All qemu machines have ext4 in IMAGE_FSTYPES which makes
native mkfs.ext4 available at wic image build time.
genericarm64 defaults to only wic in IMAGE_FSTYPES
and this test was failing:
| DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing python function set_image_size
| DEBUG: 148548.400000 = 114268 * 1.300000
| DEBUG: 652644.400000 = max(148548.400000, 8192)[148548.400000] + 504096
| DEBUG: 652645.000000 = int(652644.400000)
| DEBUG: 652645 = aligned(652645)
| DEBUG: returning 652645
| DEBUG: Python function set_image_size finished
| DEBUG: Executing shell function do_image_wic
| INFO: Creating image(s)...
|
| ERROR: A native program mkfs.ext4 required to build the image was not found (see details above).
|
| Please make sure wic-tools have e2fsprogs-native in its DEPENDS, build it with 'bitbake wic-tools' and try again.
|
| WARNING: exit code 1 from a shell command.
NOTE: recipe core-image-minimal-1.0-r0: task do_image_wic: Failed
(From OE-Core rev: 59b5ec3d53058237dc6f3e85385851d1a8a97f97)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This test is failing on genericarm64 which includes all kernel
modules on rootfs by default. Recently added kernel modules
triggered the size limits to be exceeded. Fixes:
ERROR: Actual rootfs size (112884 kB) is larger than allowed size 102400 kB
Doubling the size to avoid issues like this on machines which
may include a lot of packages on default images. Size of the
rootfs does not matter for the test, only that the offsets are
correct in various usecases.
(From OE-Core rev: 1ff542318ea66514ef550d4817ba9b2ef688134c)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The wic test_exclude_path_with_extra_space does not succeed on debian-based
AB workers since they, by default, do not install the 'parted' utility. This
test installs the 'wic-tools' package, which includes the 'parted' utility,
but it is not being found/used for some unknown reason.
In the previous patch it was believed that doing some extra PATH handling
(as performed by some other tests with a python try...finally block) would
solve the issue. That turned out to not be the case. This patch starts by
reverting that change, since it has no benefit.
In order to use the native tools from the 'wic-tools' package, wic's
'--native-sysroot' can be used (as demonstrated in other tests). In fact
the wic help message explaining the purpose of this flag states that it is
for passing "...the path to the native sysroot containing the tools(parted
and mtools) to use"[sic].
Removing the host's 'parted' utility better simulates the situation found
on the debian workers for testing. This patch is seen to make this test pass
with no host 'parted' utility in place.
(From OE-Core rev: 306e4831f07d4a8db6ab880487813a6abd0ffa08)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move the functions in qemu.bbclass to meta/lib/oe/qemu.py as they are
generally useful.
The qemu.bbclass is still kept, and recipes can continue to use functions
from it, though they have become wrapper functions on qemu.py functions.
Note that the QEMU_OPTIONS settings are still kept in qemu.bbclass.
This sets a clear barrier for people to use qemu user mode.
(From OE-Core rev: 7b3563b3b3901c96c3e498799a83ab8cabcf84b4)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Older versions do not compile with GCC 15. We had different versions to test
GPLv3 exclusion.
1.21 compiles with gcc 15 and 1.20.2 has a CFLAGS tweak to allow it to work
with gcc 15 too.
1.21 is licensed under GPL-2.0 so we need to rework some of the tests.
Tweak the gplv3 test by adding a special override of LICENSE to then test
the license exclusion code.
Modify the archiver selftests to use the new version.
Based on a patch from Khem Raj <raj.khem@gmail.com>
(From OE-Core rev: 3b17355ad1ecad17d12c5eb0e6403a59ef11f7d7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bitbake-dumpsig or bitbake-diffsig tools do not work on any of tasks
exposed by llvm-project-source recipe. This is due to it being a
shared-workdir recipe.
Fixes
bitbake-diffsigs -t llvm-project-source-20.1.2 do_preconfigure
NOTE: Starting bitbake server...
ERROR: No sigdata files found matching llvm-project-source-20.1.2 do_preconfigure
(From OE-Core rev: a6d46935939a94b8ea2b83c024aa86f05efbd7ce)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The wic test_exclude_path_with_extra_space test succeeds on non-debian AB
workers. Add PATH handling so parted from the wic-tools can be found on
debian-based AB workers.
