Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

This is required by meta-openharmony layer.

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

This is required by meta-openharmony layer.

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

* d0a0285 : kernel-initramfs: fix typo for ALTERNATIVE - Yi Zhao

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* db6e0ed : arm/oeqa: Use linuxboot and OEFVPSerialTarget instead of noop - Peter Hoyes
* 72a3dfa : arm/oeqa: Create new OEFVPSerialTarget with pexpect interface - Peter Hoyes
* 3ead3aa : arm/classes: Change FVP_CONSOLE to FVP_CONSOLES in fvpconf - Peter Hoyes
* ae48e65 : arm/oeqa: Refactor OEFVPTarget to use FVPRunner and pexpect - Peter Hoyes
* fb794c8 : arm/oeqa: Add selftests for FVP library - Peter Hoyes
* d2685ae : scripts,arm/lib: Refactor runfvp into FVPRunner - Peter Hoyes
* 528d28f : runfvp: ignore setpgid errors when spawned - Bertrand Marquis

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* e3e5687 : Merge pull request #1137 from Freescale/backport-1133-to-kirkstone - Otavio Salvador
* 033a380 : weston: 9.0.0.imx: fix build with latest master - Max Krummenacher
* 2b07a82 : Merge pull request #1136 from Freescale/backport-1134-to-kirkstone - Otavio Salvador
* 5ae86e7 : remove random file - Max Krummenacher
* cdd3880 : Merge pull request #1135 from Freescale/backport-1132-to-kirkstone - Otavio Salvador
* 54e519e : Revert "imx-base.inc: upgrade to gstreamer 1.20.2" - Max Krummenacher
* f2253aa : Merge pull request #1131 from Freescale/backport-1130-to-kirkstone - Otavio Salvador
* 05e0dbe : imx-base.inc: Use ??= for PREFERRED_VERSION - Tom Hochstein

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* fb7b26b : fix(syslog-ng): warning about conf version - Aurélien Bertron
* 1cd38ee : strongswan: upgrade 5.9.5 -> 5.9.6 - Yi Zhao
* e4c5f5b : postgresql: upgrade 14.3 -> 14.4 - wangmy
* 6ff027e : exo: upgrade 4.16.3 -> 4.16.4 - Yue Tao
* 7040cff : networkmanager: fix build with enabled ppp - Javier Viguera
* d7aaee2 : chrony: create /var/lib/chrony by systemd-tmpfiles - Changqing Li
* 3d47772 : dnsmasq: Security fix CVE-2022-0934 - Yi Zhao
* 18767f1 : libgpiod: move test dependencies to ptest package - Peter Marko
* 16621ac : python3-pybluez: fix a runtime issue with python 3.10 - Bartosz Golaszewski
* 9c3976a : iperf: Set CVE_PRODUCT to "iperf_project:iperf" - Akash Hadke
* fad4c40 : ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g" - Akash Hadke
* 3a019f2 : tesseract-lang: switch from master branch to main - Martin Jansa
* 14023da : netserver: don't change permissions on /dev/null - Ashish Sharma
* caab54d : leveldb: switch from master branch to main - Martin Jansa

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

For now, it only handles the depndency to ninja-native and handling the
export of the MAXLOAD_NINJA variable.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

We provide recipes that other projects/layers do as well (for example gn
is also provided by meta-arm). Make sure that our layer has a higher
priority when most of the upstream layers use the default 5.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

oe-core recommends openssh-sftp-server since [1] this causes conflict
between openssh and dropbear when -tests image is building.
This happens because openssh-ptest is pulled in as complementary package
of openssh-sftp-server
Adding openssh to PACKAGE_EXCLUDE_COMPLEMENTARY excluded openssh from
the list. As a downside of this openssh-ptest,  -dev or -dbg packages
will not be installed using install_complementary and have to be
installed manually (IMAGE_INSTALL:append or similar).
Proper fix should go to oe-core (use -O flag to switch back to old scp
protocol if newer openssh server is used) however it's not clear if
openssh will keep this feature.

