Not much of an update, but we pickup the latest compatibility
restrictions:
Bumping docker-distribution to version v2.7.1-32-g61e7e208, which comprises the following commits:
d836b23f [release/2.7] update to go1.16
cc341b01 Added flag for user configurable cipher suites
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
With oe-core commit c23f9e80492e4b [tcmode-default: use
go-binary-native by default], we must explictly call the proper
cross go binary, versus just the go-native variant.
These builds were working by luck, since the go compiler was capable
of building the target binaries previously (in its build-from-source
creation). We fixup the calls and we no longer see fpu build issues:
fatal error: gnu/stubs-soft.h: No such file or directory
7 | # include <gnu/stubs-soft.h>
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
after commit https://git.openembedded.org/openembedded-core/
commit/meta/classes/ptest.bbclass?id=b47194b57d94260b4e6438c5bf74914027f0b520
package ${PN}-ptest will depend on ${PN} by default,
but for docker-distribution, ${PN} is empty package, remove it from dependency
to avoid image do rootfs failure since nothing provides error.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: ELF binary
'work/aarch64-poky-linux/docker-distribution/v2.6.2-r0/packages-split/
docker-registry/usr/sbin/registry' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker-distribution = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker-distribution = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
when bitbake lib32-docker-distribution, we might met below
warning:
lib32-docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: No GNU_HASH
in the elf binary: 'work/core2-32-wrsmllib32-linux/lib32-docker-distribution
/v2.6.2-r0/packages-split/lib32-docker-registry/usr/sbin/registry' [ldflags]
which caused by "INSANE_SKIP_docker-registry += "ldflags already-stripped"
don't cover case for multilib, so add multilib prefix MLPREFIX
to fix it.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We want to build in ${S}, so we now require an explicit cd ${S}
to avoid landing in the build directory.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Continue work to use go infra in oe-core instead of the support for go
previously found in meta-virt. This is a 1:1 drop in replacement and
removes one more go piece from meta-virt in favor of the common
support found in oe-core.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rather than expliciting depending on go-cross-${TARGET_ARCH}, we
can now simply inherit the oe-core go bbclass. This gets us the
correct go dependencies and other variables properly set.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Follow the bouncing docker-registry package. Rather than use the docker hub
registry container, we can have finer grained control if we clone and build
the docker-distribution repository directly.
Since this is distinct from the main docker package/codebase, we break the
registry back out into its own package.
We also create a baseline configuration and .service file that can be the
basis for more complex implementations.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