Fixes [YOCTO #15838]
(From OE-Core rev: 3994e727f10c5a0143d52bdd6e1d9ca037296d59)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The same code for extending CVE_STATUS by CVE_CHECK_IGNORE and
CVE_STATUS_GROUPS is used on multiple places.
Create a library funtion to have the code on single place and ready for
reuse by additional classes.
(From OE-Core rev: 45e18f4270d084d81c21b1e5a4a601ce975d8a77)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch extends SystemStats to collect and store data from /proc/net/dev.
It extracts per-interface received and transmitted bytes, calculates deltas
between samples, and stores them for further analysis.
Useful for identifying network bottlenecks during long-running builds.
(From OE-Core rev: 09cbe17e43783fc6b8e3a341d564956452a04c0a)
Signed-off-by: denisova-ok <denisova.olga.k@yandex.ru>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added support for NVMe devices in the diskstats regex pattern to ensure stats are properly collected from devices like nvme0n1.
Relaxed the check for the number of fields in /proc/diskstats from an exact match (14) to a minimum check (at least 14), to handle kernel variations and additional fields gracefully.
(From OE-Core rev: 87a31bc4ca3661aae94cf43f3f579b02f4fb4923)
Signed-off-by: denisova-ok <denisova.olga.k@yandex.ru>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bb.process.NotFoundError is triggered when e.g. oe.buildcfg.get_metadata_git_branch
is called on non-existent directory
(From OE-Core rev: 34c1f66c4c689b26a4c3129eb62f4ff9b6ec14be)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-ffile-prefix map is more comprehensive when it comes to reproducible
builds and its superset of all prefix-mapping options in compilers
This makes is cleaner and workable across gcc and clang, clang does not
support -fcanon-prefix-map and it has to be explicitly omitted when using
clang.
There are lambdas generated in templates by clang which still get the
absolute paths despite -fdebug-prefix-map, this helps with that as well.
nasm is an outlier and we have fixed it by adding -fdebug-prefix-map option
luckily we do not pass DEBUG_PREFIX_MAP to nasm, in all recipes which use
nasm either pass -fdebug-prefix-map explicitly to nasm or they rewrite it
to use nasm flags syntax.
We have discussed this in past [1]
[1] https://patchwork.yoctoproject.org/project/oe-core/patch/20230428032030.2047920-1-raj.khem@gmail.com/#10281
(From OE-Core rev: ff73fa7ef7666a6dbe34f15515bc3ab6e574c5b0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jacob Kroon <jacob.kroon@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the test whitespace to avoid bitbake warnings.
(From OE-Core rev: 8a324aa2111872138715bde7fbc86bcfc2d8b20e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the *.wks file contains a "--source rootfs" then
lib/wic/plugins/source/rootfs.py will be invoked to generate (what is assumed
to be) the rootfs partition. If the rootfs partition needs to be tweaked or
modified, the "rootfs.py" plugin will make a copy of the filesystem and then
perform the changes on that copy. In other words, if the "--source rootfs"
line of the *.wks file also contains any of:
--exclude-path
--include-path
--change-directory
--use-label (i.e. modify etc/fstab)
then the rootfs will be copied first, then the copy is modified.
If, for example, the unmodified IMAGE_ROOTFS is:
.../tmp/work/qemuarm64_secureboot-oe-linux/core-image-base/1.0/rootfs
then the copy would be made at:
.../tmp/work/qemuarm64_secureboot-oe-linux/core-image-base/1.0/tmp-wic/rootfs${LINENO}
where ${LINENO} is the line number where this "--source rootfs" line appears
in the *wks file.
When it comes time to make an actual partition of a specific filesystem type,
lib/wic/partition.py::prepare_rootfs() is called. It is in this function that
wic figures out if any extra size needs to be added. The bitbake variable used
to specify the ultimate rootfs size is ROOTFS_SIZE, and since this variable is
only valid for the rootfs (and not any other partitions), the code also
verifies that the partition being created is ${IMAGE_ROOTFS}:
rsize_bb = get_bitbake_var('ROOTFS_SIZE')
rdir = get_bitbake_var('IMAGE_ROOTFS')
if rsize_bb and rdir == rootfs_dir:
<use rsize_bb>
else:
<calculate the partition size using "du -ks $p">
As noted above, if lib/wic/plugins/source/rootfs.py has made a copy, then the
"rdir == rootfs_dir" clause will fail and the code will assume this partition
is not a rootfs since the strings do not compare equal.
