These files are part of Mender sources and no point in keeping duplicate
files locally.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tenant Token is a configuration option that has to do with Hosted Mender,
where you you need to set this for the devices to connect to the
correct organization in a multi-tenant system.
The removal of tenant.conf usage (and /var/lib/mender/authtentoken)
was in Mender client version 1.2.0, where it was switched to be an mender.conf
option instead as the example above demonstrates. As the first version that was
integrated in Buildroot was 1.4.0, the inclusion of tenant.conf and the
creation of the symlink is not necessary.
Now it is specified as such in mender.conf:
Example:
/etc/mender/mender.conf
{
TenantToken: "very long base64 encoded string"
}
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Mender client uses fw_printenv/fw_setenv to manipulate the U-boot
environment, e.g to change the boot candidate after a update has been
done.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mender state-scripts are essentially "hooks" that can be provided to
influence the update flow.
They should be placed inside /etc/mender/scripts and the directory must
contain a file containing the current state-script format version. It is
currently "2".
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current values that are in mender.conf will actually
cause the Mender client to fail to start because of invalid
values.
Provide sane default values that at least allow the Mender client
to parse the configuration options and start running.
The values provided will actually work in a "Demo Environment",
see https://docs.mender.io/getting-started/create-a-test-environment.
Though an entry is required in /etc/hosts to resolve the URL to the
local IP address of the running demo server.
Example:
echo "192.168.0.10 docker.mender.io s3.docker.mender.io" >> \
/etc/hosts
Above is required because the demo certificate
(/etc/mender/server.crt) is created for https://docker.mender.io.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These scripts are used to generate the device identity and to populate
the the device inventory. The Mender client will call these and at least
the mender-device-identity is required to be present at the correct
location. Inventory scripts are there as an example and not
actually required.
Example output from identity script:
$ ./mender-device-identity
mac=de:ad:ca:fe:00:01
cpuid=1112233
Example output from inventory script:
$ ./mender-inventory-network
mac_br-fbfdad18c33c=02:42:7e:74:96:85
network_interfaces=br-fbfdad18c33c
ipv4_br-fbfdad18c33c=172.21.0.1/16
mac_enp0s25=de:ad:be:ef:bb:05
network_interfaces=enp0s25
ipv4_enp0s25=123.22.0.197/16
ipv4_enp0s25=10.20.20.105/16
ipv6_enp0s25=fe80::2aad:beff:feef:bb05/64
Inventory and device identity data is presented on the Mender server
front-end.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Recent U-Boot no longer ship the flex/bison generated kconfig parser, as
of commit e91610da7c8a9fe42f3e5a75f06c3d1a0cb5f815 (kconfig: re-sync
with Linux 4.17-rc4).
So, add the conditional kconfig dependencies, as we just did for the
kernel.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting with linux-4.18, the kconfig from the kernel can call
to the compiler to test its capabilities; see:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/Kconfig.include
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-{flex,bison} are only needed to generate the dtc parser, so we
don't need them if the kernel does not have support for device tree.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rely on the system provided ones if avalable, and only resort to use our
owns if the sytem does not provide them.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Similarly to c48f8a6462 (package/m4: fix build on host with glibc-2.28),
backport the two fixes fromn gnulib upstream, that allows building
host-bison on systems using glibc 2.28.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/a3535cdf5e91df011a59a4b9f60d69195f5efdcb
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
They were added back in 5432f26f0 (Adding Central config.cache options),
supposedly to be able to cache the result of configure tests, but they
were never, ever referenced anywhere in our code... Besides, we dropped
the idea of getting a configure cache long ago now (it does not work)...
They are causing spurious error messages on some distros (e.g. Fedora)
which use GNU's which (whatever package that comes from), while it is
silent on other distros (e.g. Ubuntu) which use debianutils' which.
Drop them.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch to python-pyqt5 to make it build properly
against Qt 5.11.
