The EF infrastructure (GitLab) doesn't support image registry. This
moves the CI logic of building and deploying all the container images to
the OSTC instance while EF catches up[1].

[1] eclipsefdn/helpdesk#1108



Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

The new revision does offer more Thread 1.2 features we are starting to
use now. One patch got obsolete and the number of third_party modules
was reduced (and with it the number of license files and licenses).

An additional fix is needed for the systemd unit file to start.

Fixes: eclipse/oniro-core/oniro#38



Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

drop mbedtls patch because mbedtls has been updated to v2.28.0 in oe-core

-Wformat-truncation level has been reduces upstream so this patch is not necessary anymore: 
https://github.com/Mbed-TLS/mbedtls/commit/2065a8d8af27c6cb1e40c9462b5933336dca7434



Signed-off-by: Francesco Pham <francesco.pham@huawei.com>

This patch implements the YAML output for CVE-check and re-implements
the coverage pass using this format (also simplifies the logic).

Add an option to output the CVE check in a JSON-based format.
This format is easier to parse in software than the original
text-based one and allows post-processing by other tools.

Output formats are now handed by CVE_CHECK_FORMAT_TEXT and
CVE_CHECK_FORMAT_JSON. Both of them are enabled by default.

The JSON output format gets generated in a similar way to the
text format with the exception of the manifest: appending to
JSON arrays requires parsing the file. Because of that we
first write JSON fragments and then assemble them in one pass
at the end.

Until now the CVE checker was giving information about CVEs found for
a product (or more products) contained in a recipe. However, there was
no easy way to find out which products or recipes have no CVEs. Having
no reported CVEs might mean there are simply none, but can also mean
a product name (CPE) mismatch.

This patch adds CVE_CHECK_COVERAGE option enabling a new type of
statistics. Then we use the new JSON format to report the information.
The legacy text mode report does not contain it.

This option is expected to help with an identification of recipes with
mismatched CPEs, issues in the database and more.

This work is based on [1], but adding the JSON format makes it easier
to implement, without additional result files.

[1] https://lists.openembedded.org/g/openembedded-core/message/159873

This is a backported version of two patches submitted upstream:
https://lists.openembedded.org/g/openembedded-core/message/163745 and
https://lists.openembedded.org/g/openembedded-core/message/163746



The difference is that we bring back the yaml merge function that is
in the lib/ directory in the upstream proposal.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Update the class to OE-core 6002bdc77643c363a8326bf163baecba8b36e3e0.

This includes:
- inclusive language changes
- the rework of the database lock

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

This avoids warnings like:

warning: redirecting to
https://gitlab.eclipse.org/eclipse/oniro-core/oniro.git/



Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Version 0.28 will come with these patches merged in. This will happen as
soon as the relevant upstream merge gets in[1].

[1] meta-zephyr!1



Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Davide Gardenal authored 3 years ago and Andrei Gherzan committed 3 years ago

Original upstream commit:
https://git.openembedded.org/openembedded-core/commit/?id=9829c16301bf2dce39fa046401a984f112fa0322



Add directory creation to be sure the destination directory exists
before performing the file copy.
FileNotFoundError occurs when running CI, caused by the fact that
the destination directory doen't exists.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

Adding the currently available Matter example for Linux. This will give
us more test applications. Before we upstream this we would need to
decide if we want to split these off into a dedicated package.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

Yet another upstream rebase. We also raised this with them and they will
start using merges. Hopefully this is the last one to fix.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Zygmunt Krynicki authored 3 years ago and Andrei Gherzan committed 3 years ago

This saves half of the space used by compressed disk artifacts.

I ran into the issue when creating grubenv recovery logic. To my surprise
the execution flow ended up in the case where both slots are available
and timestamp on the kernel is used to break the tie.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>

The revision is not only for pinned SHAs. It can also use branches -
which are updated accordingly by repo. Drop the comments which assume
that revision is only for pinned versions.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Zygmunt Krynicki authored 3 years ago and Andrei Gherzan committed 3 years ago

As defined on https://booting.oniroproject.org/distro/infra/



Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>

Zygmunt Krynicki authored 3 years ago and Andrei Gherzan committed 3 years ago

Historically the DCO check was routed to a dedicated but slow machine
that guaranteed that no CI would be stuck waiting on the miniscule
compliance job.