Therefore, in order to determine if this is a rootfs, retain the existing
"rdir == rootfs_dir" comparison, but also add another one to check whether or
not this is a wic-generated copy of the rootfs.
STEPS TO REPRODUCE:
- start with the following *wks file:
bootloader --ptable gpt
part /boot --size=100M --active --fstype=ext4 --label boot
part / --source rootfs --fstype=ext4 --label root
- and the following extra variable in conf/local.conf:
IMAGE_ROOTFS_EXTRA_SPACE = "500000"
- build an image
- run it in qemu
$ runqemu slirp nographic serial
- verify the root partition has extra space:
root@qemuarm64-secureboot:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 721.5M 67.4M 600.6M 10% /
devtmpfs 477.7M 0 477.7M 0% /dev
tmpfs 40.0K 0 40.0K 0% /mnt
tmpfs 489.3M 92.0K 489.2M 0% /run
tmpfs 489.3M 68.0K 489.2M 0% /var/volatile
/dev/vda1 120.4M 19.9M 91.4M 18% /boot
- modify the "/" line of the *wks file to be:
part / --source rootfs --fstype=ext4 --label root --exclude-path boot/
- build image
when it fails:
root@qemuarm64-secureboot:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 73.4M 41.9M 25.8M 62% /
devtmpfs 477.7M 0 477.7M 0% /dev
tmpfs 40.0K 0 40.0K 0% /mnt
tmpfs 489.3M 92.0K 489.2M 0% /run
tmpfs 489.3M 68.0K 489.2M 0% /var/volatile
/dev/vda1 120.4M 19.9M 91.4M 18% /boot
after this fix:
root@qemuarm64-secureboot:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 721.5M 47.4M 620.6M 7% /
devtmpfs 477.7M 0 477.7M 0% /dev
tmpfs 40.0K 0 40.0K 0% /mnt
tmpfs 489.3M 92.0K 489.2M 0% /run
tmpfs 489.3M 68.0K 489.2M 0% /var/volatile
/dev/vda1 120.4M 19.9M 91.4M 18% /boot
Doing the math we see that the /boot partition is ~20MB and in the first image
the / partition contains this ~20MB in addition to the rest of the rootfs.
This ~20MB is completely wasted since it is used in the / partition, but then
the /boot partition is mounted on top of it, making the /boot directory of /
inaccessible. After the fix the / partition has an additional ~20MB since the
/boot portion is excluded.
Fixes [YOCTO #15555]
(From OE-Core rev: 1c690aa046ebca13d7b29de50d42b5d8a4a8486c)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Marks CVE check functions which depend on non-constant variable flags as
depending on the variables. This allows changes in the flags to
correctly trigger a rebuild
(From OE-Core rev: 2cc43c72ff28aa39a417dd8d57cd7c8741c0e541)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The class sets SRCREV to AUTOINC for recipes with single
or multiple repositories. Test those cases.
(From meta-yocto rev: b7185b27b8acb43eaf9c27787903173ea34a0738)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adds cve_check.py to BBIMPORTS so the functions it exposes will be
correctly scanned for dependencies in the dependency scanner
(From OE-Core rev: 52ead33c6b6e2532c57b7b28b862ba38b575f9e3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream has released a new version (4.4) but not the tarball for it.
Adjust one of the devtool selftests, as it requires that the recipe
under test is using a tarball. Another selftest also needs to be
tweaked to correctly clean up its modifications to that same recipe on
test completion.
(From OE-Core rev: de635a9bc0392689ff36b50e7f91572d3fbaac09)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE_STATUS can be also "Unknown" since oe-core commit
d25f1817752bc8a84c40dcbef75f7559801ce15e
When this status type is used, build fails with e.g.