Upstream-Bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14858

Fixes:
Error:
 Problem: problem with installed package dropbear-2020.81-r0.cortexa53_crypto
  - package dropbear-2020.81-r0.cortexa53_crypto conflicts with openssh provided by openssh-8.9p1-r0.cortexa53_crypto
  - package openssh-8.9p1-r0.cortexa53_crypto conflicts with dropbear provided by dropbear-2020.81-r0.cortexa53_crypto
  - package openssh-ptest-8.9p1-r0.cortexa53_crypto requires openssh, but none of the providers can be installed
  - conflicting requests
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)

[1] https://git.openembedded.org/openembedded-core/commit/?id=a98188e83b2c027d99cc38e3367e1ec2a98efbb0



Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 24ec778 : Merge pull request #1128 from Freescale/backport-1127-to-kirkstone - Otavio Salvador
* f1a3d00 : imx-boot: Use public key injected DTB when FIT signature is enabled - Loic Poulain
* 270f0f6 : Merge pull request #1125 from Freescale/backport-1124-to-kirkstone - Otavio Salvador
* 79b65da : firmware-imx: create symbolic links for CODA VPU firmwares - Ming Liu
* 5b45301 : Merge pull request #1123 from Freescale/backport-1122-to-kirkstone - Otavio Salvador
* 4b6cb47 : imx-base.inc: upgrade to gstreamer 1.20.2 - Daiane Angolini
* 85fd006 : Merge pull request #1120 from Freescale/backport-1119-to-kirkstone - Otavio Salvador
* 7f6d0c0 : isp-imx: fix source and build directories - Luca Ceresoli
* 418a52c : Merge pull request #1118 from Freescale/backport-1117-to-kirkstone - Otavio Salvador
* ec2b487 : vf: follow SoC override changes also for vybrid - Max Krummenacher
* 515ec30 : Merge pull request #1116 from Freescale/backport-1114-to-kirkstone - Otavio Salvador
* 8ffdd58 : Update xorg.conf - Wouter Vanhauwaert
* 47bc547 : recipes-kernel: drop lzop kernel compression - Andrey Zhizhikin
* 59fd90d : linux-fslc-imx: update to v5.15.48 - Andrey Zhizhikin
* 8306ac7 : linux-fslc-lts: update to v5.15.48 - Andrey Zhizhikin
* ceed4bf : linux-fslc: update to v5.18.5 - Andrey Zhizhikin
* 25f3697 : linux-fslc-imx: update to v5.15.47 - Andrey Zhizhikin
* 94568f0 : linux-fslc-lts: update to v5.15.47 - Andrey Zhizhikin
* d8d616b : linux-fslc: update to v5.18.4 - Andrey Zhizhikin
* a94debb : dynamic-layers: add meta-arm to provide upstream TF-A - Andrey Zhizhikin
* 546a884 : recipes-bsp: drop custom deploy location for TF-A binary - Andrey Zhizhikin
* 9c62ef8 : layer-wide: define configurable default TF-A provider - Andrey Zhizhikin
* bdead7c : linux-fslc-imx: update to v5.15.46 - Andrey Zhizhikin
* a3fc2c6 : linux-fslc-lts: update to v5.15.46 - Andrey Zhizhikin
* 351545f : linux-fslc: update to v5.18.3 - Andrey Zhizhikin
* 3142822 : kernel-itbimage: delete this bbclass - Thomas Perrot
* 5d6c2ba : imx-base.inc: Set virtual/opencl-icd provider for i.MX - Tom Hochstein
* 092de7a : linux-fslc-imx: update to v5.15.45 - Andrey Zhizhikin
* 93b4349 : linux-fslc-lts: update to v5.15.45 - Andrey Zhizhikin
* 56c9cd3 : linux-fslc: update to v5.18.2 - Andrey Zhizhikin
* c5736e5 : alsa-lib: drop not applying patch - Max Krummenacher
* 52306c4 : linux-fslc-imx: upgrade to lf-5.15.5-1.0.0 from NXP - Andrey Zhizhikin
* da3807a : linux-fslc-lts: re-sync configs with upstream - Andrey Zhizhikin
* 96ee3d0 : linux-fslc-lts: upgrade to 5.15.x+fslc - Andrey Zhizhikin
* b8ad321 : linux-fslc: drop config option not present in upstream - Andrey Zhizhikin
* 745f6c8 : linux-fslc: re-sync configs with upstream - Andrey Zhizhikin
* 99a93c4 : linux-fslc: upgrade to 5.18.x+fslc - Andrey Zhizhikin
* 2c1ff19 : kernel-module-nxp89xx: fix compatible machine override - Ricardo Salveti
* 84da967 : rcw: Use SPDX-style license - sean-anderson-seco
* 3c64e4a : optee-test: Rework the OPTEE_ARCH logic - Tom Hochstein
* 78a38a7 : optee-os: Simplify OPTEE_ARCH assignment for 32-bit - Tom Hochstein
* 3b4476e : kernel-module-isp-vvcam: fix error found by gcc 12 - Max Krummenacher
* 2b18c77 : imx-atf: fix patch applying - Thomas Perrot
* 5fe3067 : imx-atf: Suppress array-bounds error - Tom Hochstein
* 6752c74 : machines: follow kernel deployment changes - Max Krummenacher
* d5ced4c : Merge pull request #1111 from Freescale/backport-1110-to-kirkstone - Otavio Salvador
* fb8f6dd : mfgtool-initramfs-image: Fix override of IMAGE_FSTYPES - Tom Hochstein
* ce8de11 : Merge pull request #1108 from Freescale/backport-1104-to-kirkstone - Otavio Salvador
* 2a248ce : classes: IMAGE_FSTYPES as weak variable in mfgtool-initramfs-image - Walter Bonetti

