Enhance security by limiting read access for /etc/sshd_config to user root as it
may reveal unsecure configurations.
Reading access is limited in the install append as the default value 0644 is
hardcoded in the openssh makefile and is not configurable. Therefore the
permissions are modified in the install append.
(From OE-Core rev: a5c4897585dfcc10fc70feefaeda1bbdf4ea3847)
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Debug builds fail with a panic in build.rs when attempting
to create rpm-sequoia.pc in a non-existent target/debug directory:
process didn't exit successfully: `TOPDIR/tmp/work/core2-32-wrs-linux/rpm-sequoia/1.7.0/build/target/debug/build/rpm-sequoia-d2609670a855c0b5/build-script-build` (exit status: 101)
— stderr
thread 'main' panicked at build.rs:125:36:
Creating "TOPDIR/tmp/work/core2-32-wrs-linux/rpm-sequoia/1.7.0/sources-unpack/git/target/debug/rpm-sequoia.pc" (CARGO_TARGET_DIR: None): Os
{ code: 2, kind: NotFound, message: "No such file or directory" }
This was caused by the build and install logic assuming a fixed release directory
in rpm-sequoia recipe.
Update build and install steps to use the ${BUILD_DIR} variable,
which is set based on the value of DEBUG_BUILD from cargo.bbclass.
(rpm-sequoia inherits cargo)
This ensures paths used for rpm-sequoia.pc generation and installation
are valid in both debug and release configurations.
(From OE-Core rev: 68ff5c458b7eb71171851d3c04660a36602bfee4)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Allow the risc-v TUNE_FEATURES to select specific ISA (kconfig) selections
via config fragments.
This allows the following items to be selected dynamically:
CONFIG_RISCV_ISA_C
CONFIG_RISCV_ISA_F
CONFIG_RISCV_ISA_D
CONFIG_RISCV_ISA_ZBB
CONFIG_RISCV_ISA_A
CONFIG_RISCV_ISA_ZICBOM
(From OE-Core rev: 8322bb3c894bc030ef37d807fb87dd9df5df1444)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a multiconfig recipe is passed to devtool, find the correct workspace
name by removing the multiconfig prefix
(From OE-Core rev: f7f20dee694630d7944dc7620a5ec40db7477301)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
externalsrc_configure_prefunc assumed that the .git directory is
${S}/.git. This isn't true for submodules at least.
srctree_hash_files already contained code to ask Git for the correct
path to the .git directory. Let's move that code to a new find_git_dir
function and call it from both places and make the behaviour consistent.
(From OE-Core rev: 9ee8e74b29b742458b75e187e1338d607d91d14c)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=============
- Fix a bug that local file package metadata was missing when reading the lockfile.
- Extract dependency-groups and extras markers from marker value when parsing pylock.toml.
(From OE-Core rev: 86f6705a5706d44d25b77333fe71d9b9ba3d7fca)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
============
- Fix codecs deprecation in Python 3.14.
- Fix issue with unclosed comment parsing in Python 3.14.
- Fix issue with unclosed declarations in Python 3.14.
- Fix issue with unclosed HTML tag < foo and Python 3.14.
- Ensure incomplete markup declaration in raw HTML doesn't crash parser (#1534).
- Fixed dropped content in md_in_html (#1526).
- Fixed HTML handling corner case that prevented some content from not being rendered
(From OE-Core rev: c8f08eb8d9d811c98e904b4fdaeaf9dd4c66613d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
- fontconfig: Improve the add_font_file implementation
- fontconfig: Combine font features and style variants
- fontconfig: Make sure font faces stay alive
- win32: Drop some caching
- win32: Make sure font faces stay alive
- win32: Modernize and simplify the code
- win32: Stop synthesizing fonts
- win32: Implement list models
- coretext: Support synthetic small caps
- layout: Avoid assertions in line breaking
- build: Require GLib 2.82
(From OE-Core rev: 5dabaea2b177449fe009c432fbd88a595c66d748)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Added SIMD-optimized code for the RISC-V Vector Extension (RVV).
- Added various fixes and improvements to the build scripts and to
the sample code.
(From OE-Core rev: a866653697c70b1fb698dc4cea0667f7432a1bbd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-meson.build-correct-check-for-existence-of-two-prepr.patch
removed since it's included in 1.7.1
Changelog:
===============
* pam_access: do not resolve ttys or display variables as hostnames.
* pam_access: added "nodns" option to disallow resolving of tokens as hostnames
(CVE-2024-10963).
* pam_limits: added support for rttime (RLIMIT_RTTIME).