ERROR: openssl-3.4.1-r0 do_create_spdx: Unknown CVE-2025-0001 status 'Unknown'
Since this is now a valid status, it needs to be handled.
It cannot be mapped to any VEX status (see below), so just skip it.
Possible VEX statuses are: NOT AFFECTED, AFFECTED, FIXED, and UNDER INVESTIGATION.
(From OE-Core rev: 2d3081ef63c8a54df62a2a08bd36008c20eed65a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
cc: Marta Rybczynska <rybczynska@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's no point in checking if __name__ == "__main__" (i.e., is this
module being invoked) and then doing nothing.
(From OE-Core rev: 020b6b1411c9fd3adb208808c0d56623190873f8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When PATCHTOOL is set to 'git', and user don't setup
user.name and user.email for git, do_patch fail with
the following error, fix by passing -c options.
CmdError("git notes --ref refs/notes/devtool append -m 'original patch: 0001-PATCH-increase-to-cpp17-version.patch' HEAD", 0, 'stdout:
stderr: Author identity unknown
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
(From OE-Core rev: a3c6706d31ae1345b571ca10b290a4e1f5a9384b)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
By default, still use ${PV} as the the version of a package in SBOM 3
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2"
},
...
Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to software_packageVersion in SBOM 3
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2-r0"
},
...
(From OE-Core rev: e6ff5f4d870624795bd36572f5c2bfeec90d83ce)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The base-files test for SPDX 2.2 did not give good coverage, since
base-files doesn't have any dependencies. Add building tar as another
test which more fully exercises the code
(From OE-Core rev: d678e25419c89e09c1c438363bf3a940ce903d43)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cpio is not yet buildable with C23 standard which is default with
GCC 15, therefore ensure to apply needed bandage to keep it compiling
in C17 mode even with GCC 15
(From OE-Core rev: 0c637099887f1be421c8e1203f99631a1e040150)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the same as e105befbe4ee0d85e94c2048a744f0373e2dbcdf on
additional place in the code.
When a link is pointing to location inaccessible to build user (e.g. "/root/something"),
filepath.is_file() throws "PermissionError: [Errno 13] Permission denied".
Fix this by first checking if it is a link.
(From OE-Core rev: 26f35f866cf7888431963cf4fc5d2019cd28de74)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bitbake is dropping the need for fetcher name iteration and multiple revisions
per url. Update the code to match (removal of the for loop).
(From OE-Core rev: 4859cdf97fd9a260036e148e25f0b78eb393df1e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Running, e.g., `devtool reset sdbus-c++` would result in the following
error:
re.error: multiple repeat at position 35
This was due to the ++ in the recipe name, which would be treated as an
incorrect regular expression in _reset().
Use re.escape() to make sure all characters in the recipe name are
treated literally.
(From OE-Core rev: 6e73bd9b3e6d529752db93879f2c0ed53873dd1a)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Due to commit [spdx30: Improve os.walk() handling][1] applied,
it reported an error if walk directory failed
While SPDX_INCLUDE_SOURCES = "1", if recipe does not provide sysroots,
the walk in function add_package_files is broken
$ echo 'SPDX_INCLUDE_SOURCES = "1"' >> conf/local.conf
$ bitbake packagegroup-core-boot
|DEBUG: Adding sysroot files to SPDX
|ERROR: packagegroup-core-boot-1.0-r0 do_create_spdx: ERROR walking tmp/sysroots-components/intel_x86_64/packagegroup-core-boot: [Errno 2]
| No such file or directory: 'tmp/sysroots-components/intel_x86_64/packagegroup-core-boot'
Test the existence of directory before walking
[1] https://git.openembedded.org/openembedded-core/commit/?id=86b581e80637cd8136ce7a7e95db94d9553d2f60
(From OE-Core rev: cb1792e4950d5075be9bbe4c5337a5215db9669e)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recent freedesktop instabilities are causing 'devtool check-upgrade-status' to
fail with:
bb.fetch2.FetchError: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; git -c gc.autoDetach=false -c core.pager=cat -c safe.bareRepository=all -c clone.defaultRemoteName=origin ls-remote https://gitlab.>
fatal: unable to access 'https://gitlab.freedesktop.org/mesa/kmscube/': The requested URL returned error: 502
and not print any results for this one or any unrelated recipes included in the check.
