Commit Graph

55362 Commits

Author SHA1 Message Date
Michael Walle
94807b0bd9 package/rcw-smarc-sal28: new package
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-14 22:30:46 +01:00
Michael Walle
c0ce904fca configs/kontron_smarc_sal28: enable u-boot
Enable building of the bootloader and integrate it into the resulting
image.

Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-14 22:30:46 +01:00
Bernd Kuhls
89cd2549ed package/{mesa3d, mesa3d-headers}: bump version to 20.3.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 22:26:02 +01:00
Fabrice Fontaine
6a2d5ab0ae package/wolfssl: security bump to version 4.6.0
- Fix CVE-2020-36177: RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL
  before 4.6.0 has an out-of-bounds write for certain relationships
  between key size and digest size.
- Drop patch (already in version)

https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 22:26:01 +01:00
Fabrice Fontaine
86b07d220c package/gkrellm: fix client build
Set X11_LIBS to avoid the following build failure:

/home/buildroot/autobuild/run/instance-1/output-1/host/bin/aarch64-linux-gnu-gcc main.o alerts.o battery.o base64.o clock.o cpu.o disk.o fs.o hostname.o inet.o mail.o mem.o net.o proc.o sensors.o uptime.o chart.o panel.o config.o gui.o krell.o plugins.o pixops.o client.o utils.o sysdeps-unix.o deprecated.o log.o winops-x11.o  -o gkrellm \
		 -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lgtk-x11-2.0 -lgdk-x11-2.0 -lpangocairo-1.0 -latk-1.0 -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lpangoft2-1.0 -lpango-1.0 -lgobject-2.0 -lharfbuzz -lfontconfig -lfreetype -Wl,--export-dynamic -lgmodule-2.0 -lglib-2.0 -lgthread-2.0 -pthread -lglib-2.0   -L/usr/X11R6/lib -lX11 -lSM -lICE  -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lssl -lcrypto    -lm -Wl,-E
aarch64-linux-gnu-gcc: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/X11R6/lib'

Fixes:
 - http://autobuild.buildroot.org/results/fff9a48efe3818f67a8f4b0fe3a3a605e4985b3b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 22:25:59 +01:00
Fabrice Fontaine
d47bdd2342 package/gkrellm: fix build with NLS
Fixes:
 - http://autobuild.buildroot.org/results/98d0eda546b09e60eebbd3c3a28493f09dff7e62

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 22:25:58 +01:00
Michael Nosthoff
fe80e8ac8d package/boost: bump version to 1.75.0
* add option for new library Boost.JSON
* drop patch 0001 as it's applied upstream
* host: disable options that were added over time but never disabled for the host-build

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 22:12:34 +01:00
Fabrice Fontaine
d4c01530eb package/rhash: fix build with uclinux
Fixes:
 - http://autobuild.buildroot.org/results/598ca65cf0c7ecf9ceaecb75868b656570ae00d2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 22:00:01 +01:00
Fabrice Fontaine
d5a229551f package/usbutils: needs gcc >= 4.9
Commit 8a26801c9f forgot to propagate the
gcc dependency from libusb to usbutils

Fixes:
 - http://autobuild.buildroot.org/results/ed8706a1ead398b5097b046524e710b1d3d0bb1e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-14 21:59:59 +01:00
Fabrice Fontaine
bbc5268616 package/at: bump to version 3.2.1
There is only one commit between version 3.2.1 and current commit
7c74fa1aece6bc6db351763dc012193d5d634b7e which updates the release file:

6a9efb7dd2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-14 21:52:38 +01:00
Yann E. MORIN
4d03923b6a pkg-generic: host variant use git submodules if target variant does
When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.

This happens in exactly one package in our tree: c-capnproto.

This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.

Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.

