Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

For now, it only handles the depndency to ninja-native and handling the
export of the MAXLOAD_NINJA variable.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

We provide recipes that other projects/layers do as well (for example gn
is also provided by meta-arm). Make sure that our layer has a higher
priority when most of the upstream layers use the default 5.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

oe-core recommends openssh-sftp-server since [1] this causes conflict
between openssh and dropbear when -tests image is building.
This happens because openssh-ptest is pulled in as complementary package
of openssh-sftp-server
Adding openssh to PACKAGE_EXCLUDE_COMPLEMENTARY excluded openssh from
the list. As a downside of this openssh-ptest,  -dev or -dbg packages
will not be installed using install_complementary and have to be
installed manually (IMAGE_INSTALL:append or similar).
Proper fix should go to oe-core (use -O flag to switch back to old scp
protocol if newer openssh server is used) however it's not clear if
openssh will keep this feature.

Upstream-Bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14858

Fixes:
Error:
 Problem: problem with installed package dropbear-2020.81-r0.cortexa53_crypto
  - package dropbear-2020.81-r0.cortexa53_crypto conflicts with openssh provided by openssh-8.9p1-r0.cortexa53_crypto
  - package openssh-8.9p1-r0.cortexa53_crypto conflicts with dropbear provided by dropbear-2020.81-r0.cortexa53_crypto
  - package openssh-ptest-8.9p1-r0.cortexa53_crypto requires openssh, but none of the providers can be installed
  - conflicting requests
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)

[1] https://git.openembedded.org/openembedded-core/commit/?id=a98188e83b2c027d99cc38e3367e1ec2a98efbb0



Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 24ec778 : Merge pull request #1128 from Freescale/backport-1127-to-kirkstone - Otavio Salvador
* f1a3d00 : imx-boot: Use public key injected DTB when FIT signature is enabled - Loic Poulain
* 270f0f6 : Merge pull request #1125 from Freescale/backport-1124-to-kirkstone - Otavio Salvador
* 79b65da : firmware-imx: create symbolic links for CODA VPU firmwares - Ming Liu
* 5b45301 : Merge pull request #1123 from Freescale/backport-1122-to-kirkstone - Otavio Salvador
* 4b6cb47 : imx-base.inc: upgrade to gstreamer 1.20.2 - Daiane Angolini
* 85fd006 : Merge pull request #1120 from Freescale/backport-1119-to-kirkstone - Otavio Salvador
* 7f6d0c0 : isp-imx: fix source and build directories - Luca Ceresoli
* 418a52c : Merge pull request #1118 from Freescale/backport-1117-to-kirkstone - Otavio Salvador
* ec2b487 : vf: follow SoC override changes also for vybrid - Max Krummenacher
* 515ec30 : Merge pull request #1116 from Freescale/backport-1114-to-kirkstone - Otavio Salvador
* 8ffdd58 : Update xorg.conf - Wouter Vanhauwaert
* 47bc547 : recipes-kernel: drop lzop kernel compression - Andrey Zhizhikin
* 59fd90d : linux-fslc-imx: update to v5.15.48 - Andrey Zhizhikin
* 8306ac7 : linux-fslc-lts: update to v5.15.48 - Andrey Zhizhikin
* ceed4bf : linux-fslc: update to v5.18.5 - Andrey Zhizhikin
* 25f3697 : linux-fslc-imx: update to v5.15.47 - Andrey Zhizhikin
* 94568f0 : linux-fslc-lts: update to v5.15.47 - Andrey Zhizhikin
* d8d616b : linux-fslc: update to v5.18.4 - Andrey Zhizhikin
* a94debb : dynamic-layers: add meta-arm to provide upstream TF-A - Andrey Zhizhikin
* 546a884 : recipes-bsp: drop custom deploy location for TF-A binary - Andrey Zhizhikin
* 9c62ef8 : layer-wide: define configurable default TF-A provider - Andrey Zhizhikin
* bdead7c : linux-fslc-imx: update to v5.15.46 - Andrey Zhizhikin
* a3fc2c6 : linux-fslc-lts: update to v5.15.46 - Andrey Zhizhikin
* 351545f : linux-fslc: update to v5.18.3 - Andrey Zhizhikin
* 3142822 : kernel-itbimage: delete this bbclass - Thomas Perrot
* 5d6c2ba : imx-base.inc: Set virtual/opencl-icd provider for i.MX - Tom Hochstein
* 092de7a : linux-fslc-imx: update to v5.15.45 - Andrey Zhizhikin
* 93b4349 : linux-fslc-lts: update to v5.15.45 - Andrey Zhizhikin
* 56c9cd3 : linux-fslc: update to v5.18.2 - Andrey Zhizhikin
* c5736e5 : alsa-lib: drop not applying patch - Max Krummenacher
* 52306c4 : linux-fslc-imx: upgrade to lf-5.15.5-1.0.0 from NXP - Andrey Zhizhikin
* da3807a : linux-fslc-lts: re-sync configs with upstream - Andrey Zhizhikin
* 96ee3d0 : linux-fslc-lts: upgrade to 5.15.x+fslc - Andrey Zhizhikin
* b8ad321 : linux-fslc: drop config option not present in upstream - Andrey Zhizhikin
* 745f6c8 : linux-fslc: re-sync configs with upstream - Andrey Zhizhikin
* 99a93c4 : linux-fslc: upgrade to 5.18.x+fslc - Andrey Zhizhikin
* 2c1ff19 : kernel-module-nxp89xx: fix compatible machine override - Ricardo Salveti
* 84da967 : rcw: Use SPDX-style license - sean-anderson-seco
* 3c64e4a : optee-test: Rework the OPTEE_ARCH logic - Tom Hochstein
* 78a38a7 : optee-os: Simplify OPTEE_ARCH assignment for 32-bit - Tom Hochstein
* 3b4476e : kernel-module-isp-vvcam: fix error found by gcc 12 - Max Krummenacher
* 2b18c77 : imx-atf: fix patch applying - Thomas Perrot
* 5fe3067 : imx-atf: Suppress array-bounds error - Tom Hochstein
* 6752c74 : machines: follow kernel deployment changes - Max Krummenacher
* d5ced4c : Merge pull request #1111 from Freescale/backport-1110-to-kirkstone - Otavio Salvador
* fb8f6dd : mfgtool-initramfs-image: Fix override of IMAGE_FSTYPES - Tom Hochstein
* ce8de11 : Merge pull request #1108 from Freescale/backport-1104-to-kirkstone - Otavio Salvador
* 2a248ce : classes: IMAGE_FSTYPES as weak variable in mfgtool-initramfs-image - Walter Bonetti