* pam_namespace: fixed potential privilege escalation (CVE-2025-6020).
* meson: added support of elogind as a logind provider.
* Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
(From OE-Core rev: ff513527a73ca97aebcced7c82f0beed2e79ad15)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
testexport.tar.gz is image specific. Thus add same image name
suffix to the tar ball name. For example genericarm64 machine
core-image-minimal image tar ball changes name from
testexport.tar.gz to testexport-core-image-minimal-genericarm64.tar.gz
This way testexport from multiple images can exists in the same
directory.
(From OE-Core rev: e9c0abb10f11974e72f8ac6ba57fb9e351057b82)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
testexport.bbclass only copied files from core layer to
the testexport.tar.gz to run tests. Then it filtered
out tests and files which were not specified in
TEST_SUITES variable.
Remove filtering of files to include parselogs.py
test data files which are machine and/or layer specific.
TEST_SUITES variable is now read from build time exported
data store when running tests so there is no need to remove
files from exported tests in testexport.bbclass.
Adapt oe-test script to find "lib" directories from
the new structure with layer specific paths which are
used to find tests and test data files.
(From OE-Core rev: 260db92c35fbabcd54fe543256eee836ffeb73f0)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If build target has set TEST_SUITES, then that should
be the default test modules to execute. Fixes testexport.bbclass
to run same tests as testimage.bbclass which already
uses TEST_SUITES.
(From OE-Core rev: b5a20d65a0d6b3a1f2d2ac53e009dfee970d9629)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Test if /boot is previously mounted on the OLDROOT and move it
into NEWROOT (ro).
(From OE-Core rev: 4c930500814dbec735e7958aaaf0593ae0119622)
Signed-off-by: Anibal Limon <anibal@limonsoftware.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some license were part of the linux-firmware but were not added to the
recipe, so adding those missing license
(From OE-Core rev: a33e384b0574e27025851c84be7a1d4e666821d8)
Signed-off-by: Vivek Puar <vpuar@qti.qualcomm.com>
Cc: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Due to the recent changes to how the toolchain variables are initialized
via inherit_defer, it is no longer possible to add to CC using the +=
operator. Instead, CC:append needs to be used.
(From OE-Core rev: 13c13440ea64a6f5f7ee3727157758817c96c73a)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Curerntly, recipes to parse are split into equal groups and passed to
each parse thread at the start of parsing. We can replace this with
a queue and collect a new job as each parsing process becomes idle
to better spread load in the case of slow parsing jobs.
Some of the data we need has to be passed in at fork time since it
can't be pickled, so the job to parse is only referenced as an index
in that list.
This should better spread load for slow to parse recipes such as those
with many class extensions.
(Bitbake rev: 1bcc12929de4cea9f85ad6283174cf5a08f09cbb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We sometimes see hangs in parsing during automated testing. It appears that
SIGINT was sent to the underlying processes which see KeyboardInterrupt but
they're stuck trying to write into the results pipe. The SIGINT was probably
from some kind of parsing failure which doens't happen often, hence the hang
being rare (in the incompatible license selftests from OE).
This patch:
* sets a flag to indicate exit upon SIGINT so the exit is more graceful
and a defined exit path
* empties the results queue after we send the quit event
* empties the results queue after the SIGINT for good measure
* increases the 0.5s timeout to 2s since we now have some very slow to
parse recipes due to class extensions (ptests)
This should hopefully make the parsing failure codepaths more robust.
(Bitbake rev: 5b533370595f83b87e480bace3e0b42c9ba61e22)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
While search queries already handled words with hyphens correctly, they
did not do so for words with dots.
To fix this, we
- enhance the word tokenizer to treat both dots ('.') and hyphens ('-')
as valid characters within words.
(For robustness, explicitly exclude dots/hyphens at the start or end
of a word from indexing.)
- adjust query processing to avoid splitting on dots in search input
This allows search queries to correctly match terms such as
'local.conf', 'site.conf', and similar ones now.
Fixes: [YOCTO #14534]
(From yocto-docs rev: 80084a4cabdf7f61c7e93eda8ddbd5bc7d54e041)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace 'git branch -al' with 'git branch -a' to correctly show both
local and remote branches. The '-l' option is unnecessary and may cause
confusion.
(From yocto-docs rev: 46aa3bb398c50af0f29acd2c1a05ee232d0de5b9)
Signed-off-by: Bo Sun <bo@mboxify.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the meta-intel BSP layer reference to point to README.md
instead of README, reflecting the actual file name in the repository.
