Firejail Security Sandbox
https://firejail.wordpress.com/
Lightweight application sandboxing system using seccomp and kernel
namespaces.
Signed-off-by: Chris Frederick <cdf123@cdf123.net>
[Thomas:
- Fix DEVELOPERS entry: use <> around the e-mail address instead of ()
- firejail builds fine with musl, so only exclude uclibc, which fails
to build with EM_ARM undeclared
- Update to upstream version 0.9.44.8.
- Remove FIREJAIL_MAKE_OPTS, as suggested by Romain Naour.
- Pass --enable-busybox-workaround only if Busybox is enabled, as
suggested by Romain Naour.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As announced by Rob Clark at:
https://lists.freedesktop.org/archives/mesa-dev/2017-February/145745.html
, the kmscube repository has been moved from github to freedesktop.org,
so change it to the new location.
With the newest code the local patch for adding imx-drm support
is no longer needed.
Also, on imx6q we need to explicitily pass the card device now:
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We have decided that lua packages should have a name that starts with
lua (like is the case for python and perl). However, we're not going to
rename all the existing lua packages that don't start with lua. This
makes it unclear for people adding packages how they should name the
package, so add a comment to package/Config.in to explain it.
It's rather terse but it gets the message across.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The location at ftp.csx.cam.ac.uk only stores 2 latest versions of PCRE.
This results in old (2015.11 and older currently) buildroot versions
timing out on wget several times and having to retrieve the package
from sources.buildroot.org afterwards.
Signed-off-by: Oleg Kitain <okitain@ya.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This bump fix the build failure with gcc5 for barebox.
Some changes were made to the first patch to align to the latest
barebox api.
Also done the following changes:
- Use "BR2_TARGET_BAREBOX_CONFIG_FRAGMENT_FILES" instead of patching
the barebox sources.
- Use "BR2_GLOBAL_PATCH_DIR" instead of
"BR2_TARGET_BAREBOX_CUSTOM_PATCH_DIR".
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit bf1c9828f2.
This commit was part of the Kodi 17 series and was committed too early,
current Kodi 16 is incompatible with this bump and needs to be
reverted, fixes https://bugs.busybox.net/show_bug.cgi?id=9711
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 2ac3045453.
This commit was part of the Kodi 17 series and was committed too early,
current Kodi 16 is incompatible with this bump and needs to be
reverted, fixes https://bugs.busybox.net/show_bug.cgi?id=9711
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update test-disabling patch for new version, and git format it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes a buffer-overrun in Bengali.
Switch to https URL to avoid a small delay in protocol redirection.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit cherry-picks an upstream patch that fixes a compile error
that was introduced in v2.1.1
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The board support package includes the following components:
- U-Boot 2016.11
- Linux 4.9.3
- packages:
- alsa-utils for basic audio usage of the on-board headphone jack
and microphone
- iw and wpa_supplicant for managing the wireless interface
Two Linux patches are necessary to enable audio and wifi support. Both
patches are fetched from the Linux next branch and are probably mainlined in
Linux 4.11.
A Linux configuration fragment enables the wireless device driver, which
is not enabled by default in the mainline defconfig of the board.
The wifi chip needs a NVRAM configuration file which is provided in the
rootfs overlay.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas: remove e2fsprogs from the target packages, add entry in
DEVELOPERS file, remove C++ support.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for kmscube application, which is helpful for testing
kms/drm drivers.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Jagan Teki <jagan@amarulasolutions.com>
Include the --disable-dependency-tracking option in <pkg>_CONFIGURE_CMDS
only on the condition that <pkg>_OVERRIDE_SRCDIR is empty. Dependency
tracking is very welcome while developing in order to properly rebuild
when calling make <pkg>-rebuild for instance.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
On older SoCFPGA SoCs, there was not enough SRAM to fit the entire
U-Boot, so a SPL model was used. The SPL was therefore the binary that
had to be "prepared" to be loaded by the ROM code using the mkpimage
tool.
With newer SoCFPGA SoCs, there is enough SRAM to fit the entire U-Boot,
and therefore the ROM code directly loads U-Boot. In this case, it's the
real U-Boot image (not the SPL) that needs to be prepared using
mkpimage.
