Add meta-riscv to bblayers.conf.sample to enable RISC-V support
in all ASOS builds

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Use binutils 2.37 by default in allscenarios-linux

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Update binutils to 2.37 -- it brings many improvements, including some
needed to get a working RISC-V 32 toolchain.

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

It is a good practice to timeout the shell if no activity. Add a timeout
to the /etc/profile* settings in a separate script.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Remove the hardening distro requirement from the recipe,
we do not want to rename our distro and this feature is useful
in all cases.

One thing that needs to be added is setting up the password min/max
age, and the minimum password length.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Marta Rybczynska authored 3 years ago and Bernhard Rosenkränzer committed 3 years ago

The append in the meta-security layer works for a "harden" distro
only. We remove this limit as we do want it by default and we do not
want to rename our distro.

A discussion on the mailing list [1] mentions that we might get
DISTRO_FEATURE in the future.

[1] https://patchwork.openembedded.org/patch/174773/



Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Marta Rybczynska authored 3 years ago and Bernhard Rosenkränzer committed 3 years ago

Backports the recipes of the meta-hardening layer from meta-security in
hardknott, synced up to 5050d1267ad41288c903086030594f8702bfa039

It includes recipes for hardening base-files (/etc/profile) and shadow
(/etc/login.defs).

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

We do not use NFS in the image, nor in any of the blueprints. An unused service
is a potential security issue, so we remove it.

In addition to expected DISTRO_FEATURES/IMAGE_FEATURES, we need to remove a
dependency to the packagegroup-core-device-devel that includes nfs. This
package is included in poky.conf for all qemu builds, but is not needed and
has been removed from Poky [1] in August 2020.

[1] https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=d707fa30f8a24d1e50831846330757254f245791



Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

The default configuration for the rootfs is now read-only. The ro
argument is injected through APPEND in read-only-rootfs hooks so all we
need to do is to drop `rw`.

We also let rootfstype be defined dynamically so we can support multiple
configuration in the future.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Default configuration uses `rw`. We default now to read-only root
filesystems so we switch the argument accordingly.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

This can help in development to play with deltas on squashfs images.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The change also maintains support for ext4 so that in the future we
can expose a development mode where rootfs is ro but on ext4.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The root filesystem defaults to squashfs.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The root filesystem defaults to squashfs.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The root filesystem defaults to squashfs.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The root filesystem defaults to squashfs.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The root filesystem defaults to squashfs.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

On x86-64, tm.h (needed to build gcc plugins) tries to include
config/i386/linux64.h, which isn't installed. Fortunately it also
isn't used, so simply removing the include statement is an ok fix.

Sample failure see
https://git.ostc-eu.org/OSTC/OHOS/meta-ohos/-/jobs/43762



Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Document and add gcc plugin based hardening options

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Fix building the kernel's gcc plugins with gcc 11.x - gcc 11.x needs
constexpr (hence -std=gnu++11 or higher), and the check for gcc
plugin support needs modifications (or simple disabling, given in
our context, we know gcc has plugin support).

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Backport musl 1.2.2 from poky master.
This is in sync with commit 4da1e8091ea0a57209519f0a4755d06aa108f439

musl 1.2.2 brings, among other things, a number of important bugfixes and
a much better malloc implementation.

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Bernhard Rosenkränzer authored 3 years ago and Stefan Schmidt committed 3 years ago

Use glibc 2.33 from meta-ohos instead of 2.31 from dunfell

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Bernhard Rosenkränzer authored 3 years ago and Stefan Schmidt committed 3 years ago

License files have been renamed upstream - switch the recipe back to
dunfell's names.

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Bernhard Rosenkränzer authored 3 years ago and Stefan Schmidt committed 3 years ago

Building older versions of glibc with current versions of
gcc can be problematic - among other things, it causes
https://git.ostc-eu.org/OSTC/OHOS/meta-ohos/-/issues/79



This is in sync with poky commit 287745a09d0fab611137f708cb62c8e1e55b654f

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

The jool project contains three different types of outputs. User-space
tools, iptables plugins and kernel modules. The first two are handled by
the main jool recipe while the later one is handled by jool-kmod.

The git tag for version 4.1.5 is used.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The runqemu script doesn't know to boot compressed qemu images. Bring
them back so that we can run the script without manually uncompressing
the images.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Prefer gcc 11.x over dunfell's 9.x

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Googletest doesn't compile with gcc 11.1 because it doesn't explicitly
include <string> -- this is included implicitly (dependency of other
headers) by older libstdc++ as well as libc++

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

Backport gcc 11.1 from poky master - this is in sync with
commit 8f0c68a7a616c3e2b57cb5dd84b78fbf37116f87.

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

These are generic HW modules that can be used across several blueprints
to depict basic input/output interactions with the system.

Signed-off-by: Amit Kucheria <amit.kucheria.ext@huawei.com>

Set up the structure for how the blueprint documents will live

Signed-off-by: Amit Kucheria <amit.kucheria.ext@huawei.com>

Describe the purpose of a blueprint in All Scenarios OS to set
the right expectations.

Signed-off-by: Amit Kucheria <amit.kucheria.ext@huawei.com>

Stevan Radaković authored 3 years ago and Stefan Schmidt committed 3 years ago

Unify compression for different targets.
Remove uncompressed images.

Signed-off-by: Stevan Radaković <stevan.radakovic@linaro.org>

Gururaj Shetty authored 3 years ago and Stefan Schmidt committed 3 years ago

Initially, Arudino did not enable USB CDC_ACM interface,
due to which once flashed, the user was forced to connect
an external USB TTL cable to connect the board.

This limitation is now resolved; hence, connecting USB
TTL cable information is removed.

Signed-off-by: Gururaj Shetty <gururaj.shetty@huawei.com>

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

To enable more use cases and testing we provide MQTT and CoAP
implementations on the Linux gateway side.

Fixes: https://git.ostc-eu.org/OSTC/planning/core-os/-/issues/182



Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>