Age | Commit message (Collapse) | Author |
|
Before, even if the code was seemingly written to search through all
licenses in ${COMMON_LICENSE_DIR} and ${LICENSE_PATH}, it would
actually bail out after only searching ${COMMON_LICENSE_DIR} due to
the exception handling.
Also refrain from using f-strings.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of FILERDEPENDS_*, the FILERDEPENDS should be FILERDEPENDS:*
such as FILERDEPENDS:/usr/bin/python3.9:lib32-python3-core as an example,
so switch to new override syntax to make sure the related check in effect.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When multilib enabled, instead of checking RDEPENDS_lib32-python3-core,
we should check RDEPENDS:lib32-python3-core as new override syntax applied.
So switch to new override syntax to make sure the related RDEPENDS check
logic is in effect.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When creating packages we build them with --clamp-mtime and use
SOURCE_DATE_EPOCH as the maximum mtime. This makes the end packages
reproducible. The data stored in sstate for do_package and the package
task doesn't benefit from this though and have varying timestamps.
This means their outhash varies and means hash equivalance isn't
effective at all and doesn't work as intended/desired.
We could create the sstate archives with the same clamping however
that would lead to different results depending on whether a task was
installed from sstate or not. Making that differ is a path to madness.
It also wouldn't fix the outhash of the task to be determninistic
without clamping of the date in the hash calculation code.
Instead, iterate over the files in sstate output and clamp them at
the code level. This isn't ideal but does make the file timestamps
determnistic everywhere and means we don't have to change the hash
calculation code.
This issue can be clearly seen looking at the do_package outhash for
a recipe which you then re-run the package task for after adding
something like whitespace to the install task. The outhash shouldn't
change but currently does.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
pkgdata output isn't entirely deterministic since the sorting of some of the
variables can change. This likely doesn't have any real world effect but fix
this with some additional sorting as it allows better hash equivalency of
task output.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The preinst data in pkgdata will not expand out the ${XXX_PARAM} variables
since they don't use a package suffix. It happens that the final expansion
used for the packages is corrected by a second trip through the datastore.
The first version is used for calculation of the task output hash and
recent improvements in hash reuse showed this data wasn't using included
in the hashes, meaning for example builds with dynamic IDs were mixing
sstate with builds using static IDs. The result was a mess.
Fix this by expanding the data in the preinst correctly to use the
package specific _PARAM values.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When fetching sstate, SRCPV can be expanded withuin PV which breaks the
sstate fetcher as other variables like SRC_URI are changed by the fetcher
code. Expand the variable before doing this to avoid those problems and
hence avoid setscene task failures with remote sstate storage in git
recipes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Externalsrc removes do_fetch, do_unpack, and do_patch. The system normally
discovers the correct reproducible date as a postfuncs of do_unpack, so this
date is never found, so it falls back to the default epoch.
Instead we can move the discovery function to a prefuncs on the epoch
deploy task. This task will run before do_configure, and since the source
is already available can run safely at anytime.
Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previously if BUILD_REPRODUCIBLE_BINARIES was set to 0, the system would
fall back and select the default epoch (April 2011), but still perform
the reproducible build actions. This resulted in binaries that had an
unusually old date.
Simplify the functions and remove the anonymous python as no longer
necessary.
Also improve the documentation to better explain what the class is doing
and how a recipe can override the behavior if necessary.
Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We could build an Android toolchain but its triple should
always contain the string android or clang can't link
the right object files for it.
Signed-off-by: Hsia-Jun(Randy) Li <randy.li@synaptics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The special CLOSED license means that this is closed source code with
no other licensing assertions. It's not a generic license in oe-core,
and not a SPDX license, so transform it to NONE explicitly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The trailing comma turns ref_id into an object instead of a string
when added to the relationship table.