Fixes:
    http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/

Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-01-13 23:32:31 +01:00
Fabrice Fontaine
2df32e0d44 package/minicom: use official tarball
Use official tarball (this will also have the nice side-effect of making
MINICOM_VERSION compatible with release-monitoring.org)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 23:03:16 +01:00
Jörg Krause
f07dff2132 package/shairport-sync: bump to version 3.3.7
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 10:35:09 +01:00
Jörg Krause
1f3191b9fa package/ncmpc: bump to version 0.42
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 10:34:50 +01:00
Jörg Krause
b6576a458c package/mpd: bump to version 0.22.3
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 10:34:34 +01:00
Bernd Kuhls
8c06403c7a package/libdrm: bump version to 2.4.104
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 10:34:23 +01:00
Jörg Krause
7805cace8b package/meson: bump to version 0.56.2
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 10:34:08 +01:00
Fabrice Fontaine
c7390708f3 package/wavpack: security bump to version 5.4.0
WavPack 5.4.0 contains a fix for CVE-2020-35738 wherein a specially
crafted WAV file could cause the WAVPACK command-line program to crash
with an out-of-bounds write (see issue #91).

Update hash of COPYING (update in year:
2ce3c069be)

https://github.com/dbry/WavPack/blob/5.4.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 10:05:02 +01:00
Petr Vorel
ef94e70295 {linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-13 10:03:40 +01:00
Yann E. MORIN
3484200391 package/tar: update hash of cpio archive
Commit 37a909cacf (package/tar: drop specific version for host variant)
updated the host variant from 1.29 to 1.32.

However, because there is no longer any upper-limit to the version of
tar accepted from the system, and because tests were conducted on a
recent distribution, there was no need to build the host variant of tar.

As a consequence, updating the hash file was missed.

Do so now.

Also switch to using the new two-space separators.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-01-12 22:01:07 +01:00
Chris Packham
f87315fad5 package/coremark-pro: clean up package
- Use the COREMARK_PRO_MARKS definition from the build recipe to
  generate the coremark-pro.sh
- Use %x:%X as the date stamp in the results file.

Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-01-12 11:50:24 +01:00
Christian Stewart
83aaf5106e package/nvidia-modprobe: new package
nvidia-modprobe package adds a utility and headers for probing the NVIDIA
hardware at runtime.

https://github.com/NVIDIA/nvidia-modprobe

Signed-off-by: Christian Stewart <christian@paral.in>
[Arnout:
 - use upstream Makefile instead of building directly;
 - don't install to staging;
 - remove dependency on host-pkgconf;
 - correct license to GPL-2.0;
 - remove dependency on threads and glibc;
 - add dependency on MMU.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-01-12 00:17:50 +01:00
Peter Seiderer
8a5ba80b86 package/libevdev: bump version to 1.10.1
For details see [1].

[1] https://lists.freedesktop.org/archives/input-tools/2021-January/001555.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 23:10:07 +01:00
Peter Korsgaard
5fa51794c0 package/wireguard-linux-compat: bump version to 1.0.20201221
Fixes a build issue with linux-rt >= 5.4.  For details, see the
announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-December/006210.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:37:25 +01:00
Bernd Kuhls
a0202ffa4a package/nano: fix tiny build
Since upstream commit
https://git.savannah.gnu.org/cgit/nano.git/commit/configure.ac?id=235f92ce093099cd81f14827ab842bd331132790

--enable-color --enable-nanorc are needed for libmagic support in tiny
builds.

Fixes:
http://autobuild.buildroot.net/results/248/24894e62d6cf89d078959b12e67596c821d64696/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:37:00 +01:00
Joel Stanley
99ffc00142 package/pdbg: bump to version v3.2
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:22:54 +01:00
Peter Seiderer
192829cf0d package/git: bump version to 2.30.0
For details see [1].

[1] http://lkml.iu.edu/hypermail/linux/kernel/2012.3/03301.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:22:30 +01:00
Chris Packham
6627cea610 package/coremark-pro: add dependency on threads
Coremark-pro requires threads so add a depends on
BR2_TOOLCHAIN_HAS_THREADS.

