Failure output
SecurityCertificateManager.lo
SecurityCertificateManager.cpp: In static member function 'static void dtn::security::SecurityCertificateManager::validateSubject(X509*, const string&)':
SecurityCertificateManager.cpp:208:53: error: 'memcmp' was not declared in this scope
if(memcmp(utf8_eid, utf8_cert_name, utf8_eid_len) == 0){
Upstream
122fa8ed49
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f88947c2fe (package/mender: adding systemv init file) added an init
script, but the installation logic referred to S04mender instead of S42mender.
Update the installation logic to match the file name.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Peter: expand commit message description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some package builds may fail when environment variables are present with the
same names as make variables in a package. This is a bigger problem for
environment variables with generic names, like 'PLATFORM' and 'OS'.
'PLATFORM' is for example a problem for host-acl.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds a readme file with basic instructions to get mender up
and running on a production system.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to have the mender package working out of the box, the
/etc/mender/device_type should be present and should contain a
valid device_type value.
This patch provides a default file that can be overridden easily
from an overlay.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to have the mender package working out of the box, the
/etc/mender/artifact_info should be present and should contain a
valid artifact_name value.
This patch provides a default file that can be overridden easily
from an overlay.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds a service file for the init system v.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Acked-by: <aduskett@gmail.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Peter: fix typo in stop()]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mender needs /var/lib/mender to be writable at the service start, the
path is hardcoded and thus we cannot change it.
This patch solves the problem using the same approach we have for
dropbear.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/a5b/a5bd8969c398fc3101ffaec4aa715a827aec5770/http://autobuild.buildroot.net/results/441/44112e8ad03f47125bbf4b231d800ebd5beef24b/
After commit 122089ad (package/netsurf: use TMP_PREFIX inside the build
directory), the build fails with:
COMPILE: src/stylesheet.c
In file included from src/stylesheet.c:12:0:
src/stylesheet.h:14:39: fatal error: libwapcaplet/libwapcaplet.h: No such file or directory
#include <libwapcaplet/libwapcaplet.h>
The reason is that netsurf installs its internal libraries to TMP_PREFIX
during the build, and uses pkg-config to add the correct include/linker
flags when building/linking the rest. Unfortunately this fails badly, as we
prefix STAGING_DIR to the paths returned by pkg-config, causing gcc to fail
to find the header / library files.
This worked (by accident) when we pointed TMP_PREFIX to STAGING_DIR/usr, as
STAGING_DIR/usr/include and STAGING_DIR/usr/lib are in the standard
include/library search paths.
Fix it by adding TMP_PREFIX/include and TMP_PREFIX/lib to the
include/library search paths. We cannot easily add them to CFLAGS/LDFLAGS
as the makefiles do not use override when appending to them, so instead pass
both in CC (which is also used for linking).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a branch to the static repo and check on the git refs test case the
download of a git package:
- with a sha1 reachable by a branch name, but not pointed by it, as
version. This is the most common use case for git refs in the tree;
- with a partial sha1 of a commit reachable by a branch as version;
- with a sha1 of the commit head of a branch as version;
- with a partial sha1 of the commit head of a branch as version;
Enforce the download always occurs by removing the BR2_DL_DIR used for
the tarballs generated by the git download infra.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some statements are missing their semicolons.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Acked-by: <angelo@amarulasolutions.com>
Tested-by: <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With javascript, when comparing variables, using === instead of ==
is preferred.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Acked-by: <angelo@amarulasolutions.com>
Tested-by: <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In javascript, let is preferred for local, var is preferred for global.
Change any local variables from "var" to "let"
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Acked-by: <angelo@amarulasolutions.com>
Tested-by: <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Don't override the user-provided ARCH when cross-compiling otherwise
ARCH won't be correct for armv5, aarch64 and x86_64
Fixes:
- http://autobuild.buildroot.org/results/2dfc0e10da25a8382a43557420d7dc3444c02dbb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- use BR2_TOOLCHAIN_HAS_UCONTEXT
This is used to set -DOPENSSL_NO_ASYNC if needed.
