The TI K3 R5 loader package essentially is a wrapper to build a special
version of U-boot SPL used as part of a multi-stage boot flow on TI K3
devices, and as such needs full flexibility as to specifying the U-Boot
sources used for the build. To accomodate this, add the same options as
already available in the regular U-Boot package. For most use cases, the
same source settings (repo URL, versions, etc.) should be used for both
ti-k3-r5-loader and uboot packages.
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For change log, see:
https://netfilter.org/projects/nftables/files/changes-nftables-1.0.8.txt
This commit also adds comments in hash file:
- that pgp signature was verified with links
- that the license file hash was locally computed
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For change log, see:
https://www.netfilter.org/projects/libnftnl/files/changes-libnftnl-1.2.6.txt
This commit also adds comments in hash file:
- that pgp signature was verified with links
- that the license file hash was locally computed
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new _SITE url matches the one published upstream at:
https://gnupg.org/download/
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the RISCV_ISA_RVC config option to match updated RISCV kconfig
instruction set options.
Signed-off-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hss-payload-generator cannot find where u-boot.bin is when looking
for it using the config.yaml. Update syntax issues and working
directories. Fix the post image script to allow an image to get built.
Signed-off-by: Jamie Gibbons <jamie.gibbons@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, when Busybox is enabled, it uses the
package/busybox/busybox.config configuration file, even on noMMU
configurations. As this default configuration enables the 'ash' shell
which isn't available for noMMU targets, Busybox falls back to
enabling the 'hush' shell, but without enabling a number of its
sub-options that are quite relevant. In particular, it doesn't enable
umask, which is used in our startup scripts.
In order to have a default configuration that is more sensible, this
commit changes the Busybox package to use
package/busybox/busybox-minimal.config by default for noMMU
configurations.
Signed-off-by: Jesse Taube <Mr-Bossman075@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enclosure LED Utilities
ledmon and ledctl are userspace tools designed to control storage
enclosure LEDs. The user must have root privileges to use these tools.
These tools use the SGPIO and SES-2 protocols to monitor and control LEDs.
They been verified to work with Intel(R) storage controllers (i.e. the
Intel(R) AHCI controller) and have not been tested with storage controllers of
other vendors (especially SAS/SCSI controllers).
For backplane enclosures attached to ISCI controllers, support is limited to
Intel(R) Intelligent Backplanes.
Signed-off-by: Maksim Kiselev <bigunclemax@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 2a5d90a595 (configs/rock5b: Add patches to fix gcc12 warnings)
introduced the kernel patches in an incorrect directory.
Fix that by moving them in the proper location.
Reported-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since it was introduced in 5a6087d62e (toolchain: add powerpc SPE ABI
support), the CLASSIC vs. SPE choice for the ABI was never really a
choice: CPU without SPE could only use the CLASSIC ABI, while CPUs with
SPE could only use the SPE ABI.
Commit b4c824562b (powerpc: add BR2_POWERPC_CPU_HAS_SPE to replace
adhoc deps/checks) added a blind option that CPUs with SPE would select
rather than duplicate the ad-hoc dependencies in both CLASSIC and SPE
ABI options. Since then, it was even more obvious that the ABI choice
was really not a choice, as the two options have mutually exclusive
conditions.
Drop the useless choice, and directly use the blind option as selected
by the specific CPUs.
We don't need legacy handling, because the situation fixes itself.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other packages, or rootfs overlays, may install certificates, so only
create the certificate bundle as a target-finalize hook.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Linux added mnt_id member to struct statx in commit:
fa2fcf4f1df1559a0a4ee0f46915b496cc2ebf60
Linux 5.4.0 was released on 24. November 2019, but it seems this change
never got backported to 5.4.252.
Upstream added a patch to guard the use of the member in commit:
c0136ac0c9
Add the patch to fix an autobuild failure.
Fixes:
- http://autobuild.buildroot.net/results/d50/d502bc9236b577e2470a30ffc39c21579b038a1c
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch introduces patches for the custom kernel, as it is
currently used for the Radxa Rock 5B. The patches fix two gcc
compiler warnings, which result in a build error, if the kernel
is used with gcc version 12.
Since also the code of custom board drivers for WiFi support is
affected, and no fixes are provided by the vendor, the custom WiFi
support is disabled.
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 7dd27cbe5b (support/download: add support to exclude svn
externals) departed from the usual opt-in scheme, like is done for
git submodule or large files, in an attempt to keep the previous
behaviour unchanged, that is to download externals by default.
As an afterthought, we've concluded that the chances for svn-hosted
packages with externals that are indeed required to do the build,
are relatively slim. For those cases, it even makes sense to explicitly
requested the use of the externals.
So, we change the default to not download svn externals.
Since the generated archives may change, we bump the version suffix.
This will allow users to more easily catch the situation and decide if
they really need the externals or not.
We have a single in-tree package that uses svn, and it does not use
externals, so the generated archive does not change, and we just need
to update the archive filename in the hash file.
Finally, we add a new section to the manual, in the chapter about
migrating Buildroot to a newer version.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This runtime test was suggested in discussion [1]. It should detect
potential runtime failures such as the one fixed in commit eb74998125
"package/nftables: fix the build of the pyhon bindings".
We need a special kernel, because not all nftables-related options are
enabled in the pre-built one.