PyQt5 is using a dual-licensing model, and the commercial company
behind it (RiverBank) only provides release tarballs, and no public
Git repository, so we cannot see the individual changes they make. By
diffing the PyQt5 5.10 and 5.11 releases, we could see that they opted
for dropping entirely support for the waitForEvents() method, rather
than keeping it for Qt < 5.11. We take the same approach in the below
patch, since this is anyway what will happen when we will bump to
PyQt5 5.11.
The patch is not Git-formatted, because there is no upstream Git
repository for this project.
Fixes:
http://autobuild.buildroot.net/results/1f1e92374fe71a1d4343243db5f530c33db06698/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
Fixes CVE-2018-12115, also CVEs were fixed in included OpenSSL code
which do not use for the target build.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some users of kconfig need some packages to be built before their
kconfig infra be used.
For example, the linux kernel, starting with 4.16, needs flex and bison
to generate the parser code. Furthermore, starting with 4.18, it will
also need the cross-compiler before parsing the kconfig stuff, because
that calls the compiler to check its features.
Currently, this is broken, even the flex/bison ones, even though they
are listed, because there is no way to define dependencie that are
guaranteed before the (visual) configurators. For example:
$ make distclean
$ make menuconfig
--> enable the linux kernel, choose a defconfig, save, exit
$ make linux-menuconfig
[...]
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
YACC scripts/kconfig/zconf.tab.c
/bin/sh: bison: command not found
LEX scripts/kconfig/zconf.lex.c
scripts/Makefile.lib:196: recipe for target 'scripts/kconfig/zconf.tab.c' failed
make[3]: *** [scripts/kconfig/zconf.tab.c] Error 127
make[3]: *** Waiting for unfinished jobs....
/bin/sh: flex: command not found
scripts/Makefile.lib:188: recipe for target 'scripts/kconfig/zconf.lex.c' failed
make[3]: *** [scripts/kconfig/zconf.lex.c] Error 127
Makefile:528: recipe for target 'rpc_defconfig' failed
make[2]: *** [rpc_defconfig] Error 2
linux/linux.mk:511: recipe for target '/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config' failed
make[1]: *** [/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config] Error 2
Makefile:79: recipe for target '_all' failed
make: *** [_all] Error 2
So, we introduce a new type of dependencies for kconfig-based packages,
that are guaranteed to be built and installed before the (visual)
configurators are called.
Since those dependencies are phony targets and therefore always out of
date, a normal dependency would cause the .config target to be rebuilt
on each invocation of make. So we use an order-only pre-requisite, like
is done for the patch dependency.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The commit that added the dependency on host-{bison,flex} did
so because the pre-generated kconfig parser source files were
removed from the kernel tree, in linux-4.16.
But then, in linux-4.17, the pre-generated dtc parser source
files were in turn removed as well.
So, document the two reasons why they are needed, so we don't
accidentally remove them when we (soon) introduce the kconfig
dependencies.
(Also fix the first assignment to LINUX_DEPENDENCIES to be a
simple assignement, not an append-assignment.)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
boost-log builds fine with powerpc on uclibc nowadays so enable it back.
By removing this dependency, build failure on azmq is also fixed as this
package is currently selecting boost-log without fulfilling this
dependency
Fixes:
- http://autobuild.buildroot.net/results/9c373d0b5a1a59e2271d71c480d55a90a67b84cb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 6288409642 ("libselinux: add
patch to fix build with gcc < 4.7") introduced a patch, but its file
name was incorrect, so it was never applied. In addition, the patch
was generated against the Git repository of SELinux, which includes
all projects, and therefore it doesn't apply to the libselinux source
code extracted from the tarball: the "libselinux/" component path
needs to be removed from the patch.
This commit fixes both problems, which should finally and really fix:
http://autobuild.buildroot.net/results/c3272566bb808e43bb77ec59cfe596f7e0fe9a64/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS variable and
use it in BR2_TOOLCHAIN_HAS_GCC_BUG_64735.
This new variable will be used to select boost atomic when lock-free
atomic ints are not available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
eigen generates a pkg-config file which has a broken prefix
(@CMAKE_INSTALL_PREFIX@). This broken prefix causes an incorrect path when
other packages call pkg-config --cflags eigen.
