9f6 : wic: fix WicError message - Martin Jansa
* 58804e0 : libffi: fix native build being not portable - Maxime Roussin-Bélanger
* 0a3ebc5 : initramfs-framework: move storage mounts to actual rootfs - Muhammad Hamza
* e5b4873 : openssl: Upgrade 3.0.3 -> 3.0.4 - Richard Purdie
* a290032 : vim: 8.2.5083 -> 9.0.0005 - Richard Purdie
* 681df7c : wireless-regdb: upgrade 2022.04.08 -> 2022.06.06 - Alexander Kanavin
* 6f9c806 : cve-check: hook cleanup to the BuildCompleted event, not CookerExit - Ross Burton
* 94fad58 : cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) - Richard Purdie
* aacc109 : busybox: fix CVE-2022-30065 - Ross Burton
* 8eb224d : cups: ignore CVE-2022-26691 - Ross Burton
* 4bc6bb3 : binutils : CVE-2019-1010204 - Pgowda
* 645a619 : ghostscript: fix CVE-2022-2085 - Lee Chee Yang
* 6a277ba : unzip: Port debian fixes for two CVEs - Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Add missing INHERITs to Linux jobs. Now all
Linux images in CI run "create-spdx.bbclass" correctly.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

The parent of all zephyr jobs is now unified to enable easier
extensibility later on.
Update documentation.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

The rootfs size is no more affected by the debug mode, the reverted
commit has no purpose now.

This reverts commit 7a5149bc.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Enabling debug mode is not the ideal solution for running
tests because it's responsible for enlarging the rootfs size and causing
tests to fail. More detail reported in #673.

This reverts commit 3ddebb37.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>