m68k does not seem to really support PIE as it raises the following
build failure with aer-inject:
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value
We also have another build failure with uclibc on microblazeel:
/home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status
Makefile.in:114: recipe for target '../utils/getconf' failed
So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE
Fixes:
- http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638
- http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (1.33.2):
- CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
In particular, using crypto/x509.Verify on a crafted X.509 certificate
chain can lead to a panic, even if the certificates don’t chain to a
trusted root. The chain can be delivered via a crypto/tls connection to a
client, or to a server that accepts and verifies client certificates.
net/http clients can be made to crash by an HTTPS server, while net/http
servers that accept client certificates will recover the panic and are
unaffected.
Additionally, 1.13.3 fixes a number of issues. From the release notes:
Fixes to the go command, the toolchain, the runtime, syscall, net, net/http,
and crypto/ecdsa packages
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some python scripts may be ran in the custom scripts a user can define
in the config. Allow the user to enable host-python explicitly.
If any of those require ssl, they will fail with no possible fix.
Add an option to enable openssl as well. This is made optional because
openssl significantly increases the build time.
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some python scripts may be ran in the custom scripts a user can define
in the config. Allow the user to enable host-python3 explicitly.
If any of those require ssl, they will fail with no possible fix.
Add an option to enable openssl as well. This is made optional because
openssl significantly increases the build time.
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
It has python3 and nose for python3! :-)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a BR2_PACKAGE_CHRONY_DEBUG_LOGGING config option to allow enabling
compiled-in support for debug logging in Chrony.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
[Arnout: don't enable by default]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In commit 2c8ff251cb ("boot/uboot: add
option to generate env image from default env"), the possibility of
generating an environment image using the built-in U-Boot environment
as a source was added.
This is meant to happen when the string option
BR2_TARGET_UBOOT_ENVIMAGE_SOURCE is empty, but the original commit
added the Config.in help text to BR2_TARGET_UBOOT_ENVIMAGE, which is a
boolean option, and therefore cannot be empty.
Move the help text to BR2_TARGET_UBOOT_ENVIMAGE_SOURCE, where it
belongs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order for the ngrep version to match what is given by
release-monitoring.org, replace '_' by '.' in NGREP_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix several issues with systemd service file installation for gpsd:
- systemd support in the gpsd build was defaulting to enabled or not
based on whether the host system had systemd directories present. Set
this explicitly based on whether BR2_INIT_SYSTEMD is set.
- The installed systemd service files referenced paths in /usr/local when
the actual binaries are installed in /usr. Replace /usr/local with /usr
in the installed service files.
- When BR2_PACKAGE_HAS_UDEV was enabled, all of the binaries were
re-installed again, along with the udev rules, as part of the
post-install hooks. This overwrites the service files that were just
fixed up. Since udev-install implies install, we can just call
udev-install.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
udhcpc6 implements "stateful" DHCPv6 for explicitly requesting an address
and other configuration information. A major difference between DHCPv4
and DHCPv6 is that DHCPv6 does *not* advertise a default route; this is
determined by normal IPv6 autoconfiguration.
Add logic to wait up to IF_WAIT_DELAY seconds for the IPv6 route to be
configured; as above this doesn't come from DHCPv6 but rather the IPv6
Router Advertisement (RA) which happens independently from udhcpc6. The
intent here is to try and ensure that the interface is route-able upon the
script's completion as it would be if called from udhcpc.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
udhcpc6 will call the default script with the stateful address set in the
"ipv6" variable. Set "ip" to this address if present, using the /128 prefix
used by stateful DHCPv6 so the existing renew/bound logic can be used like
in DHCPv4.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The test infra will soon be converted to Python 3 only.
So add the interpreter and also the Python 3 variant of modules nose2
and pexpect to the docker image used to run runtime tests.
Keep the Python 2 variant of those modules to allow a gradual
transition.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds the remaining ssp and relro cases plus both of the
fortify options. The randomization was left consistant between the
options but the order of the conditions placed the most restrictive
hardening options with more priority.
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit bumps ARC toolchain to arc-2019.09-eng002. We want to
test how new toolchain-eng002 builds packages, so we can make fixes
before release of toolcain.
Please note that it is an engineering build and it might have all
kinds of breakages, please don't use it for production builds
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If C++ is enabled, enable cxx exceptions, so libunwind will implement
_Unwind_GetIP which is used by mono (which already depends on C++)
Fixes:
- http://autobuild.buildroot.net/results/dbd64c89815d393a4e28b312d74fd80ee6de92da
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The POSIX functions sched_getscheduler(), sched_setscheduler(),
sched_getparam(), sched_setparam() are technically not correctly
implemented by the Linux syscalls of the same name, because what the
kernel calls a PID and what POSIX calls a PID isn't truly the same,
resulting in somewhat different semantics as to what these functions
exactly apply to.