This code adds support for the newer SoCFPGA SoCs, by adjusting the
mkpimage related logic to apply on the SPL if an SPL is enabled, or on
the full U-Boot image otherwise.
Signed-off-by: Lionel Flandrin <lionel@svkt.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The buildroot repository is now mirrored on
https://gitlab.com/buildroot.org/buildroot so we can use Gitlab-CI to
test Buildroot. Gitlab-CI is controlled by a .gitlab-ci.yml file
that exists in the repository.
For now, the only test is building all defconfigs (inspired on
https://travis-ci.org/buildroot/buildroot-defconfig-testing/). Since
all the defconfigs have to be specified in the .gitlab-ci.yml file,
we generate the file based on .gitlab-ci.yml.in. The generated
.gitlab-ci.yml file has to be committed into the repository, though,
otherwise Gitlab-CI doesn't see it. So there is also a test to verify
that .gitlab-ci.yml is up-to-date.
Building all the defconfigs takes a long time. Gitlab-CI will do that
every time it pulls from git.buildroot.org, which is once per hour.
That is way too often. Therefore, the defconfigs are not built on pull,
but only on explicit trigger through the API or when a tag is added.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas:
- fix typo not -> no
- add LC_ALL=C when calling 'ls -1' to get a predictable order of the
defconfigs
- regenerate .gitlab-ci.yml.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
GTest version 1.8.0 includes gmock so merge both packages inside gtest
In this merge:
- Add gmock as a suboption of gtest (BR2_PACKAGE_GTEST_GMOCK)
following advice from Arnout Vandecappelle
- Add BR2_PACKAGE_GMOCK as a legacy entry, selecting BR2_PACKAGE_GTEST
and BR2_PACKAGE_GTEST_GMOCK.
- Use cmake to install libraries and headers and add missing files
(gtest.pc, gtest-config, gmock.pc) in
GTEST_POST_INSTALL_STAGING_HOOKS instead of redefining
GTEST_INSTALL_STAGING_CMDS
- Remove patch on Python as gmock/gtest now supports python 3.0
(commit 456fc2b5c4e9ebf05a5987dfe1ff0ac9ffeb53cc)
- Add the correct license in HOST_GTEST_LICENSE as all python code in
googlemock/scripts/generator is licensed under Apache-2.0 and not
BSD-3c
- Fix URL of gtest project in Config.in
- Remove the gmock entry from DEVELOPERS
- Install gmock_gen directly, instead of as a symlink to gmock_gen.py
Notice that any external package that depends on gmock will cause an
immediate build termination because make doesn't know how to build
gmock. Since the user has just removed gmock from the legacy menu, it
should be quite obvious what needs to be done.
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Thomas:
- Use += instead of = when assigning a value to <pkg>_DEPENDENCIES in
conditional
- Remove comment about the "tricky logic" around BUILD_GTEST and
BUILD_GMOCK
- Move GTEST_GMOCK_INSTALL_MISSING_FILE inside
the ($(BR2_PACKAGE_GTEST_GMOCK),y) condition.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Many packages install documentation under /usr/share/lua/.../doc. Add
a TARGET_FINALIZE_HOOK to remove it.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The infra sets _SUBDIR to the correct value, so we can use it to define
_LICENSE_FILES.
This removes the need for LUA_CJSON_VERSION_UPSTREAM.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LuaRocks has a policy that the rockspec and rock filenames are lower
case. However, the upstream name may contain uppercase characters.
We have several packages like that in Buildroot. To simplify the
package .mk files, apply the lowercase from within the infra.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also remove patches that have been merged upstream.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
These defconfigs have been broken due to gcc5 for more than half a year,
and nobody stepped up to fix it. In addition, the rocketboards git
repository used by these defconfigs hasn't been reachable for more than
half a year. Finally, these defconfigs don't even use the
BR2_TARGET_UBOOT_ALTERA_SOCFPGA_IMAGE_CRC option so they are not a
great example for this family of targets.