Fixes:
- http://autobuild.buildroot.net/results/ab574485a7856fcf5cd643c154c44b4bfcb34a97/

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:21:41 +01:00
Fabrice Fontaine
4d4d5c89d5 package/quota: add CPE variables
cpe:2.3🅰️jan_kara:linux_diskquota is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajan_kara%3Alinux_diskquota

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:19:45 +01:00
Fabrice Fontaine
ded5d180fa package/ed: add ED_CPE_ID_VENDOR
cpe:2.3🅰️gnu:ed is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:14:08 +01:00
Fabrice Fontaine
31b2274c5b package/links: add LINKS_CPE_ID_VENDOR
cpe:2.3🅰️twibright:links is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atwibright%3Alinks

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber >matthew.weber@rockwellcollins.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 22:13:43 +01:00
Fabrice Fontaine
b93d767141 package/cereal: add CEREAL_CPE_ID_VENDOR
cpe:2.3🅰️usc:cereal is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ausc%3Acereal

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 21:55:38 +01:00
Fabrice Fontaine
ee588dbe54 package/libtomcrypt: add LIBTOMCRYPT_CPE_ID_VENDOR
cpe:2.3🅰️libtom:libtomcrypt is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibtom%3Alibtomcrypt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 21:55:12 +01:00
Fabrice Fontaine
d4eefdbed0 package/go: add GO_CPE_ID_VENDOR
golang is the correct CPE ID vendor for the go package, see:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agolang%3Ago

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 21:38:47 +01:00
Fabrice Fontaine
ff13cb9414 docs/manual: replace LIBFOO_CPE_ID_PRODUCT
Replace LIBFOO_CPE_ID_PRODUCT by LIBFOO_CPE_ID_NAME

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 21:37:18 +01:00
Fabrice Fontaine
1a8ec1f9a7 package/libupnp: set LIBUPNP_CPE_ID_VALID
cpe:2.3🅰️libupnp_project:libupnp is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibupnp_project%3Alibupnp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 21:35:30 +01:00
Fabrice Fontaine
376c010974 package/netcat: set NETCAT_CPE_ID_VALID
cpe:2.3🅰️netcat_project:netcat is indeed the right CPE identifier for
this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetcat_project%3Anetcat

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 21:32:33 +01:00
Bernd Kuhls
a9b0a9a515 package/gkrellm: new package
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-11 21:25:12 +01:00
Fabrice Fontaine
70fd6f7dbf package/frotz: needs threads
Fixes:
 - http://autobuild.buildroot.org/results/8443316d8074bf44a82ceeda4630a9acb1254947

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-11 20:38:32 +01:00
Geoffrey Le Gourriérec
f609afb7e8 configs/qemu_*: bump kernel version to 5.4.88
Bump QEMU defconfigs to latest longterm kernel 5.4.88.

Please note that QEMU boards not based on 5.4.y were ignored:
- qemu_csky810_virt_defconfig
- qemu_csky807_virt_defconfig
- qemu_csky610_virt_defconfig
- qemu_csky860_virt_defconfig

Tests were carried out on all QEMU boards using Gitlab [1] (commit
message was slightly different, but the patch is identical)

Additional actions needed were:
- board/qemu/sh4-r2d: Remove one of the two kernel patches [2] provided
  by Alan Modra fixing rodata alignment, carried here by Romain Naour [3]
  to fix an issue preventing kernel from booting with binutils 2.23.
  Patch is present in upstream Linux now.

[1] https://gitlab.com/clumsyape/buildroot/-/pipelines/239483891
[2] https://www.sourceware.org/ml/binutils/2019-12/msg00112.html
[3] https://git.busybox.net/buildroot/commit/?id=a2331c8a61bdd71c47492efc818fb0458a349219

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-11 20:37:59 +01:00
Fabrice Fontaine
85b04bd02a package/nano: drop unrecognized option
wordbounds option has been removed since version 4.0 and
https://git.savannah.gnu.org/cgit/nano.git/commit?id=798695ff1ec0bec2605eb490008f2968a5e8c264

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-11 20:36:32 +01:00
Petr Vorel
54584d233b {linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series
Drop 5.9 stable (EOL).

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Peter: add Config.in.legacy handling for 5.9]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-11 20:17:27 +01:00
Yann E. MORIN
37a909cacf package/tar: drop specific version for host variant
Now that we can generate reproducible archives, with all known tar
versions starting with 1.27, we don't need to clamp the host-tar
version to the old 1.29, and can now bump to any later version.