This change handles the error, so that if some upstream server isn't working
properly, latest upstream revision for that is marked as unknown, a
warning is printed and upstream version check for other recipes
isn't thwarted:
WARNING: Unable to obtain latest revision: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; git -c gc.autoDetach=false -c core.pager=cat -c safe.bareRepository=all -c clone.defaultRemoteName=origin ls-remote https://gitlab.freedesktop.org/mesa/piglit.git failed with exit code 128, output:
remote: GitLab is not responding
fatal: unable to access 'https://gitlab.freedesktop.org/mesa/piglit.git/': The requested URL returned error: 502
piglit 1.0 UNKNOWN_BROKEN Ross Burton <ross.burton@arm.com>
(From OE-Core rev: c1056293f7cb32ee2bdf31441cc0b59d9ccfe556)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a new test function which checks that the device-tree of U-Boot
contains the public keys which are required for checking the signature
of the kernel FIT image at run-time.
Use this new _check_kernel_dtb function in the existing
test_sign_cascaded_uboot_fit_image test case which already creates a
build configuration with UBOOT_SIGN_ENABLE = "1" and keys for the kernel.
But so far there was no check that the keys for the kernel verification
got added to U-Boot's DTB.
This test case checks the configuration where only the configuration
nodes of the kernel FIT image are signed.
A new test case test_sign_uboot_kernel_individual checks the
configuration with two keys and signed image and signed configuration
nodes.
This test case covers the use case which recently broke with commit:
OE-Core rev: 259bfa86f384206f0d0a96a5b84887186c5f689e
u-boot: kernel-fitimage: Fix dependency loop if
UBOOT_SIGN_ENABLE and UBOOT_ENV enabled
and got fixed with commit
OE-Core rev: 0106e5efab99c8016836a2ab71e2327ce58a9a9d
u-boot: kernel-fitimage: Restore FIT_SIGN_INDIVIDUAL="1"
behavior
This patch also fixes a few more details:
- Simplify the code by moving all the U-Boot related variables to the
_fit_get_bb_vars function.
- Do not set FIT_GENERATE_KEYS = "1" without inheriting the
kernel-fitimage.bbclass which handles this variable.
(From OE-Core rev: dda1fcbc85c26d1851dda6ed235238b15939998e)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the code slightly more robust by using e.g.
bb_vars.get('UBOOT_SIGN_ENABLE') instead of bb_vars['UBOOT_SIGN_ENABLE']
for variables which are potentially undefined.
This is a general cleanup but also a preparation for additional test
cases.
Log bb_vars in verbose mode.
Drop one no longer used log message.
(From OE-Core rev: 22a554e1d5a2449c4c1b34f4d5cfe1572a72a142)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The updated kmod build (using meson) causes the output which results from `info
line kmod_help` to change. Relax the regex so that both old and new reponses
will pass.
(From OE-Core rev: 8783e7b8109b02847cf3b07421582c4fdb18949c)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The SPDX library code was being ignored from taskhash calculations due
to accidentally being omitted from BBIMPORTS. This meant that changes in
the code or dependent variables would not cause the task to rebuild
correctly.
In order to add spdx_common, convert the `Dep` object from a named tuple
to a frozen dataclass. These function more or less equivalently, but the
bitbake code parser cannot handle named tuples.
Finally, the vardepsexclude that used to be present on the recipe tasks
needs to be moved to the python code in order for the variables to be
correctly ignored. Several unused exclusions were removed
(From OE-Core rev: eb597bf61cbcb0a4d43149404c93eec0894fb4c7)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Test with only one externally provided ssh key not only with two
keys generated by the kernel-fitimage.bbclass itself.
* Add a test which signs only the configuration but not the image nodes.
There was no test case which covered the probably much more important
use case of setting FIT_SIGN_INDIVIDUAL = "0".
* Cover also the unbundled initramfs use case. Also this use case is
probably much more relevant than the bundled initramnfs use case.
(From OE-Core rev: 0a5b65b83dcd9f8d1d22d074fdfad1f1e472827c)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a comprehensive cleanup of the fitImage related test cases.