Details: https://sourceware.org/bugzilla/show_bug.cgi?id=14829
Since the musl developers put a high premium on POSIX compliance, they
deliberately implement these functions to return -ENOSYS instead of
relaying them to the respective Linux syscalls as glibc/uClibc do.
Unfortunally this breaks virtually all Linux programs using these
functions under musl. For example running 'chrt -p 1' fails with
'Function not implemented' on a musl-libc based system.
In particular, it affects embedded systems using these interfaces
for scheduling real-time processes.
As it seems unfeasible to fix all affected programs to manually use
syscall wrappers instead of the libc functions, make musl behave the
Linux way.
Signed-off-by: Stefan Nickl <Stefan.Nickl@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To support using multiple php configuration files, we pass
--with-config-file-scan-dir=/etc/php.d. This allows to put snippets of
PHP configuration files in /etc/php.d.
For php option details see link at [1].
[1] https://www.php.net/manual/en/configuration.file.php
Signed-off-by: Dan Walkes <danwalkes@trellis-logic.com>
[Thomas: make it unconditional]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update first patch
- Drop last patch, not needed since
553978c9a5
- License is Apache-2.0 since version 4.29-9678-rtm and
0e317124ae
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Ogre needs host-swig with pcre support when python interpreter is
present on the target.
Otherwise the build stop with the following message:
"SWIG:7: Error: PCRE regex matching is not available in this SWIG build."
Ogre has been tested using the SampleBrowser binary but some demos
are not working due to missing optional dependencies (nvidia Cg plugin).
See: https://www.ogre3d.org/2019/05/01/ogre3d-1-12-released
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Laurent reported that a short tutorial was missing in the manual to
explain how to reuse a Buildroot toolchain as external toolchain.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Laurent Guillier <laurent.guillier@smile.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: completely rewrite the thing]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change introduces a Qemu board for an Armv7-A target executing
with OP-TEE secure world services. The target Linux based normal world
embeds the standard minimal filesystem with OP-TEE non-secure components
embedded files from OP-TEE test, examples and benchmark packages.
qemu_arm_vexpress_tz_defconfig differs from qemu_arm_vexpress_defconfig.
Supporting both secure and non-secure worlds on the Arm target mandates
a secure world, here OP-TEE OS, and a bootloader to boot both worlds,
here TF-A (boot/arm-trusted-firmware). Here non-secure Linux kernel is
booted through U-boot
TF-A bootloader (BL1/BL2) => OP-TEE (BL32) => U-boot (BL33).
| Executes as secure | Secure | Execs as Non-secure
| Loads BL32/BL33 in RAM | Jumps to BL33 | Always booted after
| Jumps to BL32 once done | as Non-secure | secure world inits
Vexpress and vexpress-tz defconfigs also differs in that Qemu emulates
a Cortex-A9 in the former and a Cortex-A15 in the later. Cortex-A15
is the Armv7-A CPU used in upstream TF-A and OP-TEE OS packages hence
selected here.
Defconfig adds a fragment to the Linux kernel native configuration to
enable OP-TEE driver support.
Defconfig adds a fragment to the U-Boot native configuration set boot
command, enable semihosting and remove U-Boot persistent environment
storage support.
The defconfig also enables build of the Qemu emulator in case the
system installed Qemu does not yet support CPU TrustZone secure state.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Arnout, with the help of Peter: correct spelling mistakes in readme,
fix U-Boot version to 2019.01, download tarball of TF-A instead of git]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since commit 6eacea5a (support/kconfig: bump to kconfig from Linux
4.17-rc2), xconfig uses Qt5, so update prerequisite.txt to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we set TOOLCHAIN_INSTALL_STAGING three times: once
(conditionally) in toolchain.mk, and once each (unconditionally) in
pkg-cmake.mk and pkg-meson.mk.
This is a little bit messy... Set it just once, unconditionally, in
toolchain.mk where it belongs.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 32bec8ee2f
("toolchain-external: copy ld*.so* for all C libraries") changed (among
other things) the glob pattern to catch the dynamic loader from
ld*.so.*
to
ld*.so*
thus now matching files like 'ld-2.20.so' in addition to files like
'ld.so.1'.
However, there is no apparent reason why that change was made. It is
not explicitly mentioned in the commit message as to why that would be
needed, nor is clear based on the rest of the changes in that
commit. But it turns out that it causes too many files to be copied
with some toolchains.
In most toolchains, the structure looks like this:
-rwxr-xr-x 1 tdescham tdescham 834364 Feb 16 21:23 output/target/lib/ld-2.16.so
lrwxrwxrwx 1 tdescham tdescham 10 Feb 16 21:23 output/target/lib/ld.so.1 -> ld-2.16.so
So, a symlink 'ld.so.1' which points to another file. Applications
would have 'ld.so.1' (the link) encoded as program interpreter
(readelf -l <program>, see INTERP entry)
The patterns like 'ld*.so*' are passed as argument to
copy_toolchain_lib_root which is defined in toolchain/helpers.mk.