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* ef3aa30 : linux-intel-rt/5.15: update to v5.15.43 - Naveen Saini
* 21bfed2 : linux-intel/5.15: update to v5.15.43 - Naveen Saini
* 8f771fa : intel-compute-runtime: upgrade 22.11.22682 -> 22.22.23355 - Anuj Mittal
* 26d268b : intel-graphics-compiler: upgrade 1.0.10395 -> 1.0.11279 - Anuj Mittal
* 6702aec : linux-intel-rt/5.10: update to v5.10.115 - Naveen Saini
* e8acb82 : linux-intel/5.10: update to v5.10.115 - Naveen Saini

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 4667abc : dropbear: break dependency on base package for -dev package - Steve Sakoman
* f90647e : openssh: break dependency on base package for -dev package - Steve Sakoman
* d6344cc : oe-selftest-image: Ensure the image has sftp as well as dropbear - Richard Purdie
* e2dfd3b : packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation - Richard Purdie
* a7ae2ad : oeqa/runtime/scp: Disable scp test for dropbear - Richard Purdie
* 7a8d374 : curl: backport openssl fix CN check error code - Jose Quaresma
* 1a6396c : glibc-tests: not clear BBCLASSEXTEND - Kai Kang
* 5a1fd88 : recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG - Thomas Roos
* dc17985 : rust: fix issue building cross-canadian tools for aarch64 on x86_64 - Peter Bergin
* e52deac : at: take tarballs from debian - Alexander Kanavin
* aa1c109 : coreutils: Tweak packaging variable names for coreutils-dev - Richard Purdie
* fb9e455 : base.bbclass: Correct the test for obsolete license exceptions - Peter Kjellerstedt
* 53eca71 : oeqa/sdk: drop the nativesdk-python 2.x test - Alexander Kanavin
* a9debe6 : sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity - David Bagonyi
* 3aaf970 : insane.bbclass: host-user-contaminated: Correct per package home path - Ahmed Hossam
* 3f8a49c : kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set - Raju Kumar Pothuraju
* 70d4a09 : perf: sort-pmuevents: really keep array terminators - Lucas Stach
* 772c9f6 : wic: fix WicError message - Martin Jansa
* 58804e0 : libffi: fix native build being not portable - Maxime Roussin-Bélanger
* 0a3ebc5 : initramfs-framework: move storage mounts to actual rootfs - Muhammad Hamza
* e5b4873 : openssl: Upgrade 3.0.3 -> 3.0.4 - Richard Purdie
* a290032 : vim: 8.2.5083 -> 9.0.0005 - Richard Purdie
* 681df7c : wireless-regdb: upgrade 2022.04.08 -> 2022.06.06 - Alexander Kanavin
* 6f9c806 : cve-check: hook cleanup to the BuildCompleted event, not CookerExit - Ross Burton
* 94fad58 : cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) - Richard Purdie
* aacc109 : busybox: fix CVE-2022-30065 - Ross Burton
* 8eb224d : cups: ignore CVE-2022-26691 - Ross Burton
* 4bc6bb3 : binutils : CVE-2019-1010204 - Pgowda
* 645a619 : ghostscript: fix CVE-2022-2085 - Lee Chee Yang
* 6a277ba : unzip: Port debian fixes for two CVEs - Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Add missing INHERITs to Linux jobs. Now all
Linux images in CI run "create-spdx.bbclass" correctly.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