- apply the CFLAGS correctly when compiling with -Os (bugfix).
- use -latomic when needed
This fixes the build for br-sparc-uclibc-2018.05
- don't use madvise() if no MMU
Trying to do so results in undefined reference to madvise() as
it is not available on uclibc without MMU.
The original openssl code checks if a macro used in the madvise call
is defined. The problem comes from the fact that the code in
crypto/mem_sec.c also includes a kernel header defining the same macro
unconditionally. Thus the check is always true in that case.
Upstream: https://github.com/openssl/openssl/pull/8089
- don't compile test/fuzzers
These binaries introduced with 1.1.x sometimes do not compile.
This is the case with the br-arm-cortex-m4-full toolchain
- don't build ocsp daemon if no MMU.
Patch from Richard Levitte.
- correctly enable cryptodev engine
Thanks to Arnout Vandecappelle for spotting this.
- remove all parallel build patches (openssl build-system changed)
- rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
to apply to Configurations/unix-Makefile.tmpl (Makefile template)
- removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
(upstream applied)
- rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
apply to crypto/build.info (Makefile template)
- fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
- remove legacy enable-tlsext configure option
- remove target/host libdir configure options, fixes openssl.pc installation
path, fixes wget compile
- change legacy INSTALL_PREFIX to DESTDIR
- remove 'libraries gets installed read only, so strip fails'
workaround (not needed anymore)
- change engine directory from /usr/lib/engines to
/usr/lib/engines-1.1
- change license file hash, no license change, only the following
hint was removed:
Actually both licenses are BSD-style Open Source licenses.
In case of any license issues related to OpenSSL please
contact openssl-core@openssl.org.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC uses thunk functions to adjust the 'this' pointer when calling C++
member functions in classes derived with multiple inheritance.
Generation of thunk functions requires support from the compiler back
end. In the absence of that support target-independent code in the C++
front end is used to generate thunk functions, but it does not support
vararg functions.
Support for this feature is currently missing in or1k and xtensa
toolchains.
Add hidden option BR2_TOOLCHAIN_SUPPORTS_VARIADIC_MI_THUNK that
indicates presence of this feature in the toolchain. Add dependency to
packages that require this feature to be built.
Fixes:
http://autobuild.buildroot.net/results/c9e660c764edbd7cf0ae54ab0f0f412464721446/http://autobuild.buildroot.net/results/9a3bf4b411c418ea78d59e35d23ba865dd453890/
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switching to CMake as the autotools are not crosscompiler compatible.
Removed the patches related to autotools as no longer used.
Added patch to avoid linker issue.
Added license hash.
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
setlocalversion will use 'hg id' to determine whether or not the current
revision is tagged. If there is no tag, the Mercurial revision is printed,
otherwise nothing is printed.
The problem is that the user may have custom configuration settings (in
their ~/.hgrc file or similar) that changes the output of 'hg id' in a way
that the script does not expect. In such cases, the Mercurial revision may
not be printed or printed incorrectly.
It is good practice to ignore the user environment when calling Mercurial
commands from a well-defined script, by setting the environment variable
HGRCPATH to the empty string. See also 'hg help environment'.
In the particular case of Nokia, a custom extension adds dynamic tags in the
repository, i.e. tags that are stored in a file external to the repository
and only visible when the extension is active. These tags should not
influence the behavior of setlocalversion as they are not official Buildroot
tags, i.e. even if a revision is tagged, the Mercurial revision should still
be printed.
Note that this still does not solve the problem where an organization adds
_real_ tags in their Buildroot repository. For example, there might be a
moving tag 'last-validated' or tags indicating in which product release that
Buildroot revision was used. In these cases, setlocalversion will still not
behave as expected, i.e. show the Mercurial revision.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When Buildroot is stored in a Mercurial repository on a branch other than
'default' ('master' in git terms), setlocalversion (used to populate
/etc/os-release) will incorrectly think that this is a tagged version and
will NOT print out the revision hash.