This patch fixes the prefix in the generated eigen pc file, so projects
which depend on this pc file can now correctly find the eigen include
directory at build time.
Also correct the Cflags output to use the runtime prefix instead of the
build time STAGING_DIR, like we do elsewhere.
[Peter: drop backslashes, tweak commit message]
Signed-off-by: Matt Flax <flatmax@flatmax.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to the latest release of the 1.11.x LTS series as 1.10.x is no longer
supported upstream:
https://www.djangoproject.com/download/
Fixes the following security issues:
- CVE-2017-12794: Possible XSS in traceback section of technical 500 debug
page (1.11.5)
- CVE-2018-6188: Information leakage in AuthenticationForm (1.11.10)
- CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc
template filters (1.11.11)
- CVE-2018-7537: Denial-of-service possibility in truncatechars_html and
truncatewords_html template filters (1.11.11)
- CVE-2018-14574: Open redirect possibility in CommonMiddleware (1.11.15)
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
glibc-2.28 did quite some lifting in their headers, which breaks the
way some packages were detecting glibc, like gnulib.
However, packages do bundle gnulib (it was meant to be bundled),
and so does m4.
Since m4 hasn't seen the slightest commit since 2017-01-09, it is
bundling an old gnulib version, that predates glibc-2.28, and thus
breaks. It also means that upstream hasn't already fixed the issue.
Furthermore, as upstream is using a git submodule for gnulib, and
that the paths are not the same in the release tarball (in lib/)
and in the git tree (in gnulib/), we can't do a plain backport.
So, we selectively backport the two patches from gnulib upstream,
restricted to only the files that happen to be used in m4.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The threads dependency comment is currently shown even though the
toolchain supports threads, only because kernel build is disabled.
Merge the kernel and threads comments. This is similar to what we have
in other packages that need the kernel.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10906 - In fuse before versions 2.9.8 and 3.x before 3.2.5,
fusermount is vulnerable to a restriction bypass when SELinux is active.
This allows non-root users to mount a FUSE file system with the
'allow_other' mount option regardless of whether 'user_allow_other' is set
in the fuse configuration. An attacker may use this flaw to mount a FUSE
file system, accessible by other users, and trick them into accessing files
on that file system, possibly causing Denial of Service or other unspecified
effects.
And additionally:
- libfuse no longer segfaults when fuse_interrupted() is called outside the
event loop.
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount options
must now match a hard-coded whitelist. It is expected that this whitelist
covers all regular use-cases.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
u-boot 2018.01 now fails to build with the following error:
CC arch/arm/lib/asm-offsets.s
In file included from /builds/buildroot.org/buildroot/output/host/include/libfdt.h:54:0,
from /builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/fdt.c:54:
/builds/buildroot.org/buildroot/output/host/include/libfdt_env.h:82:24: error: redefinition of 'fdt16_to_cpu'
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
In file included from /builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/fdt.c:51:0:
/builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/libfdt_env.h:81:24: note: previous definition of 'fdt16_to_cpu' was here
static inline uint16_t fdt16_to_cpu(fdt16_t x)
https://gitlab.com/buildroot.org/buildroot/-/jobs/88314891
Fix it by bumping the u-boot version to 2018.07.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
u-boot 2018.05 now fails to build with the following error:
HOSTCC scripts/dtc/flattree.o
In file included from /builds/buildroot.org/buildroot/output/host/include/libfdt.h:54:0,
from /builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/fdt.c:54:
/builds/buildroot.org/buildroot/output/host/include/libfdt_env.h:82:24: error: redefinition of 'fdt16_to_cpu'
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
In file included from /builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/fdt.c:51:0:
/builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/libfdt_env.h:81:24: note: previous definition of 'fdt16_to_cpu' was here
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
https://gitlab.com/buildroot.org/buildroot/-/jobs/88314886
Fix it by bumping the u-boot version to 2018.07.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit replaces the loop copying out-of-tree DTS into the kernel
tree by a make foreach loop instead of a shell for loop. This allows
to error out if one of the DTS file cannot be copied (for example if
it doesn't exist).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