[1] https://lists.buildroot.org/pipermail/buildroot/2023-August/672864.html
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It is sometimes useful to use docker-run, but with a different image
than the default one. This commit allows to override the image being
used by only defining IMAGE if not already passed in the environment.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: s/\t/ /g]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
After switching to a fresh Fedora 38 installation with SELinux disabled,
we noticed that utils/docker-run doesn't work as the applications
running inside the container are not allowed to accept the data mounted
through the bind mount.
Since we do not really need to isolate and confine the build, but rather
to provide a known environment, we don;t really need to enforce any
SELinux confinment in the container.
So, we tell docker to turn off label confinement for the container:
https://manpages.org/docker-run
--security-opt=[]
Security Options
[...]
"label=disable" : Turn off label confinement for the container
Suggested-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use Antoine's proposal]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, using utils/docker-run expects that the current working
directory is the working copy. This means that it is not possible
to use docker-run with an out-of-tree build (one using O=).
Add the current working directory to the list of mountpoints, and
use that as working directory in the container.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If buildroot is checked out as part of a 'repo' manifest, docker-run
doesn't fully bind mount the .git directory, leading to commands such
as `utils/docker-run make check-package` to fail.
Signed-off-by: Nicolas Boichat <drinkcat@google.com>
[yann.morin.1998@free.fr: use newly introduced mountpoints list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If the user has defined $BR2_DL_DIR in the environment, it would be
nice to have it accessible inside the Docker container, and the
BR2_DL_DIR environment variable set to access it.
This commit does exactly this: it mounts the host $BR2_DL_DIR as /dl
in the container, and sets BR2_DL_DIR=/dl in the container.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use the new mountpoints list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For now, we only ever mount two mountpoints, the main directory (i.e.
the working copy), and the git directory.
To pave the way for adding new mountpoints, we introduce a list of them,
that we sort to ensure that we never mount a shallower mounpoint after a
deeper one (that would shadow the deeper mountpoint).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit
b86adfb89a ("configs/roc_rk3399_pc: new
defconfig") introduced a new defconfig with the relevant entries in
the DEVELOPERS file, but one of these entries points to a non-existing
directory. This commit fixes that.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is the follow-up commit to the 4de60e4 which disables
sourcehighlight dependency for the target GDB package.
Do the same for the host variant to be sure that this
won't be picked up from the host system.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
nftables provides python bindings; it uses setuptools to install them.
We currently install those bindings by telling the nftables buildsystem,
autotools, to install the python bindings.
However, we do not pass any of the environment variables that are needed
for setuptools packages. When host-python-setuptools is installed before
nftables is built [0], this breaks the system at runtime, as the
bindings are not installed; only the egg is, resulting in runtime errors
like:
# python -c 'import nftables'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'nftables'
Upstream has been doing some changes on their python handling, but it is
not in a released version yet, and we can't backport those changes
either, due to other big changes.
Instead, we split the pyhon bindings to their own package.
For legacy handling, we make that new package default to y, so that
existing (def)config still work. The only novelty is that it can be
disabled now.
Many thanks to Julien for testing and finding the offending dependency,
to James for suggesting the package split, and to Adam for, well,
trigerring the issue in the first place! ;-p
Note: a git bisect of the issue turns up 72 candidates for the breakage,
all around the time we dropped python2 support in early 2022; the last
known-good commit is 55df30f8b1 (package/zfs: drop python2 support)
and the first known-bad commit is 697acda00d (package/pkg-python: drop
python2 host/setuptools support); everything in-between does not
configure (package/python/Config.in.host still sourced but already
removed), or does not build (host-python still in the dependency chain
but already removed), so had to be skipped during the bisect.
[0] This can happen when another python package using setuptools is
built before nftables. However, with PPD, this never happens because
host-python-setuptools is never in the dependency chain of nftables.
Reported-by: Julien Olivain <ju.o@free.fr>
Tested-by: Julien Olivain <ju.o@free.fr>
Suggested-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
For more details, see the changelog:
https://mosquitto.org/ChangeLog.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that we build the full host-gettext-gnu, we don't need the
standalone libtextstyle anymore.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[yann.morin.1998@free.fr: split off to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Release notes:
https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.htmlhttps://lists.gnu.org/archive/html/info-gnu/2023-06/msg00003.html
Removed patch 0001, the patched file is not present in this release.
Removed patch 0002 which was applied upstream.
Added comment to gettext-tiny.mk about version bumps.
Since upstream commit
785a89e5df
gettext-runtime is a build-dependency for gettext-tools so we are
building the complete package for the host from now on.
Doing so we can drop the _POST_INSTALL_HOOK, and we can rely of the
in-tree libtextstyle.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The bump to meson 1.2.0 triggers unexpected build failure of the host
packages, because meson changed the way it passes library search paths
when building natively:
59cfbf68e0http://lists.busybox.net/pipermail/buildroot/2023-August/672649.html
As a consequence, the libraries are searched for in the system paths
before being searched in our host-dir, leading to failures when
incompatible libraries are installed in both locations. For example, if
the system has an older version of libglib2 installed, this causes link
failures when one of the glib2 library (e.g. libgio) is linked by path,
but a dependent library (e.g. libgmodule) is linked by name:
/path/to/host/lib/libgio-2.0.so -L /path/to/host/lib/ -lgmodule-2.0
The first is indeed the one we built and installed in host-dir, but the
second is found in the system path; when it is an older (or more
recent?) version than the one we use, the link fails;
/path/to/host/lib/libgio-2.0.so: undefined reference to `g_module_open_full'
Since fixing the issue is not trivial, revert to the previous meson
version that did not exhibit the issue.
This reverts commit d06e610d58.
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
