package/openrc has the file sysv-rcs which starts sysvinit services
not written for openrc. However, currently it is not installed to
the target.
Install this file to $(TARGET_DIR)/etc/init.d during the
target_install step.
Signed-off-by: Adam Duskett <aduskett@greenlots.com>
[yann.morin.1998@free.fr: use full-path for destination, not just dir]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There is no posix.wrappers anymore, but cobalt and modechk. Those only
play a role when building in combination with wrap-link.sh.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
That's a testsuite tool.
Rename XENOMAI_REMOVE_SKIN_LIST at this chance as it's cleaning
libraries, not only skins. Ditto, rename the hook accordingly.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
[yann.morin.1998@free.fr: also rename the hook]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security vulnerabilities:
- CVE-2019-14889: Unsanitized location in scp could lead to unwanted command
execution.
And adds various hardening improvements. For details, see the announcement:
https://www.libssh.org/2019/12/10/libssh-0-9-3-and-libssh-0-8-8-security-release/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BR2_PACKAGE_GLIBC_UTILS config must not exist if we use other libc than glibc
Signed-off-by: Arthur Courtel <arthur.courtel@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Switched to latest version on GitHub as linuxco.de is no longer
active. The appropriate entry for tcping on release-monitoring.org
has been updated and a new mapping has been added for the Buildroot
project.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security vulnerabilities (in npm):
- CVE-2019-16775: Versions of the npm CLI prior to 6.13.3 are vulnerable to
an Arbitrary File Write. It is possible for packages to create symlinks
to files outside of thenode_modules folder through the bin field upon
installation
https://www.npmjs.com/advisories/1436
- CVE-2019-16776: Versions of the npm CLI prior to 6.13.3 are vulnerable to
an Arbitrary File Write. It fails to prevent access to folders outside of
the intended node_modules folder through the bin field
https://www.npmjs.com/advisories/1434
- CVE-2019-16777: Versions of the npm CLI prior to 6.13.4 are vulnerable to
an Arbitrary File Overwrite. It fails to prevent existing
globally-installed binaries to be overwritten by other package
installations
https://www.npmjs.com/advisories/1437
For further details, see the upstream announcements:
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-clihttps://nodejs.org/en/blog/vulnerability/december-2019-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wavpack optionally depends on libcrypto since version 5.2.0 and
e158df5353
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch to github to get latest version
- Drop patches (already in version)
- Fix CVE-2018-19840: The function WavpackPackInit in pack_utils.c in
libwavpack.a in WavPack through 5.1.0 allows attackers to cause a
denial-of-service (resource exhaustion caused by an infinite loop) via
a crafted wav audio file because WavpackSetConfiguration64 mishandles
a sample rate of zero.
- Fix CVE-2018-19841: The function WavpackVerifySingleBlock in
open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers
to cause a denial-of-service (out-of-bounds read and application
crash) via a crafted WavPack Lossless Audio file, as demonstrated by
wvunpack.
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Microblaze ld emits warnings like:
'
FDE encoding in
CMakeFiles/KF5CoreAddons.dir/KF5CoreAddons_autogen/mocs_compilation.cpp.o(.eh_frame)
prevents .eh_frame_hdr table being created
'
Since '-Wl,--fatal-warnings' is passed by default, build fails, so don't
treat warnings as errors by appending "-Wl,--no-fatal-warnings" to
CMAKE_SHARED_LINKER_FLAGS that is previously defined in package
dependency kf5-extra-cmake-modules.
Fixes:
http://autobuild.buildroot.net/results/f19/f198c86930535c50393e17fc7a70fb4f27b096ee/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The polkit daemon requires a polkitd user with permission to access the
following directories:
- /etc/polkit-1
- /usr/share/polkit-1
The /usr/bin/pkexec file must be owned by owned by root with the
permissions 4755 or else the error "pkexec must be setuid root" is
thrown when it's ran.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
compatibility with Lua 5.0 was removed in LuaJIT/moonjit 2.1.x
(Lua 5.1.x and LuaJIT 2.0.x have this compatibility)
Fixes:
http://autobuild.buildroot.org/results/4e428df01def186cb034a1774f6c00e2e7c9468c/
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: add comment on .mk file]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
[yann.morin.1998@free.fr:
- use the git tree instead of the 8-year old freshmeat webpage
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(Err)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
[yann.morin.1998@free.fr: use offical (de) homepage]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
License files were updated since the previous version.
This patch update to the new license hashes. It also fixes the
"make legal-info" command failure due to the hash mismatch.
