This updated code-base should be compatible with
Django 3.1 and obviously 3.2 (but not 3.0 or earlier).
Django 3.2 requires Python 3.6+.
With the upgrade to Celery 5, it is safer to recommend
RabbitMQ 3.8.x, since that is what we are using.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
In celery 5, the --workdir argument must come
before the 'worker' subcommand.
Without this, celery cannot load the layerindex
module and this causes the celery container to
continually restart.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
New in Django 3.2
To quiet warnings, set DEFAULT_AUTO_FIELD to the
default value 'django.db.models.AutoField'
NOTE: The default value for newly created Django 3.2
projects is django.db.models.BigAutoField, but
this causes the need for a migration in 'captcha'.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Since we are on a "modern" version of Python in
Debian buster container (3.7) and a modern version
of Django (3.1.x) we should be able to run with
the latest of all dependencies.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
10.2 was based on Ubuntu bionic 18.04,
bumping to 10.3 as it is the first release
on Ubuntu focal 20.04
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
I noticed in the branch comparison plain text view ("Plain text" button
in the Tools -> Branch Comparison page) that in current versions of
Firefox the ellipses were coming through corrupted, though they looked
fine in the HTML version, and it turns out this is because I wasn't
specifying a character set encoding. It should be UTF-8, so add a
charset to the content type stating as such for this and other similar
views.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.microsoft.com>
Removed obsolete references to django.core.urlresolvers. Added the
newly required on_delete parameters to foreign key relationships in
models.py and in all migrations.
(Amber Elliot's 2d526f9b0d served as a
reference for these changes).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.microsoft.com>
If a BBHandledException occurs that means some error was logged, so we
need to handle any pending events so that we can actually have the error
logged. Tinfoil should really be doing this for us but at this stage in
the release we can't really fix this there, so do it here for now.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.microsoft.com>
So with honister / current master we can no longer get away with
bypassing BBLAYERS - it now needs to point to the core layer at
minimum. This is fine, we just need to skip parsing layer.conf if we're
parsing the core layer or we get some extra warnings we don't need.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.microsoft.com>
Added SPDX identifiers to all .py files except those in migrations directory.
Fixes: [YOCTO #13527]
Signed-off-by: Meh Mbeh Ida Delphine <idadelm@gmail.com>
Signed-off-by: Paul Eggleton <bluelightning@bluelightning.org>
The docker/settings.py file also needs the change from
"Changing MIDDLEWARE_CLASSES to MIDDLEWARE."
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Paul Eggleton <bluelightning@bluelightning.org>
Debian 10 "buster" actually has Django 2.2 available
python2 is now EOL, so drop all usage
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Paul Eggleton <bluelightning@bluelightning.org>
Removed all obsolete references to django.core.urlresolvers. Added the
newly required on_delete fields to foreign key relationships in models.py
and in all migrations.
Signed-off-by: Amber Elliot <amber.n.elliot@intel.com>
Signed-off-by: Paul Eggleton <bluelightning@bluelightning.org>
If the database contains task logs that are over the default max packet
size for MariaDB, then attempting to dump the database will fail, but it
won't be immediately obvious that that has happened - the gzipped sql
file will simply be truncated and have an error in it. To fix the
underlying issue, add an option to the example command for database
backup to increase the max packet size to 512MB. (Restoring the database
doesn't seem to suffer the same issue).
In future we should probably look at writing a script to do this and
in it properly check the return of mysqldump so that any problems get
noticed immediately.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
In OE-Core commit 8c9ef587fe499c612a878a1ab42092eb79b334ef an
AVAILABLE_LICENSES variable was added in license.bbclass where its value
is assigned with immediate expansion ( := ) with the result that it
looks in LICENSE_PATH for licenses; in turn LICENSE_PATH refers to
COREBASE. You might assume that COREBASE is always set, and normally it
is (since it's set OE-Core's layer.conf) - but in the layer index
context we do not parse layer.conf until a bit later, so it immediately
fails. The quick way to fix this is just to set our own (correct) value
for COREBASE and then AVAILABLE_LICENSES can be expanded successfully.
You might ask why we don't instead just set BBLAYERS such that we *do*
parse OE-Core's layer.conf - the answer is that that can have other
effects such as BBFILE_COLLECTIONS being set, and at least at the moment
the rest of the code isn't expecting that.