The existing test cases were essentially the same code copied and pasted
9 times. All 9 test cases contained the code to parse an its file and to
parse the output of the dumpimage utility in slightly different variants.
Changing the kernel-fitimage.bbclass or the uboot-sign.bbclass would mean
changing 9 test cases individually. This is no longer maintainable.
This cleanup converts the code into reusable functions. The new test
code is more like a reverse implementation of the bbclasses to be tested
than a collection of straightforward test sequences.
This also means that the test code evaluates the same bitbake variables
as the implementation. This makes it much easier to add new test cases,
as a test case is basically just another local.conf file. The code is
not yet complete. But it can now be improved step by step in this
direction.
(From OE-Core rev: 1dfa03a182d9d9e9e38c410847c7dac4ed7e8ce6)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a trivial refactoring.
The goal is to have all tests for kernel-fitimage.bbclass and all tests
for uboot-sign.bbclass together. This refactoring greatly simplifies
the diff of the next commit.
(From OE-Core rev: 638abab58b653a1fb120368bd5e30bc80478757c)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For u-boot test cases (bitbake virtual/bootloader) inheriting the
kernel-fitimage.bbclass is no longer needed. Also setting any variable
which is evaluated by the kernel-fitimage.bbclass but not by
uboot-sign.bbclass is pointless since:
* Commit OE-Core rev: 5e12dc911d0c541f43aa6d0c046fb87e8b7c1f7e
changed the test case from
bitbake virtual/kernel
to
bitbake virtual/bootloader
* Commit OE-Core rev: 259bfa86f384206f0d0a96a5b84887186c5f689e has
finally removed the dependency of uboot-sign.bbclass on the
kernel-fitimage.bbclass completely.
Remove the related lines of code which are now without any effect.
The two test cases test_uboot_fit_image and test_uboot_sign_fit_image
do the exact same test. Both generate a binary equal its file:
/dts-v1/;
/ {
description = "A model description";
#address-cells = <1>;
images {
uboot {
description = "U-Boot image";
data = /incbin/("u-boot-nodtb.bin");
type = "standalone";
os = "u-boot";
arch = "arm";
compression = "none";
load = <0x80080000>;
entry = <0x80080000>;
};
fdt {
description = "U-Boot FDT";
data = /incbin/("u-boot.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
};
};
configurations {
default = "conf";
conf {
description = "Boot with signed U-Boot FIT";
loadables = "uboot";
fdt = "fdt";
};
};
};
The code diff between the two equal test cases looks like:
@@ -1,8 +1,9 @@
- def test_uboot_fit_image(self):
+ def test_uboot_sign_fit_image(self):
"""
Summary: Check if Uboot FIT image and Image Tree Source
(its) are built and the Image Tree Source has the
- correct fields.
+ correct fields, in the scenario where the Kernel
+ is also creating/signing it's fitImage.
Expected: 1. u-boot-fitImage and u-boot-its can be built
2. The type, load address, entrypoint address and
default values of U-boot image are correct in the
@@ -26,16 +27,15 @@
UBOOT_LOADADDRESS = "0x80080000"
UBOOT_ENTRYPOINT = "0x80080000"
UBOOT_FIT_DESC = "A model description"
-
-# Enable creation of Kernel fitImage
KERNEL_IMAGETYPES += " fitImage "
-KERNEL_CLASSES = " kernel-fitimage"
+KERNEL_CLASSES = " kernel-fitimage "
UBOOT_SIGN_ENABLE = "1"
FIT_GENERATE_KEYS = "1"
UBOOT_SIGN_KEYDIR = "${TOPDIR}/signing-keys"
UBOOT_SIGN_IMG_KEYNAME = "img-oe-selftest"
UBOOT_SIGN_KEYNAME = "cfg-oe-selftest"
FIT_SIGN_INDIVIDUAL = "1"
+UBOOT_MKIMAGE_SIGN_ARGS = "-c 'a smart U-Boot comment'"
"""
self.write_config(config)
Conclusion: The test case test_uboot_sign_fit_image looks redundant.
Contrary to its name, it does not insert any signature nodes into the
its-file and therefore does not test any type of signature.