Fixes:
- http://autobuild.buildroot.org/results/d9d/d9d82dd6727b82a643cbb75ca33b88a4636bd5fe
Signed-off-by: Julien Olivain <juju@cotds.org>
[yann.morin.1998@free.fr: add autobuilder reference]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cthe test-case for python-gitdb2 consists solely in verifying that the
module can indeed be imported.
However, flake8 errors out on unused imports. Furthermore, it also
errors about wildcard imports, as it can detect unused symbols.
Squelch those errors.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This allows the user to enable/disable manually the unit.
It is enabled by default
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- split logn lines
- no need for continued line (no use for ';\' )
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
upstream-provided service has no WantedBy, which means that rauc won't
be enabled by default
Add a WantedBy instead of manually creating the symlink so the user can
enable/disable the unit properly
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- split long line
- no need for continued line (no use for ';\' )
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using a manual symlink we use add a DefaultInstance= to the
config file
This is how upstream wants us to do it and allows systemctl preset to
correctly restore it if needed
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- split long line
- no need for continued line (no use for ';\' )
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All services were installed but not enabled.
This change enables the non-templated service but disables the
templated ones.
Enabling the templates creates weird links which are probably an
upstream bug.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
NM has three services
* NetworkManger.service : the main daemon
* NetworkManger-dispatcher.service : a daemon handling network callbacks
* NetworkManager-wait-online.service : sync of other services with network-online
Only the first two were activated. We now also enable
wait-online. Not enabling it was probably a bug.
Note that buildroot adds an alias dbus-org.freedesktop.NetworkManager
Adding an alias that is not known upstream is not clean,
but I left it for backward compatibility
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
linuxptp has two services
* linuxptp.service : the actual daemon
* linuxptp-system-clock.service : sync the linux clock to the phc clock
The first was enabled, the second was not, we now enable both
The second has an incorrect (though harmless) WantedBy : there is an
explicit Wants= in linuxptp.service
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
connman has two services
* connman.service which is the real daemon
* connman-wait-online.service which is a sync point for network-online.target
Only the first one was enabled. This adaptation enables both.
Not enabling connman-wait-online.service is probably a bug
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr: fix check-package errors]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All these packages have an upstream-provided service, but buildroot
enabled manually the services in exactly the same way as the [Install]
section.
This is not needed anymore
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr: fix check-package errors]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All the packages in this list have the following properties
* units are provided by buildroot in the package directory
* the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the
[Install] section of the unit does
The fix removes the soflinking in the .mk file
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Handling of tty is a bit tricky, we need to aggressively disable what
systemd does with tty1 then update for what buildroot wants to do
Rework the whole tty generation to work with presets
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- fold long lines
- drop spurious empty lines removals
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
since v234 upstream recommands using systemctl preset-all to enable units.
* add a buildroot specific preset file
* use that file to disable getty@tty1
* make systemd depend on host-systemd
* remove all link-creating code that systemd does for us.
Most packages will not be affected by this change, but a few packages
were installing units without manually enabling them. Those packages
will now be automatically enabled.
The fact that those packages were not enabled is almost certainly a bug,
but it is a change of behaviour that needs to be reported
host-systemd also builds udevadm for the host. That means we no longer
need to depend on host-eudev to provide udevadm (that would conflict).
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- also remove the hwdb sources on fs generation
- fix check-package errors
- few typoes and reformatting in commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The relative paths currently used to install the systemd units causes an
incorrect installation, where units are installed in (notice the double
usr in the paths):
target/usr/usr/lib/systemd/system/sysrepod.service
staging/usr/usr/lib/systemd/system/sysrepod.service
Fix that by using an absolute path.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- split into its own commit
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add the infrastructure to build the host version of systemd
* disable all optional features, they can be re-added when needed
* systemd has creative way of dealing with cross compile
we build a "normal" host systemd, but install it in $HOST_DIR
we use systemctl --root to correctly act on TARGET_DIR
* we need to adjust RPATH using patchelf because meson can't do it
correctly by itsel
The first question is: why do we use --prefix=/usr ?
systemd will store its --prefix in all the executables it generates. As
such, systemctl will have a hardcoded 'prefix', where it will manipulate
and create files/symlinks in. When called natively, this is nice and
shinny.
However, for cross-setup, that does not work obviously.
So, systemd has its tools know about the 'root' directory where this
prefix should be related to. We can call systemctl --root=$(TARGET_DIR)
and systemctl wil do the links and such in there.
However, it does so by appending its known prefix to it.
So, if we were to configure host-systemd as we usually do, with
--prefix=$(HOST_DIR), then when we would call host systemctl --root=$(TARGET_DIR)
it would look for files in $(TARGET_DIR)/$(HOST_DIR), which is wrong.