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It's way easier to scan a list of variables if they're sorted one per
line.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This function does something similar to the bitbake fetcher file search
paths and is an old remnant of how this could have once been handled. There
are no users in OE-Core and we'd always prefer the fetcher to handle this now
as it handles signatures correctly. The direct OVERRIDES reference would
likely break any user of the function. Remove it to be safe and ensure it
isn't being used anywhere.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove unused variable/code.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of putting the full license text for non-SPDX licenses into the
recipe and every package, use links to the recipe from the packages if
possible.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For licenses which are not known to SPDX, find and embed the actual
license text in an ExtractedLicesingInfo block.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
add_extracted_document() is only called if the license isn't known to
SPDX, so there's no need to check again.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
spdx-licenses.json contains an array of licenses objects. As we'll be
searching it often, convert that to a dictionary when we parse it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With the previously added general git repo fallback rule the server
specific fallback mirrors for git.savannah.gnu.org and
git.yoctoproject.org are redundant. Remove them.
Signed-off-by: Daniel Wagenknecht <dwagenknecht@emlix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Git hosting servers that require a slightly different URL when accessing
repositories via https protocol instead of the git native protocol
are not uncommon (servers using cgit as web UI). Provide a general rule
to try HOST/git/PATH via https as git repo fallback.
Signed-off-by: Daniel Wagenknecht <dwagenknecht@emlix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't want this warning causing problems on the AB, so leave it
comment out for now
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Native recipes do not produce packages and should not process them,
otherwise it can trigger an error in read_subpackage_metadata
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Stop filtering the runtime dependencies based on do_create_sdpx (makes
it only pick up things in DEPENDS) and instead include all task
dependencies that are not the current PN. This allows other dependency
methods to be picked up correctly, for example the dependency on the
kernel used by kernel modules.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Public Domain license (PD) needs a special exception in the license
processing since there is no common license text to be extracted for
these licenses.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
file:// URIs should not be included as the downloadLocation. Instead,
loop until a non-file:// URI is found, or set the location to
NOASSERTION if none is found
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use the bb.utils.sha* utilities to hash files since they are much faster
than the loops we were rolling ourselves
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Licenses reported in the SPDX documents should be either:
A) A valid SPDX identifier cross referenced from the SPDX license
database
B) A "LicenseRef" to a license described in the SPDX document
The licensing code will now add a placeholder extracted license with
corresponding "LicenseRef" for any licenses that are not matched to the
SPDX database
Parenthesis in the license expression are now handled correctly
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This will create a more uniq DocumentRef, which will allow
the individual spdx files to be merged into a single SBOM
file reflecting the image. Do the same with the runtime dependencies
also
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes another creator that was missed earlier
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If a debug source cannot be found, mark it as NOASSERTION so that other
tools at least know we were unable to locate it.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add the index to DEPLOYDIR in addition to adding it to the SPDX archive
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the creator name since this no longer lives in meta-doubleopen
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adds a class as a first attempt to create SPDX SBoM documents during the
build. This initial work was influenced by [meta-doubleopen][1],
although almost completely rewritten.
[1]: https://github.com/doubleopen-project/meta-doubleopen
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adds extended package data which is encoded as JSON which allows it to
encode more structure than the "flat" package data files. The extended
data might be much larger than the standard package data, so it is not
read by default and instead requires
oe.packagedata.read_subpkgdata_extended() to be called
Currently, the file sizes and ELF debug sources are saved off into the
extended package data
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When building cargo-native on centos7 with buildtools tarball installed,
we see failures:
/bin/sh: /lib64/libc.so.6: version `GLIBC_2.33' not found (required by /home/pokybuild/yocto-worker/reproducible-centos/build/build-st/tmp/work/x86_64-linux/cargo-native/1.54.0-r0/recipe-sysroot-native/usr/lib/libtinfo.so.5)
We also see this for libstd-rs once cargo-native is fixed.
The reason for this is that the wrapper script
cargo-native/1.54.0-r0/wrapper/target-rust-ccld has /bin/sh as it's
interpreter and cargo calls this with LD_LIBRARY_PATH set to include the
recipe-sysroot-native. The host /bin/sh links to libtinfo from the host
but it finds the version in the sysroot which needs a newer libc. This
results in the above error since the loader is an older libc and the two
are incompatible.