Drop the host-tar version, and use the same as the target variant.

Note that we still need the _SOURCE trick, to avoid depending on tar
to extract the tar tarball...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
2021-01-10 22:06:58 +01:00
Yann E. MORIN
ec50e407be support/dependencies: drop check for maximal tar version
So far, we checked that the tar present on the host was at most tar
1.29, because tar 1.30 changed the way it generates archives.

Having a maximum tar version requirement meant that we would eventually
always have to build our own host-tar, as distributions are updating
the version they use.

But now, we have found a way to generate reproducible archives starting
with tar 1.27 onward, so we no longer need the check for a maximum tar
version, so we can drop that requirement.

Note: this is semantically a revert of b8fa273d50 (check-host-tar.sh:
blacklist tar 1.30+), but keeping the new, mostly-linear code-path.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
2021-01-10 22:06:58 +01:00
Yann E. MORIN
c043ecb20c support/download: change format of archives generated from svn
Like we recently did for git, switch the archives generated from
subversion to be reproducible whatever the tar version.

We have no in-tree users of the svn backend which also has hashes,
so no hash to update.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
2021-01-10 22:06:58 +01:00
Yann E. MORIN
ccfae17015 support/download: cleanup svn backend
Commit 89f5e9893 (support/download/svn: generate reproducible svn
archives) did what it said, but can be siplified a bit.

Indeed, we are doing an svn export, so we won't have any of the .svn
directories, neither at the root of the extract, nor in any of the
sub-directories.

As such, we do not need to filter them out  when we generate the list
of files to include in the archive.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
2021-01-10 22:06:58 +01:00
Yann E. MORIN
5b95a5dc27 support/download: change format of archives generated from git
Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.

However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.

To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.

So, we bump the git-specific format-version to -br1.

The %ci date  has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.

As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.

Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.

For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

    ---8<------8<------8<------8<---
    #!/bin/sh
    # Find and download all packages using git as backend.
    # Manually fix hashes for affected packages.

    # Packages that only have a host variant
    HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'

    # Packages that have a non-git main _SOURCE, and/or which
    # have BR_NO_CHECK_HASH_FOR for the git _SOURCE
    NOT_GIT='aufs|aufs-util|xenomai|linux-headers'

    export BR2_DL_DIR=$(pwd)/temp-dl-dir

    make defconfig
    make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
                boot/vexpress-firmware/ package/ \
            |sed -r -e 's,.*/([^/]+)\.mk,\1,' \
            |sed -r -e '/^('"${NOT_GIT}"')$/d;' \
                    -e 's/^('"${HOST_ONLY}"')/host-\1/;' \
                    -e 's/$/-legal-info/;'
          )

    ---8<------8<------8<------8<---
2021-01-10 22:06:58 +01:00
Yann E. MORIN
cbe95b1a45 support/download: add helper to generate a reproducible archive
We currently need to generate reproducible archives in at least two
locations: the git and svn download backends. We also know of some
future potential use (e.g. the other download backends, like cvs, or
in the upcoming download post-processors for vendoring, like cargo
and go).

However, we are currently limited to a narrow range of tar versions
that we support, to create reproducible archives, because the gnu
format we use has changed with tar 1.30.

As a consequence, and as time advances, more and more distros are,
or will eventually start, shipping with tar 1.30 or later, and thus
we need to always build our on host-tar.

Now, thanks to some grunt work by Vincent, we have a set of options
that we can pass tar, to generate reproducible archives back from
tar-1.27 and up through tar-1.32, the latest released version.

However, those options are non-trivial, so we do not want to have
to repeat those (and maintain them) in multiple locations.

Introduce a helper that can generate a reproducible archive from
an input directory.