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* ef3aa30 : linux-intel-rt/5.15: update to v5.15.43 - Naveen Saini
* 21bfed2 : linux-intel/5.15: update to v5.15.43 - Naveen Saini
* 8f771fa : intel-compute-runtime: upgrade 22.11.22682 -> 22.22.23355 - Anuj Mittal
* 26d268b : intel-graphics-compiler: upgrade 1.0.10395 -> 1.0.11279 - Anuj Mittal
* 6702aec : linux-intel-rt/5.10: update to v5.10.115 - Naveen Saini
* e8acb82 : linux-intel/5.10: update to v5.10.115 - Naveen Saini

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 4667abc : dropbear: break dependency on base package for -dev package - Steve Sakoman
* f90647e : openssh: break dependency on base package for -dev package - Steve Sakoman
* d6344cc : oe-selftest-image: Ensure the image has sftp as well as dropbear - Richard Purdie
* e2dfd3b : packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation - Richard Purdie
* a7ae2ad : oeqa/runtime/scp: Disable scp test for dropbear - Richard Purdie
* 7a8d374 : curl: backport openssl fix CN check error code - Jose Quaresma
* 1a6396c : glibc-tests: not clear BBCLASSEXTEND - Kai Kang
* 5a1fd88 : recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG - Thomas Roos
* dc17985 : rust: fix issue building cross-canadian tools for aarch64 on x86_64 - Peter Bergin
* e52deac : at: take tarballs from debian - Alexander Kanavin
* aa1c109 : coreutils: Tweak packaging variable names for coreutils-dev - Richard Purdie
* fb9e455 : base.bbclass: Correct the test for obsolete license exceptions - Peter Kjellerstedt
* 53eca71 : oeqa/sdk: drop the nativesdk-python 2.x test - Alexander Kanavin
* a9debe6 : sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity - David Bagonyi
* 3aaf970 : insane.bbclass: host-user-contaminated: Correct per package home path - Ahmed Hossam
* 3f8a49c : kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set - Raju Kumar Pothuraju
* 70d4a09 : perf: sort-pmuevents: really keep array terminators - Lucas Stach
* 772c9f6 : wic: fix WicError message - Martin Jansa
* 58804e0 : libffi: fix native build being not portable - Maxime Roussin-Bélanger
* 0a3ebc5 : initramfs-framework: move storage mounts to actual rootfs - Muhammad Hamza
* e5b4873 : openssl: Upgrade 3.0.3 -> 3.0.4 - Richard Purdie
* a290032 : vim: 8.2.5083 -> 9.0.0005 - Richard Purdie
* 681df7c : wireless-regdb: upgrade 2022.04.08 -> 2022.06.06 - Alexander Kanavin
* 6f9c806 : cve-check: hook cleanup to the BuildCompleted event, not CookerExit - Ross Burton
* 94fad58 : cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) - Richard Purdie
* aacc109 : busybox: fix CVE-2022-30065 - Ross Burton
* 8eb224d : cups: ignore CVE-2022-26691 - Ross Burton
* 4bc6bb3 : binutils : CVE-2019-1010204 - Pgowda
* 645a619 : ghostscript: fix CVE-2022-2085 - Lee Chee Yang
* 6a277ba : unzip: Port debian fixes for two CVEs - Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Add missing INHERITs to Linux jobs. Now all
Linux images in CI run "create-spdx.bbclass" correctly.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