(From yocto-docs rev: 32eb132ad69a0722e0075404f809bfe9df06adee)
Signed-off-by: Bo Sun <bo@mboxify.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add documentation for the new recipe-naming recipe QA test.
(From yocto-docs rev: 8f9ad9681c18412e9eedc014e686b1b72e458687)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
use TOOLCHAIN_NATIVE variable for selecting native compiler
Default it to PREFERRED_TOOLCHAIN_NATIVE, a recipe which wants
to enforce a toolchain can do so with
for cross toolchains ( e.g. target, nativesdk )
TOOLCHAIN = "gcc"
For native
TOOLCHAIN_NATIVE = "gcc"
This helps build native recipe with clang as native compiler.
(From OE-Core rev: 546baa210acacff5dde6ce55e9842b90277bc9a8)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
compiler-rt configure calls for c++ compiler which can cause C++ runtime to
not be detected on some Yocto autobuilder workers running ubuntu 24.04
therefore let it use gcc for native version
Set TOOLCHAIN_NATIVE for using clang for libcxx
(From OE-Core rev: d54512c1c0a98516077b77d5414af47d8c2b8c39)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If recipe inherits bbclass kernelsrc to use kernel sources,
the recipe should explicitly set ${KERNEL_VERSION} to ${PKGV}
in task do_package, otherwise package version (${PV} is usually
default 1.0) is not consistent with kernel source.
For example, there are 5 recipes in meta-openembedded to inherit
kernelsrc, but 4 recipes explicitly set PKGV.
meta-openembedded$ grep -e "setVar(.*PKGV.*KERNEL_VERSION" -e kernelsrc -rn *
meta-oe/recipes-kernel/intel-speed-select/intel-speed-select.bb:9:inherit kernelsrc
meta-oe/recipes-kernel/bpftool/bpftool.bb:8:inherit bash-completion kernelsrc kernel-arch
meta-oe/recipes-kernel/bpftool/bpftool.bb:44: d.setVar('PKGV', d.getVar("KERNEL_VERSION").split("-")[0])
meta-oe/recipes-kernel/cpupower/cpupower.bb:8:inherit kernelsrc kernel-arch bash-completion
meta-oe/recipes-kernel/cpupower/cpupower.bb:32: d.setVar('PKGV', d.getVar("KERNEL_VERSION").split("-")[0])
meta-oe/recipes-kernel/turbostat/turbostat.bb:98: d.setVar('PKGV', d.getVar("KERNEL_VERSION").split("-")[0])
meta-oe/recipes-kernel/usbip-tools/usbip-tools.bb:25:inherit kernelsrc autotools-brokensep
meta-oe/recipes-kernel/usbip-tools/usbip-tools.bb:68: d.setVar('PKGV', d.getVar("KERNEL_VERSION").split("-")[0])
meta-oe/recipes-kernel/spidev-test/spidev-test.bb:7:inherit bash-completion kernelsrc kernel-arch
meta-oe/recipes-kernel/spidev-test/spidev-test.bb:26: d.setVar('PKGV', d.getVar("KERNEL_VERSION").split("-")[0])
This commit clean up the setting of PKGV, move it to kernelsrc.bbclass
for common use, the recipe (such as intel-speed-select) that inherited
kernelsrc will not be required to explicitly set ${PKGV} with
${KERNEL_VERSION}
(From OE-Core rev: 77a93e8cf1da4231341c56f64f9d4d474f9f2bb7)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The package version of kernel-devsrc is 1.0 which is not consistent
with kernel source
$ bitbake kernel-devsrc
$ ls tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-*
tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-1.0-r0.qemux86_64.rpm
tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-dbg-1.0-r0.qemux86_64.rpm
tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-dev-1.0-r0.qemux86_64.rpm
After commit [kernelsrc.bbclass/perf: make package version consistent
with kernel source] applied, it moved the setting of PKGV to
kernelsrc.bbclass for common use. And bbclass kernelsrc has already
inherited linux-kernel-base, this commit uses bbclass kernelsrc to
instead of linux-kernel-base, and remove duplicated settings.
After applying this commit:
$ ls tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-*
tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-6.12.31-r0.qemux86_64.rpm
tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-dbg-6.12.31-r0.qemux86_64.rpm
tmp/work/qemux86_64-poky-linux/kernel-devsrc/1.0/deploy-rpms/qemux86_64/kernel-devsrc-dev-6.12.31-r0.qemux86_64.rpm
(From OE-Core rev: ceff363630ac0397c40be4a5ce54a6c20f901c40)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