Code history:
- Commit OE-Core rev: e71e4c617568496ae3bd6bb678f97b4f73cb43d8
introduces both test cases.
- Commit OE-Core rev: 5e12dc911d0c541f43aa6d0c046fb87e8b7c1f7e
changes both test cases like this:
- bitbake("virtual/kernel")
+ bitbake("virtual/bootloader")
It looks like the original implementation of test_uboot_sign_fit_image
was supposed to test the interaction between the kernel-fitimage.bbclass
and uboot-sign.bbclass which does not longer work like that.
When compiling u-boot, the variable that is relevant for creating an its
file with signature nodes is: SPL_SIGN_ENABLE. This is what the test
case test_sign_standalone_uboot_fit_image verifies. Lets just delete the
now obsolete test_uboot_sign_fit_image test case.
(From OE-Core rev: de8bfdff0f997f59a2bd27842a2ffcd365f725f3)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code to iterate over patched CVEs (e.g. those patched by a .patch
file in SRC_URI) was accidentally omitted when writing the SPDX 3
handling. Add it in now
[YOCTO #15789]
(From OE-Core rev: 1ff496546279d8a97df5ec475007cfb095c2a0bc)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the ELF definition for the loongarch64 architecture when building
with musl as libc.
(From OE-Core rev: c6498e4ca43dc2f8bc326bc6b6dbc8fd7f0bef79)
Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
VEX Affected relationships have a mandatory action statement that
indicates the mitigation for a vulnerability. Since we don't track this
add a statement indicating that no mitigation is known.
(From OE-Core rev: 39545c955474a43d11a45d74a88a5999b02cb8b3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If you send this forked process a SIGTERM, it will execute all of the
parent's exit code leading to two sets of console/exit output which is
extremely confusing. Wrap the code in a try/finally to ensure we always
call os._exit() to avoid this.
I spent far too long trying to work out the crazy console output from this.
(From OE-Core rev: 652e40bfae24b8e23bbf7a7f35d900d2ab8d0f92)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The current code for multiple argument passing is horrible. Tweak the
multiprocess_launch function to only convert to a tuple if it isn't already
one, which means we can then use function arguments in a standard way.
(From OE-Core rev: 7c99f90079e722764ebdc30e8d0e781454b3a51a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add "test_uboot_atf_tee_fit_image" test caste to check u-boot FIT image and
Image Tree Source(ITS) are built and the ITS has the correct fields.
Add "test_sign_standalone_uboot_atf_tee_fit_image" test case to check if u-boot
FIT image and Image Tree Source (ITS) are created and signed correctly for the
scenario where only the u-boot proper fitImage is being created and signed.
Currently, ATF and TEE(optee-os) recipes are placed in meta-arm layer.
OpenEmbedded-Core is a basic and core meta layer. To avoid OpenEmbedded-core
depends meta-arm, both test cases are used dummy images for testing.
(From OE-Core rev: 92e51452f8831f74e0907b960135eef8cecd012a)
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the build-st/conf/local.conf does not end with a newline
when is generated then add one
[YOCTO #15734]
CC: Yoann Congal <yoann.congal@smile.fr>
CC: Randy MacLeod <randy.macleod@windriver.com>
CC: Alexander Kanavin <alex.kanavin@gmail.com>
(From OE-Core rev: d2fcd9e880126bc33be2ef14e678cc1aa72683c3)
Signed-off-by: Christos Gavros <gavrosc@yahoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The link in the comment is broken.
It's removed together with some text.
CC: Yoann Congal <yoann.congal@smile.fr>
CC: Randy MacLeod <randy.macleod@windriver.com>
(From OE-Core rev: 4d5ce199d44bbeee7a7cff1dc7deac3d45a15d35)
Signed-off-by: Christos Gavros <gavrosc@yahoo.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After changing naming of cargo config in cargo_common.bbclass, adapt
devtool to use the new name.
(From OE-Core rev: 715d27f0b4301c97f05ed3cbbaace0ba01c28f39)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A few tests are getting failed with x86 arch.The unsupported/failing tests
are added to the exclude list and ignore the failing unit tests.
Upstream-Status: Pending
(From OE-Core rev: b1340173be2a3a91fbb135eb0e24e50c3b996425)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