Remove these defconfigs, as well as the board directory. Both are
removed in a single commit to avoid having an inconsistent readme.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Jan Viktorin <viktorin@rehivetech.com>
Cc: Charles Manning <cdhmanning@gmail.com>
Cc: Sebastien Bourdelin <sebastien.bourdelin@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This defconfig has been broken due to gcc5 for more than half a year,
and nobody stepped up to fix it. Remove it, as well as it board
directory.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Gergely Imreh <imrehg@gmail.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The scripts used for the minnowboards were generic for MinnowBoard and
MinnowBoard MAX. Since we removed the original MinnowBoard, this isn't
necessary anymore.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This defconfig has been broken due to gcc5 for more than half a year,
and nobody stepped up to fix it. Remove it, as well as the files it
references. Update the readme to remove references to MinnowBoard.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adds the python binding for libftdi to buildroot.
Signed-off-by: Christian Kellermann <christian.kellermann@solectrix.de>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The version of the khrplatform.h header bundled with odroid-mali has a
definition of the khronos_intptr_t and khronos_ssize_t that doesn't
match the official Khronos registry headers or the Mesa3D headers. Due
to this, it causes conflicts with some packages that redefines those
types (with the correct definitions), such as libepoxy.
Issue reported upstream at: https://github.com/mdrjr/c2_mali/issues/1
Since nobody bothered fixing the issue even though it has been happening
since July 2016 (first build failure at
http://autobuild.buildroot.net/results/ed8d562ae5fdb472a83f9a07b2f755c80c972c34/),
let's mark this package as BROKEN.
Fixes:
http://autobuild.buildroot.net/results/ca48bb6291ca16e410edb83b5cdeb24847b6eaee/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building sngrep with OpenSSL support in static linking configurations
currently fails due to undefined symbols in the OpenSSL library. It's
the usual problem with using AC_CHECK_LIB() to discover libraries
instead of the pkg-config based PKG_CHECK_MODULES().
Therefore, this commit introduces a patch that switches to using
pkg-config to discover OpenSSL. A preliminary patch is needed, without
which appending to LIBS/CFLAGS doesn't work. Both patches have been
submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/911143de823b2c749ac0a59dfa06adb6ddd3de50/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Even though x264 doesn't use an autoconf generated configure script
(and hence doesn't use the autotools-package infrastructure), it uses
config.guess and config.sub. The ones bundled in x264 are too old to
know about the OpenRISC architecture, so this commit leverages the
UPDATE_CONFIG_HOOK from the autotools-package infrastructure to update
config.sub and config.guess.
Fixes:
http://autobuild.buildroot.net/results/b458c2dff0ecde61248f058092c6eeaa75039cfb
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, we tell cmake where to look for our own custom platform
description by passing the path to the moduls directory on the command
line.
However, this causes two different problems.
First, some packages simply set CMAKE_MODULE_PATH in their
CMakeList.txt, thus overriding our own path, and then our platform
description is not found.
Second, cmake may internally call sub-cmake (e.g. in the try_compile
macro), but the CMAKE_MODULE_PATH is not automatically passed down in
this case.
For the first problem, we could hunt down and fix all offenders, but
this is an endless endeavour, especially since packagers are told to do
so on the cmake wiki [0]:
CMAKE_MODULE_PATH
tell CMake to search first in directories listed in
CMAKE_MODULE_PATH when you use FIND_PACKAGE() or INCLUDE()
SET(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/MyCMakeScripts)
FIND_PACKAGE(HelloWorld)
The second problem could be solved by passing yet another variable on
the command line, that tells cmake to explicitly pass arbitrary
variables down to sub-cmake calls:
-DCMAKE_TRY_COMPILE_PLATFORM_VARIABLES=CMAKE_MODULE_PATH
However, this only covers the case of try_compile. Even though no other
case is known yet, we'd still risk missing locations where we would need
to propagate CMAKE_MODULE_PATH, even some where we'd have no solution
like for try_compile.
Instead, ngladitz on IRC suggested that CMAKE_MODULE_PATH be set
directly from the toolchain file.
And indeed this fixes both problems explained above.
So be it.
[0] https://cmake.org/Wiki/CMake_Useful_Variables
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Ben Boeckel <mathstuf@gmail.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mosquitto combined with version 2.1.0 of libwebsockets yields a failing
system. Version 2.1.1 restores the websocket interface again.
Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
cryptsetup installs a library and a header file, so it makes sense to
install it to staging.
Fixes bug #9691.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since commit 0552a367db ("Remove --{enable, disable}-debug configure flags.")
we do not pass --enable-debug to configure script. The patch to remove -Werror
in this case is thus no longer needed.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>