The parent of all zephyr jobs is now unified to enable easier
extensibility later on.
Update documentation.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

The rootfs size is no more affected by the debug mode, the reverted
commit has no purpose now.

This reverts commit 7a5149bc.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Enabling debug mode is not the ideal solution for running
tests because it's responsible for enlarging the rootfs size and causing
tests to fail. More detail reported in #673.

This reverts commit 3ddebb37.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

oniro-image-base-tests and oniro-image-extra-tests needs
an empty root password to correctly run their tests, this
is enabled by debug-tweaks.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Use the Yocto class to generate SBOM. Activate on Linux only,
there is a pending issue on Zephyr [1]

[1] https://lists.openembedded.org/g/openembedded-core/message/167450



Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Apache-2.0 licensed patches can't be applied to (L)GPL 2.x code
without legal issues.
These patches should have been under the same license as the
upstream project in the first place.

Thanks to shoragan for spotting this.

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

* ci: work around zephyr test issues : Jon Mason
* arm-bsp/fvp-baser-aemv8r64: Use secure hypervisor physical timer in EL2 : Jiamei Xie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* .github: workflows: meta-rauc: pin to kirkstone : Enrico Jorns
* rauc: move 'streaming' PACKAGECONFIG option to common includes : Enrico Jorns

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* build-appliance-image: Update to kirkstone head revision : Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Building the base test image with debug mode enabled returns the below
error.

```
ERROR: File system image of partition / is larger (2269180 kB) than its
allowed size 2097152 kB.
```

Increasing rootfs size to 2500M solves the issue.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

LAVA needs a writable directory to deploy test cases, and many test
cases only work with root user.

The debug mode can be disabled by overwriting the
CI_ONIRO_BB_LOCAL_CONF_plus_equals_INHERIT variable at build job level.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Make the report generation more customizable. Apart from the CSV report,
add also a summary report including the number of CVEs in each package.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Marta Rybczynska authored 2 years ago and Pavel Zhukov committed 2 years ago

cve-diff analyses JSON CVE outputs of two builds and shows
the difference between the two. The initial version handles:
added/removed packages and CVEs.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

meta-secure-core provides security features like UEFI secure boot,
key store, TPM, IMA and more. It is also a dependency for the LEDGE
work. This revision supports kirkstone.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Signed-off-by: Chase Qi <chase.qi@linaro.org>

When the callback not dispatchered correctly, the record can be helpful
for debugging in squad.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Given test scope for new MRs is not defined yet and we only have one
rpi4, b68 and c61 in the warsaw lab which are occupied mostly by daily
scheduled pipeline, starting with boot and smoke tests on qemu devices
should be a good starting point for per MR testing.

Jobs that extend `.lava-test` will be added to MR's pipeline and
schedueld pipeline.

`.lava-test-scheduled` extends `.lava-test` with new scheduled pipeline
only rule. Long run jobs like ltp should extends the job so that they
wouldn't prevent MRs from merging.

Solves #486.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Unqualified jobs, which rely on the default compiler, are gone.
Qualified jobs explicitly configure either clang or gcc and use the
appropriate suffix. Qualified jobs have needs/depends set to empty to
both avoid waiting for previous stages to start and to avoid pulling in
artifacts from the previous stage.

Qualified jobs inhabit two new lanes: build-gcc and build-clang, to
visually break the already long column of "build" jobs.

Job ordering within a lane is not exactly matching, gcc-clang. This is
noticeable with the jobs using the "extra" suffix. The reason for this
is unclear.