This macro copy_toolchain_lib_root will find all files/links matching
the pattern. If a match is a regular file, it is simply copied. If it
is a symbolic link, the link is copied and then the logic is
recursively repeated on the link destination. That destination could
either again be a link or a regular file. In the first case we recurse
again, in the latter we stop and continue with the next match of the
pattern.
The problem this patch is solving is when a toolchain does not have
this structure with a link and a real file, but rather two actual
files:
-rwxr-xr-x 1 tdescham tdescham 170892 Feb 16 21:55 output/target/lib/ld-2.20.so
-rwxr-xr-x 1 tdescham tdescham 170892 Feb 16 21:55 output/target/lib/ld.so.1
In this case the pattern 'ld*.so*' would find two regular file matches
and copy both. On the other hand, the pattern 'ld*.so.*' would only
find the 'ld.so.1' file and copy just that. This saves about 170K in
rootfs size.
Closer inspection reveals that this particular toolchain has more such
dedoubled symbolic links, e.g. the standard pattern of
'usr/lib/libfoo.so -> libfoo.so.1 -> libfoo.so.1.0.2' is not present,
and each of these three components are real files. In any case, it is
obvious that the toolchain itself is 'broken'.
That being said, because we have the logic that recursively resolves
symbolic links, TOOLCHAIN_EXTERNAL_LIBS really only needs to contain
the "initial" name of the library to be copied.
Therefore, revert the glob pattern back to what it was.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: improve the commit log with the additional details from Thomas]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/meson installs a cross-compilation.conf file in
$(HOST_DIR)/etc/meson, via TARGET_FINALIZE_HOOKS.
package/pkg-cmake.mk installs a toolchainfile.cmake in
$(HOST_DIR)/share/buildroot, via TOOLCHAIN_POST_INSTALL_STAGING_HOOKS.
Both files have a similar concept, they describe some flags/paths needed for
compilation using respective build systems. One difference is that the meson
file is added for external compilation, from the SDK, while the cmake file
is used internally in Buildroot.
The 'problem' of using TARGET_FINALIZE_HOOKS for the meson file, is that it
installs a 'host' file from target-finalize, which is conceptually incorrect
since not just TARGET_DIR but also HOST_DIR is "regenerated" on a subsequent
'make' when everything was already built (i.e. only target-finalize is run).
This can easily be fixed, by using the same hook as cmake uses, i.e.
TOOLCHAIN_POST_INSTALL_STAGING_HOOKS.
Note that actually even for cmake, TOOLCHAIN_POST_INSTALL_STAGING_HOOKS is
not the best hook to install a host file. A better hook would have been
TOOLCHAIN_POST_INSTALL_HOOKS, but this triggers only for 'host' packages,
and 'toolchain' is treated as a 'target' package.
Also, the hook (and therefore also the definition of
PKG_MESON_INSTALL_CROSS_CONF) is moved to pkg-meson.mk, again to make it
more similar to how it's done for cmake. Otherwise check-package
complains that the meson package is setting variables that don't start
with MESON_.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Just add a new Kconfig option in order to support building kcapi-enc
application.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
"mount" from the "util-linux" package does expect the helper utilities
in "/sbin" and not "/usr/sbin". We use "--exec-prefix=/" to fix the
issue. The man-pages are then still installed under "/usr/share/man".
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
That is useful and needed for upcoming introducing stm32mp157a-dk1 board.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the "Run a getty" option is disabled, sysvinit doesn't remove the
/etc/inittab line from previous builds. With this patch, the line is
correctly commented out.
Based on similar change made by Stephen Bos <stephen.bos@hagergroup.com>
and Christophe Blaess <christophe.blaess@logilin.fr> for busybox.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new package provides mdevd, a small daemon managing kernel hotplug
events similar to udevd.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When the "Run a getty" option is disabled, busybox doesn't remove the
/etc/inittab line from previous builds. With this patch, the line is
correctly commented out.
Signed-off-by: Stephen Bos <stephen.bos@hagergroup.com>
Co-authored-by: Stephen Bos <stephen.bos@hagergroup.com>
Co-authored-by: Christophe Blaess <christophe.blaess@logilin.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While at it, drop the "Calculated based on the hash above" comment,
which doesn't make any sense: you don't calculate a hash based on
another hash.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://cgit.freedesktop.org/libreoffice/cppunit/tree/NEWS
Added sha256 hash provided by upstream, and therefore drop our locally
calculated sha512 hash. Add hash for the license file as well.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use support/scripts/genimage.sh, instead, which prevents duplicating
TARGET_DIR under ${BUILD_DIR}/genimage.tmp/root.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>