With the Eclipse migration and CI/CD being slightly out of our control,
it's just more convenient to drop this tag rather than request
configuration change in the instance.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>

Zygmunt Krynicki authored 3 years ago and Andrei Gherzan committed 3 years ago

Historically the REUSE check was routed to a dedicated but slow machine
that guaranteed that no CI would be stuck waiting on the miniscule
compliance job.

With the Eclipse migration and CI/CD being slightly out of our control,
it's just more convenient to drop this tag rather than request
configuration change in the instance.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@huawei.com>

This is now the currently main development branch.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The repository holding the repo manifests is now under Eclipse
infrastructure.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Template has been taken from old gitlab instance.

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
(cherry picked from commit d79daf1c)

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Make sure we explicitly set up the WKS file for both C61 targets
after the target rename.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Update the names used for C61 targets, there are now two instead
of one before.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

C61 build has been split up from the target MACHINE=seco-imx8mm-c61 to
two targets, MACHINE=seco-imx8mm-c61-2gb and MACHINE=seco-imx8mm-c61-4gb,
depending on the memory on the card. Reflect that in the build
instructions.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Move compiler security options from only linux to all kernels

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>

It is obviously convenient to be able to provide an SDK with GN support, for a
one-stop solution to offering projects such as OpenHarmony with a replacement
toolchain.

Signed-off-by: Esben Haabendal <esben.haabendal@huawei.com>

Fix go hardcoding glibc's dynamic linker location into musl binaries

Signed-off-by: Bernhard Rosenkränzer <bernhard.rosenkraenzer.ext@huawei.com>

The Raspberry Pi upstream kernel tree has been rebased and the git
revision referenced to fetch has disappeared. After the update in
meta-raspberrypi to a working revision we can now bump and fix fetch
problems in Oniro.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

With OpenHarmony and Matter we have two projects using GN as their build
system. To support the gn.bbclass we have in Oniro we need a gn-native
recipe as well to support building these projects.

While progress is being made to upstream gn-native to meta-oe we keep a
copy here to have a working build. The alternative would be to add two
extra layers to our build for just one recipe.

This file need to be removed once upstreamed into meta-oe.

The original source of this file is here:
https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-devtools/gn/gn_git.bb



Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

Robert Drab authored 3 years ago and Stefan Schmidt committed 3 years ago

Recipe for the Matter networking protocol (formerly known as CHIP). This
project has more the form of a vendor SDK with support for many bare
metal SDK's as well as various operating systems.

This recipe does focus on the Linux build and configures the project to
disable all extra third_party git submodules (we only use 6 out of 48).
Matter uses the GN meta build system, therefore using gn.bbclass as a base
for the recipe. gn.bbclass requires patching BUILDCONFIG.gn file to set default
toolchain and add compiler/linker flags to the yocto-provided ones.

Mbedtls version integrated in Matter doesn't compile cleanly with GCC
v11. It is not required by currently used Linux target but in case it's needed
version provided by the Yocto build system shall be used instead of this
integrated one and therefore disabling building of the mbedtls completely.

Signed-off-by: Robert Drab <robert.drab@huawei.com>
Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>

This bump fixes the layer with the new restructuring of the override
system in meta-freescale.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

sysota is a go project using go modules. Due to how this support is
currently implemented in the core, the recipe will download the
dependent go packages during compile.

On the other hand, lately, the core also defaulted to a restricted
network environment in the compile task breaking (but for good reasons)
the compilation of sysota. This situation was done as a forcing function
for the community to react and improve the current implementation of go
mods in the core. For now, we workaround it as this doesn't change the
current limitations/behaviour while we investigate better options in the
core.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>