This is due to the fact that the output of 'hg id' is assumed to be
"<revision> <tags-if-any>"
but when on a branch it actually is:
"<revision> (<branch>) <tags-if-any>"
To let setlocalversion receive the output it expects, explicitly ask 'hg id'
to retrieve only the revision hash and any tags, ommitting any branch
information.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rtmpdump does not support openssl 1.1.x, has not seen any changes upstream
since 2015, is only used with the gnutls backend in Debian and Fedora.
There exists a 3rd party patch for openssl 1.1.x support:
https://github.com/JudgeZarbi/RTMPDump-OpenSSL-1.1
But there is an open issue reported about a crash in the handshake code
(which is modified by the patch):
https://github.com/JudgeZarbi/RTMPDump-OpenSSL-1.1/issues/1
And the README for the repo states:
I modified a few of the files in the librtmp directory to conform to the new
getters and setters in OpenSSL 1.1.0. I don't claim to be a security
expert, and neither have I had any experience with OpenSSL in a programming
sense, so I'm not sure exactly if it's correct, but it compiles and seems to
work for what I use it for.
Which does not sound very reassuring, so instead drop the openssl support.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All upcoming tests for git refs will rely on the return code of make to
determine whether a git ref can be downloaded or not and also to
determine whether the downloaded content is correct (all of this taking
advantage of the check-hash mechanism already in place for git
packages).
So to avoid false results i.e. in the case the check-hash mechanism
become broken in the master branch, add some sanity checks before the
actual test of download git refs.
Add the minimum test case for git refs containing only sanity checks.
Reuse the commit in the static repo.
Add a br2-external with two packages to check that:
- trying to download an invalid sha1 generates an error;
- downloading a valid sha1 that contains unexpected content generates
an error.
In order to ease the maintenance and review, each upcoming patch adding
checks to this test case will add at same time the commits to the static
repo, the equivalent packages to the br2-external and code to the test
case.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
>From the releases at https://github.com/oetiker/rrdtool-1.x/releases
which mentions this is not a user facing release but attempts to
be more robust against odd input.
Signed-off-by: Charles Hardin <charles.hardin@storagecraft.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pypi now proves a sha256 hash as well.
Drop 0001-setup.py-make-pip-optional.patch as upstream has now completely
removed the docker-py checks:
accb9de52f
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The riscv-glibc repository version of glibc 2.26 will build for
RISC-V 32bit, but when many packages are built against the resulting
library an 'unknown type name mcontext_t' error is reported. The
definition of mcontext_h in the ucontext.h header file needs to be
moved outside of the '#ifdef __USE_MISC' structure to fix this
issue.
Fixes:
http://autobuild.buildroot.net/results/5aa9cb29c459f511dc9c4fcf218dc9a842505aa3
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Utility for testing pluggable authentication modules (PAM) facility.
While specifically designed to help PAM module authors to test their
modules, that might also be handy for system administrators interested
in building a centralised authentication system using common standards
such as NIS, SASL and LDAP.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Peter: drop spelling fix patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The compiler recognizes a specific 'march' value for Octeon III processors,
so create a 'Target Architecture Variant' entry for it in the target menu.
Note: support for '-march=octeon3' was added in gcc 5.x. However, the
official compiler provided by Marvell (Cavium Networks) uses gcc 4.7.x (and
supports -march=octeon3 via their own modifications). For this reason, no
line 'select BR2_ARCH_NEEDS_GCC_AT_LEAST_5' is added.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The compiler recognizes a specific 'march' value for Octeon II processors,
so create a 'Target Architecture Variant' entry for it in the target menu.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It's unclear why Buildroot only defined MIPS 32/64 releases 1, 2, 5 and 6
while 3 exists as well.