Calling the host systemctl without --root is also wrong, as it would look for
files in $(HOST_DIR)
So, there is no satisfying official support for this case.
The trick then, is to configure systemd with the prefix it would expect
at runtime (on the target!), that is with /usr, but install out-of-tree.
That was it for the first part of the question: why do we use --prefix.
Now, the second question is: why do we need to muck up with the rpath
after installation?
Well, this boils down to meson (and not systemd itself). When it
installs executables, meson will handily insert whatever rpath the
package meson.build would tell it to use. systemd installs libs in
$(prefix)/lib/systemd and has a NEEDED to those libs, so it uses an
RPATH to find those libs, and meson does inject that RPATH into the
installed executables.
However, we Buildroot also want to insert our own RPATH, because systemd
uses util-linux' libs and libcap, installed in $(HOST_DIR), so it needs
our RPATH.
However, meson can not extend the RPATH from the LDFLAGS in the
environment; meson can only set the RPATH from what it knows about from
the package's meson.build.
That, in addition to the --prefix=/usr issue above, means that the
executables installed by host-systemd have an RPATH set to
/usr/lib/systemd. when we would want it to be set to
$(HOST_DIR)/lib:$(HOST_DIR)/lib/systemd
That's what is done in the post-install hook: set the RPATH to the
appropriate values.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- reformatting in commit log
- declare host variant after target variant
- simplify comments
- slight reordering of variable (HOST_SYSTEMD_NINJA_ENV moved)
- reformatting for mutli-line variable (HOST_SYSTEMD_HOST_TOOLS)
- don't split HOST_SYSTEMD_CONF_OPTS in two sets
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch bumps Linux CIP RT version to 4.19.82-cip14-rt5.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP version to 4.19.88-cip16.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For now, the extractor dependencies were only calculated for
<pkg>_SOURCE, so if the package manually downloads another file using
<pkg>_EXTRA_DOWNLOADS and then extracts it with $(call
suitable-extractor), we are missing the corresponding dependency on
the appropriate extracting tool.
Since the vast majority of <pkg>_EXTRA_DOWNLOADS are compressed files
that will be uncompressed at build time, it makes sense to derive the
corresponding extractor dependencies directly in the common package
infrastructure, rather than having each and every package using
<pkg>_EXTRA_DOWNLOADS making this effort.
On a system without xzcat, before this patch:
$ make printvars VARS=HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES
HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES=host-tar
After this patch:
$ make printvars VARS=HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES
HOST_GETTEXT_TINY_EXTRACT_DEPENDENCIES=host-tar host-xz
This commit most notably fixes the build of host-gettext-tiny on
systems without xzcat, and with per-package support enabled. Indeed,
the main _SOURCE for gettext-tiny is a .gz file, but it has a .xz file
in its _EXTRA_DOWNLOADS, which is then extracted. Except that xzcat
being missing from the dependencies, it is not built.
Fixes:
http://autobuild.buildroot.net/results/83c6d47c06334bef27791a59bdd491b1de124c49/
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of manually calculating the EXTRACT_DEPENDENCIES value based
on the archive extension, let's use the newly introduced
extractor-pkg-dependency macro.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that we have the EXTRACTOR_PKG_DEPENDENCY.* variables available,
we can use them to implement extractor-system-dependency: if for a
given archive type, the corresponding EXTRACTOR_PKG_DEPENDENCY.<type>
variable is empty, then it means we need the corresponding extractor
tool to be provided by the system.
Following this, EXTRACTOR_DEPENDENCY_PRECHECKED_EXTENSIONS is no
longer used, so we can drop it from support/dependencies/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
To extract some archive types, if the extracting tool is not available
on the system where Buildroot runs on, we build it using a Buildroot
host package.
Such dependencies are currently explicitly handled by the
inner-generic-package macro, but in fact we also need to handle them
in all places where the "suitable-extractor" macro is invoked, and
some packages invoke it directly. Otherwise, such packages may be
missing a dependency to the appropriate host Buildroot package
building the extracting tool they need. An example is gettext-tiny,
whose source code is a gzip-compressed tarball, but in addition
manually extracts a xz-compressed tarball.
This extractor-pkg-dependency macro will be used in follow-up commits
to ensure all the packages that use suitable-extractor properly add
the correct dependencies.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a simple test case that imports the module.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GitDB allows you to access bare git repositories for reading and
writing. It aims at allowing full access to loose objects as well as
packs with performance and scalability in mind. It operates
exclusively on streams, allowing to handle large objects with a small
memory footprint.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas: fix license]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>