Some jobs are marked as broken as they do not build with clang. Allow
them to fail and make them start manually until more patches arrive.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>

* ci: work around zephyr test issues : Jon Mason
* arm-bsp/fvp-baser-aemv8r64: Use secure hypervisor physical timer in EL2 : Jiamei Xie
* arm/fvp-base-r-aem: Upgrade to version 11.18.16 : Peter Hoyes

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* .github: workflows: meta-rauc: pin to kirkstone : Enrico Jorns
* rauc: move 'streaming' PACKAGECONFIG option to common includes : Enrico Jorns
* rauc: update to 1.7 : Enrico Jorns

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

This revision updates obsolete Licenses

Signed-off-by: Natalia Kovalenko <waykovalenko@gmail.com>

Zephyr-philosophers doesn't use video output but serial console.

Fixes: #docs#109



Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* b8fd6f5d  server/process: Fix logging issues where only the first message was displayed - Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* a5919cb8bc mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again - Martin Jansa
* f0770686b3 rootfs-postcommands.bbclass: correct comments - Michael Opdenacker
* bffe06fca6 gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2 - Paulo Neves
* 8d646cc4ee systemd: systemd-systemctl: Support instance conf files during enable - Nick Potenski
* a121d2dd5d efivar: add musl libc compatibility - Davide Gardenal
* 8a86bd88f0 python: Avoid shebang overflow on python-config.py - Paulo Neves
* cdb6879b49 python3: Ensure stale empty python module directories don't break the build - Richard Purdie
* 2f93d30fee python3: Remove problematic paths from sysroot files - Richard Purdie
* 8e34686911 python3: use built-in distutils for ptest, rather than setuptools' 'fork' - Alexander Kanavin
* bcc5a22cd2 linux-firmware: upgrade 20220509 -> 20220610 - Dmitry Baryshkov
* 96cd37cff9 linux-firmware: add support for building snapshots - Dmitry Baryshkov
* feabc35372 oeqa/selftest/cve_check: add tests for Ignored and partial reports - Marta Rybczynska
* d76957e425 cve-check: add support for Ignored CVEs - Marta Rybczynska

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

This revision fixes labels for boot and devdata partitions

Signed-off-by: Natalia Kovalenko <waykovalenko@gmail.com>

Create bbclass files in meta-oniro-core
that enable the user to activate the debug mode
in local.conf.

Activating it is equivalent to build -dev images
as of this commit.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

oniro-user is a class that can be inherited in local.conf
and it adds a user named oniro with default password oniro.
The class also installs sudo and adds oniro to the suders.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

* b2d10487f8 liberror-perl: Update sstate/equiv versions to clean cache - Richard Purdie
* 7cdaac4a5a systemd: update 0008-add-missing-FTW_-macros-for-musl.patch - Pavel Zhukov
* 6fa49ffcf2 archiver: don't use machine variables in shared recipes - Jose Quaresma
* 7211a6fb51 gcc-source: Fix incorrect task dependencies from ${B} - Richard Purdie
* 025d22e9c9 git: fix override syntax in RDEPENDS - Yi Zhao
* 6168dbc9b2 popt: fix override syntax in RDEPENDS - Yi Zhao
* 8876f33f08 e2fsprogs: add alternatives handling of lsattr as well - Rasmus Villemoes
* 8c74bca4d6 oescripts: change compare logic in OEListPackageconfigTests - Mingli Yu
* d8e454b370 xxhash: fix build with gcc 12 - Kai Kang
* d8cb65b2ae archiver: use bb.note instead of echo - Jose Quaresma
* 3beb0f1d44 meson.bbclass: add cython binary to cross/native toolchain config - Jack Mitchell
* 5e6f4d0d3d devtool: Fix _copy_file() TypeError - Xiaobing Luo
* e150443701 selftest/multiconfig: Test that multiconfigs in separate layers works - Richard Purdie
* ea280917fc uboot-sign: Fix potential index error issues - Richard Purdie
* b85e29de4b vim: Upgrade 8.2.5034 -> 8.2.5083 - Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

When sysota is built with toolchain-clang broken dynamicaly linked
binary file is produced [1] if shared linking (GO_DYNLINK) is disabled.
As the result strip phase of do_packages fails with [2]
Sysota is built with disabled shared linking because of another bug [3]
The problem with stripping can be fixed with specifying external linker
for clang toolchain (by default Go swutched to internal linker on 64bit
arches if -pie has been specified since version 1.15 [4] ).
Limiting this change to clang only to be safe.

[1] **readelf: Error: no .dynamic section in the dynamic segment**

[2] Subprocess output:x86_64-oniro-linux-llvm-strip: error: SHT_STRTAB
        string table section [index 7] is non-null terminated

[3] sysota#7

[4] https://go.dev/doc/go1.15#linker



Fixes: #624

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>