The --pax-option, to set specific PAX headers, does not accept
RFC2822 timestamps which value are too away from some fixed point
(set atcompile-time?):
    tar: Time stamp is out of allowed range

However, the same timestamps passed as strict compliant ISO 8601 are
accepted, so that's what we expect as a date format.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

    ---8<------8<------8<------8<---
    # Here is a Makefile used to test all the versions of tar, with
    # different output formats and different sets of options:
    # Versions prior to 1.27 do not build on recent machines, because
    # 'gets()' got removed (rightfully so), so don't count them as
    # candidates.
    VERSIONS = 1.27 1.27.1 1.28 1.29 1.30 1.31 1.32
    DATE = Thu 21 May 2020 06:44:11 PM CEST

    TARS = \
    	$(patsubst %,test_gnu_%.tar,$(VERSIONS)) \
    	$(patsubst %,test_posix_%.tar,$(VERSIONS)) \
    	$(patsubst %,test_posix_paxoption_%.tar,$(VERSIONS))

    all: $(TARS)
    	sha1sum $(^)

    .INTERMEDIATE: test_%.tar
    test_gnu_%.tar: tar.% list
    	./$(<) cf - -C test \
    		--transform="s#^\./#test-version/#" \
    		--numeric-owner --owner=0 --group=0 \
    		--mtime="$(DATE)" \
    		--format=gnu \
    		-T list \
    	>$(@)
    test_posix_%.tar: tar.% list
    	./$(<) cf - -C test \
    		--transform="s#^\./#test-version/#" \
    		--numeric-owner --owner=0 --group=0 \
    		--mtime="$(DATE)" \
    		--format=posix \
    		-T list \
    	>$(@)
    test_posix_paxoption_%.tar: tar.% list
    	./$(<) cf - -C test \
    		--transform="s#^\./#test-version/#" \
    		--numeric-owner --owner=0 --group=0 \
    		--mtime="$(DATE)" \
    		--format=posix \
    		--pax-option='delete=atime,delete=ctime,delete=mtime' \
    		--pax-option='exthdr.name=%d/PaxHeaders/%f,exthdr.mtime={$(DATE)}' \
    		-T list \
    	>$(@)

    list: .FORCE
    list: test
    	(cd test && find . -not -type d ) |LC_ALL=C sort >$(@)

    LONG = L$$(for i in $$(seq 1 200); do printf 'o'; done)ng
    test: .FORCE
    test:
    	rm -rf test
    	mkdir -p test/bar
    	echo foo >test/Foo
    	echo bar >test/bar/Bar
    	ln -s bar/Bar test/buz
    	echo long >test/Very-$(LONG)-filename
    	ln test/Very-$(LONG)-filename \
    	   test/short

    .PRECIOUS: tar.%
    tar.%: tar-%
    	cd $(<) && ./configure
    	$(MAKE) -C $(<)
    	install -m 0755 $(<)/src/tar $(@)

    .PRECIOUS: tar-%
    tar-%: tar-%.tar.gz
    	tar xzf $(<)

    .PRECIOUS: tar-%.tar.gz
    tar-%.tar.gz:
    	wget "https://ftp.gnu.org/gnu/tar/$(@)"

    .FORCE:

    clean:
    	rm -rf tar-* tar.* test_* test list
    ---8<------8<------8<------8<---
2021-01-10 22:04:33 +01:00
Yann E. MORIN
02798cfa76 core/pkg-infra: allow per site-method sub-version strings
When we want to change the format of an archive we generate (e.g. those
we generate from git trees), the hashes of those archives will change.

To avoid any issue (e.g. an older Buildroot using newer archives, or the
other way around) that would conclude that the hashes do not match, we
want to change the filenames of the generated archives whenever we
change their format.

Introduce a new internal variable, specific to each site method, that we
can set to include a "format version" for the archives generated from
that site method.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
2021-01-10 19:42:04 +01:00
Yann E. MORIN
38a9fdd02f core/pkg-infra: prepare for alternate default source archives
The .tar.gz default extension is historical, and we initially used
to only fetch tarballs from remote sites.

When we introduced downloads from VCS repositories, we kept that
extension, and kept compressing with gz, by lack of good reason to
switch to some other compression scheme.

However, nowadays, we will want to change the way we construct the
tarballs we generate from VCS. This will de facto change the hashes
of those tarballs.

So we will want that the archives we generate do not clash with the
existing ones, so we need another filename. Thus, we need a way to
be able to use a different extension when we generate archives from
VCS.

Use a macro as suggested by Arnout.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
2021-01-10 19:42:04 +01:00