The parent of all zephyr jobs is now unified to enable easier
extensibility later on.
Update documentation.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

The rootfs size is no more affected by the debug mode, the reverted
commit has no purpose now.

This reverts commit 7a5149bc.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Enabling debug mode is not the ideal solution for running
tests because it's responsible for enlarging the rootfs size and causing
tests to fail. More detail reported in #673.

This reverts commit 3ddebb37.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

oniro-image-base-tests and oniro-image-extra-tests needs
an empty root password to correctly run their tests, this
is enabled by debug-tweaks.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Use the Yocto class to generate SBOM. Activate on Linux only,
there is a pending issue on Zephyr [1]

[1] https://lists.openembedded.org/g/openembedded-core/message/167450



Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Apache-2.0 licensed patches can't be applied to (L)GPL 2.x code
without legal issues.
These patches should have been under the same license as the
upstream project in the first place.

Thanks to shoragan for spotting this.

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

* ci: work around zephyr test issues : Jon Mason
* arm-bsp/fvp-baser-aemv8r64: Use secure hypervisor physical timer in EL2 : Jiamei Xie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* .github: workflows: meta-rauc: pin to kirkstone : Enrico Jorns
* rauc: move 'streaming' PACKAGECONFIG option to common includes : Enrico Jorns

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* build-appliance-image: Update to kirkstone head revision : Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Building the base test image with debug mode enabled returns the below
error.

```
ERROR: File system image of partition / is larger (2269180 kB) than its
allowed size 2097152 kB.
```

Increasing rootfs size to 2500M solves the issue.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

LAVA needs a writable directory to deploy test cases, and many test
cases only work with root user.

The debug mode can be disabled by overwriting the
CI_ONIRO_BB_LOCAL_CONF_plus_equals_INHERIT variable at build job level.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Make the report generation more customizable. Apart from the CSV report,
add also a summary report including the number of CVEs in each package.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Marta Rybczynska authored 2 years ago and Pavel Zhukov committed 2 years ago

cve-diff analyses JSON CVE outputs of two builds and shows
the difference between the two. The initial version handles:
added/removed packages and CVEs.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

meta-secure-core provides security features like UEFI secure boot,
key store, TPM, IMA and more. It is also a dependency for the LEDGE
work. This revision supports kirkstone.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Signed-off-by: Chase Qi <chase.qi@linaro.org>

When the callback not dispatchered correctly, the record can be helpful
for debugging in squad.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Given test scope for new MRs is not defined yet and we only have one
rpi4, b68 and c61 in the warsaw lab which are occupied mostly by daily
scheduled pipeline, starting with boot and smoke tests on qemu devices
should be a good starting point for per MR testing.

Jobs that extend `.lava-test` will be added to MR's pipeline and
schedueld pipeline.

`.lava-test-scheduled` extends `.lava-test` with new scheduled pipeline
only rule. Long run jobs like ltp should extends the job so that they
wouldn't prevent MRs from merging.

Solves #486.

Signed-off-by: Chase Qi <chase.qi@linaro.org>

Unqualified jobs, which rely on the default compiler, are gone.
Qualified jobs explicitly configure either clang or gcc and use the
appropriate suffix. Qualified jobs have needs/depends set to empty to
both avoid waiting for previous stages to start and to avoid pulling in
artifacts from the previous stage.

Qualified jobs inhabit two new lanes: build-gcc and build-clang, to
visually break the already long column of "build" jobs.

Job ordering within a lane is not exactly matching, gcc-clang. This is
noticeable with the jobs using the "extra" suffix. The reason for this
is unclear.

Some jobs are marked as broken as they do not build with clang. Allow
them to fail and make them start manually until more patches arrive.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>