Interesting fact:
"Release 4 was skipped because the number four is perceived as unlucky in
many Asian cultures."
https://en.wikipedia.org/wiki/MIPS_architecture#MIPS32/MIPS64
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patch 0001 is no longer needed as it has been ported to this version.
Also, the README changes but the licence is still GPL-2.0+
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ld-*.so and libpthread*.so* are not stripped in the same way as other
binaries because some applications need symbols in these libraries in
order to operate correctly.
However, the special handling for these binaries ignores the usual
BR2_STRIP_EXCLUDE_* rules so it is not possible to build an image which
has debugging symbols in these binaries.
Pull out the common find functionality so that we can build two find
commands that re-use the common exclusion rules.
Fix-suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: John Keeping <john@metanate.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add one test case to ensure the hash is checked for git packages:
- correct hash;
- wrong hash;
- no hash file.
Add required infra:
- a GitRemote class, that can start a git server in the host machine to
emulate a remote git server under the control of the test;
- a new base class, called GitTestBase, that inherits from BRTest and
must be subclassed by all git test cases.
Its setUp() method takes care of configuring the build with a
br2-external, avoiding to hit http://sources.buildroot.net by using
an empty BR2_BACKUP_SITE. It also avoids downloading not
pre-installed dependencies (i.e. lzip) every time by calling 'make
dependencies' using the common dl directory, and it instantiates the
GitRemote object.
Besides the Python scripts, add some fixtures used during the tests:
- a br2-external (git-hash) with one package for each part of the test
case;
- a static git bare repo (repo.git) to be served using GitRemote class.
Neither the br2-external nor the check hash functionalities are the
subject of these tests per se, so for simplicity limit the check to the
error codes and don't look for the messages in the log.
Thanks to Arnout for the hint about how to add a bare repo to test.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: split long line; reorder imports to satisfy flake8]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This tool is used to send commands to imx6 based hardware using NXP's
UTP protocol.
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Initially used by the host build of the utp_com package.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds a config option which will force buildroot to
build all host dependencies even if they are already present on the
host system. This may be a desirable option if different hosts are
used to build the same source. In this case, some packages will be
built on one host that are not built on another. This is problematic
if build source archives are cached afterwards for offline builds.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Peter: reword, drop exit 1, reshuffle]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The color for 'extract' is very similar to the one for 'install-images'.
Both are cyan-like.
Replace the former by a pale blue to make all colors sufficiently distinct.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Total build time also involves download. Getting a visibility on the impact
of that step can be important for users/admins, e.g. to evaluate different
methods of BR2_PRIMARY_SITE.
Colors used are some kind of purple (primary scheme) and light orange
(alternate scheme).
Signed-off-by: Mathias De Maré <mathias.de_mare@nokia.com>
[ThomasDS: rebase and update colors to avoid confusion]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add config options for a few pugixml configurables.
- Xpath support is enabled by default but has a size impact. Disabling it
reduces the size significantly (it almost halves). Output of 'size' on the
library compiled for x86:
- Xpath support enabled
160374 1244 28 161646 2776e output/target/usr/lib/libpugixml.so.1.7
- Xpath support disabled
92754 880 8 93642 16dca usr/lib/libpugixml.so.1.7
- Compact and header-only modes are not strictly needed for our use case, but we
did the work anyway and may be useful for someone else.
Signed-off-by: Wouter Vermeiren <wouter.vermeiren@nokia.com>
[ThomasDS:
- align with Buildroot coding style
- retain only feature options: xpath, compact mode, header-only]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Previously the sysv init script install was conditional based on ntpd
being selected, now that sntp also has an init script and could be
selected independent of ntpd, a common install is necessary.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch rework the use of query.yahooapis.com to do the conversion
from xml to json required by our script and moves to the use of a js
library. Datas are therefore now converted in json format on the client.
Unfortunately, cause of the CORS restriction on nabble and
buildroot.org, we cannot retrieve directly the xml data from these
servers and we need a CORS proxy to do that.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Peter: use sha256 integrity]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>