Fixes [YOCTO #13723].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Fixes a vulnerability in the password reset process due to
insufficiently stringent validation of unicode email addresses.
https://www.djangoproject.com/weblog/2019/dec/18/security-releases/https://nvd.nist.gov/vuln/detail/CVE-2019-19844
(The existing version specification would have selected the fixed
version of Django already for new installs, but bumping the minimum
ensures that it will be installed for upgrades with
./dockersetup.py -u as well.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Reloading an existing update task page was taking an extremely long time
to fetch down the task log and then pegging the client CPU such that the
browser gave a warning. Digging into it, logs from a Clear Linux update
task can be of the order of 500MB in size (with all of the line
refreshing using CRs that happens during downloads), causing (a) the
transfer to take a long time and (b) the JS code that updates the log
text box to be extremely busy. If we're loading the entire log from
scratch (as we are when we refresh the page) rather than just getting an
update since the last poll, we don't need any of those line refreshes -
so squash them out before returning the data.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
If a recipe dependency (either static or dynamic) is removed from the
recipe when it is parsed, then we should ensure it gets removed from the
database as well.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Quite a few bugs fixed, as far as I know none that we observed, but good
to have. Details can be found here:
https://github.com/chartjs/Chart.js/releases
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
For debugging email functionality, python's SMTP test server is useful,
so add brief instructions on how to use it for convenience.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
There's a bit of advanced functionality by now in recipe searching, so
add a link that shows a popup with information on how it works.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
When using the layer: advanced query term, if you want to match on
OE-Core, its actual layer name is "openembedded-core", but people will
naturally assume that "oe-core" should work, so make it so (case
insensitive).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Allow filtering only on recipe name - i.e., searching for "git" finds
any recipe with "git" in the name or description. Now, you can search
for "pn:git" which will return only recipes with the name "git".
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Use shlex.split() to split the query string so that quotes can be used
to delimit strings containing spaces to be matched as a whole. This
worked with the previous code, but it did not support single quotes -
these caused an error in Django's filter code and thus an internal
server error (as did querying for ""). Add some additional checks for
single quotes as it is still possible to get them past shlex.split()
e.g. with something like "'hello'" (with quotes).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Fixes the bitbakepath variable not being defined with -x/--nofetch
specified.
(Regression introduced in c91372587bbddd4c595d7202e51a8740b787a06e.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This was added when we brought over a patch from the Clear Linux
Dissector, but here we're not using diff2html here so we shouldn't have
this either.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
The regex we were using here explicitly only matched numeric characters
in version numbers - presumably the assumption was that any non-numeric
characters were not significant. However, for upstream projects such as
OpenSSL and BIND for example, alphabetic characters are an explicit part
of the version number, so if we ignore them then we miss detecting most
of the upgrades. Fix the regex so that that doesn't happen.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Add an extra tool that lets you view all of the recipe dependencies in
a layer. There is also a mode that shows only cross-layer dependencies,
which can be useful to find dependencies on recipes in other layers
that aren't declared in the layer's dependencies (or conversely where a
layer dependency is no longer necessary).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
We have at least one instance where two versions of a recipe were added
at the same time and then later one was deleted - sed. We didn't detect
more than one recipe being added and thus the delete was seen as
removing the recipe entirely, causing the recipe to vanish. Fix the
filter so that we see the other addition and adjust the debug printing
so that we can see what type of deletions are occurring.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Going back in OE-Core recipe upgrade history, we kept GPLv2 and GPLv3
versions of a number of recipes around, so this is the source of quite a
few situations where we had multiple versions of recipes with the same
recipe name around. Add means of grouping upgrades by license so that we
can keep these versions separate in the upgrade history instead of
detecting lots of apparent upgrades and downgrades if they are
intermingled.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
By dumping the recipe upgrade data using the mostly same code as the web
application but in plain text format, this tool gives us an easy way to
compare recipe upgrade history data from multiple runs.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Aligning with recent changes in the layer index proper, handle where PV
is not changing but SRCREV is - typically this happens when PV does not
contain ${SRCPV} - ncurses in OE-Core is one example.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