Our ccld wrapper calls gcc/ld which don't need the LD_LIBRARY_PATH
variable set. We can't patch this out the source since we're using
a prebuilt binary to generate a new cargo binary so this is impossible
to bootstrap.
Instead, put a binary wrapper into place which removes LD_LIBRARY_PATH
from the environment before calling the original wrapper (left in shell
as it is simpler to maintain).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ptest.bbclass has a sanity check that all recipes in oe-core which
inherit ptest are also listed in the ptest-packagelists.inc file, and
the build fails if this is not the case.
Whilst this is a laudable goal, it is over-zealous as if the recipe has
a bbappend in another layer which inherits ptest, the build will fail.
By changing the combination of anonymous Python and bb.error() to a
recipe-scope QA test, this can be handled with the other sanity checks
and bbappends can skip the test if desired.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the u-boot binary name configurable. Use the existing variable
UBOOT_BINARYNAME which is evaluated from the UBOOT_BINARY.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the SPL suffix configurable via SPL_SUFFIX variable to support SPL
binaries with suffix. The suffix is optional and empty per default. The
delimiter in front of the suffix is added automatically if the suffix
is not empty. A new variable SPL_BINARYFILE contains the binary file
name inclusive optional delimiter and suffix and the old variable
SPL_BINARYNAME contains only the name of the binary without directory,
delimiter and specified suffix. This behavior is backward compatible
with empty SPL_SUFFIX variable.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In addition to checking DISTRO_, MACHINE_, and COMBINED_ FEATURES for required
or conflicting features, extend this functionality in order to check
IMAGE_FEATURES in the same way.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, depends.dot includes per-file dependencies but not the packages
providing those files. This makes it hard to obtain all package
dependencies by just looking at depends.dot.
Parse the RPROVIDES and FILERPROVIDES fields from pkgdata to map each of
their values to the package providing the component. Include runtime
packages as dependencies in depends.dot, together with the component
provided by the package as a label.
Signed-off-by: Andres Beltran <abeltran@linux.microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Running 'rustc --print <foo>' in -c devshell environment
the target specifications are not known, unless the
RUST_TARGET_PATH (absolute path to rustlib/) is defined.
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable zstd PACKAGECONFIG knob for squashfs-tools and add support for zstd
compressed initramfs and squashfs.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
EXTENDPKGV can contain AUTOINC so use an expanded form in the variables allowing
for later expansion during packaging to avoid race issues over the variable and
the build failures that can result.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, buildhistory does not produce a single file combining relevant
information of installed packages. Produce an output file
"installed-package-info.txt" listing a package's runtime name, buildtime name,
its recipe, version, and size to avoid having to look up each package externally.
Leave the existing package list files as-is for backwards compatibility.
In order to support this efficiently, extend oe-pkgdata-util to accept multiple keys
for its read-value argument.
Signed-off-by: Andres Beltran <abeltran@linux.microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Setting the Meson buildtype to "debug" will by default only enable the
-g option to the compiler, which should not matter for OE-Core as it is
already enabled by setting DEBUG_BUILD to 1 in the first place. However,
if the package uses get_option('debug') in its meson.build files to
enable package specific debug code, this will now trigger as intended.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the kernel configuration enables module signing but no key
is provided, then the kernel generates one during the kernel build.
The current runtime-dependency references (with only package names
without full versions) allow mixed package installations from different
rebuilds of the same kernel version.
This creates an issue because then the modules either don't work
or taint the kernel.
Tighten RDEPENDS with the full package version, i.e. use (= ${EXTENDPKGV})
markers for inter-package dependencies.
The kernel will pull in the kernel-modules subpackage of the same
exact version automatically if KERNEL_SPLIT_MODULES="0" is set.
Otherwise the situation is the same as with the old default with
one subpackage per kernel module where they have to be upgraded
manually.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|