Commit Graph

70033 Commits

Author SHA1 Message Date
Yann E. MORIN
5d36710e36 package/pkg-download: lookup hash files in global-patch-dir
Currently, we expect and only use hash files that lie within the package
directory, alongside the .mk file. Those hash files are thus bundled
with Buildroot.

This implies that only what's known to Buildroot can ever get into those
hash files. For packages where the version is fixed (or a static
choice), then we can carry hashes for those known versions.

However, we do have a few packages for which the version is a free-form
entry, where the user can provide a custom location and/or version.  like
a custom VCS tree and revision, or a custom tarball URL. This means that
Buildroot has no way to be able to cary hashes for such custom versions.

This means that there is no integrity check that what was downloaded is
what was expected. For a sha1 in a git tree, this is a minor issue,
because the sha1 by itself is already a hash of the expected content.
But for custom tarballs URLs, or for a tag in a VCS, there is indeed no
integrity check.

Buildroot can't provide such hashes, but interested users may want to
provide those, and currently there is no (easy) way to do so.

We leverage the existing global-patch-dir mechanism to look for extra
hash files. We use the same heuristic that is used for bundled hash
files, and for each global patch directory <dir>, we use the first file
to exist among:
 1. look into <dir>/<package>/<version>/<package>.hash
 2. look into <dir>/<package>/<package>.hash

Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-07 11:48:46 +01:00
Yann E. MORIN
f91e89b6e6 support/download: teach dl-wrapper to handle more than one hash file
Currently, we expect and only use hash files that lie within the package
directory, alongside the .mk file. Those hash files are thus bundled
with Buildroot.

This implies that only what's known to Buildroot can ever get into those
hash files. For packages where the version is fixed (or a static
choice), then we can carry hashes for those known versions.

However, we do have a few packages for which the version is a free-form
entry, where the user can provide a custom location and/or version. like
a custom VCS tree and revision, or a custom tarball URL. This means that
Buildroot has no way to be able to cary hashes for such custom versions.

This means that there is no integrity check that what was downloaded is
what was expected. For a sha1 in a git tree, this is a minor issue,
because the sha1 by itself is already a hash of the expected content.
But for custom tarballs URLs, or for a tag in a VCS, there is indeed no
integrity check.

Buildroot can't provide such hashes, but interested users may want to
provide those, and currently there is no (easy) way to do so.

So, we need our download helpers to be able to accept more than one hash
file to lookup for hashes.

Extend the dl-wrapper and the check-hash helpers thusly, and update the
legal-info accordingly.

Note that, to be able to pass more than one hash file, we also need to
re-order the arguments passed to support/download/check-hash, which also
impies some shuffling in the three places it is called:
  - 2 in dl-wrapper
  - 1 in the legal-info infra

That in turn also requires that the legal-license-file macro args get
re-ordered to have the hash file last; we take the opportunity to also
move the HOST/TARGET arg to be first, like in the other legal-info
macros.

Reported-by: "Martin Zeiser (mzeiser)" <mzeiser@cisco.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-07 11:48:45 +01:00
James Hilliard
ebacc12de0 package/python-jedi: bump to version 0.19.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:47 +01:00
James Hilliard
38abfd376e package/python-jaraco-functools: bump to version 4.0.0
License hash changed due to copyright notice removal:
5957d58266

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:46 +01:00
James Hilliard
8c10243bcc package/python-jaraco-classes: bump to version 3.3.0
Drop no longer required python-six runtime dependency.

Add new python-more-itertools runtime dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:45 +01:00
James Hilliard
77ceef288c package/python-iso8601: bump to version 2.1.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:45 +01:00
James Hilliard
c45daefb83 package/python-ipython: bump to version 8.17.2
Drop no longer applicable CVE-2023-24816 ignore.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:44 +01:00
James Hilliard
30f9edb676 package/python-ipdb: bump to version 0.13.13
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:43 +01:00
James Hilliard
5847b7b735 package/python-httplib2: bump to version 0.22.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:42 +01:00
James Hilliard
b32eef540e package/python-hatch-fancy-pypi-readme: bump to version 23.1.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:41 +01:00
James Hilliard
18abda1791 package/python-gunicorn: bump to version 21.2.0
Drop python-setuptools runtime dependency.

Add new python-packaging runtime dependency.

License hash changed due to date update:
378f0d04ec

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:41 +01:00
James Hilliard
0a5ac9234f package/python-greenlet: bump to version 3.0.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:40 +01:00
James Hilliard
38d8739a84 package/python-gpiozero: bump to version 2.0
Drop patch which is now upstream.

Migrate to pypi based sources.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:39 +01:00
James Hilliard
fc7d6021d1 package/python-gitdb2: bump to version 4.0.11
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:38 +01:00
James Hilliard
8bd4d7ed63 package/python-git: bump to version 3.1.40
Drop no longer required python-typing-extensions dependency.

Switch to pypi based source download.

License hash changed due to formatting tweaks:
e1af18377f

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:37 +01:00
James Hilliard
aad42c93dc package/python-fonttools: bump to version 4.44.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:37 +01:00
James Hilliard
219ba0034c package/python-flask: bump to version 3.0.0
Migrate from setuptools to flit build backend.

Remove python-setuptools runtime dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:36 +01:00
James Hilliard
714c0130ce package/python-flask-wtf: bump to version 1.2.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:35 +01:00
James Hilliard
d40b7584cc package/python-flask-sqlalchemy: bump to version 3.1.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:34 +01:00
James Hilliard
67ba0c43ac package/python-flask-smorest: bump to version 0.42.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:33 +01:00
James Hilliard
f650ad66d0 package/python-flask-login: bump to version 0.6.3
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:32 +01:00
James Hilliard
998ecc6c93 package/python-flask-cors: bump to version 4.0.0
Drop no longer required python-six runtime dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:32 +01:00
James Hilliard
cf056a5e76 package/python-flask-babel: bump to version 4.0.0
Add new python-pytz runtime dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:31 +01:00
James Hilliard
8916b4ad20 package/python-esptool: bump to version 4.6.2
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:30 +01:00
James Hilliard
f104268c20 package/python-engineio: bump to version 4.8.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:29 +01:00
James Hilliard
fd0c255cf1 package/python-docutils: bump to version 0.20.1
License hash changed due to include header being added:
https://sourceforge.net/p/docutils/code/9280/

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:28 +01:00
James Hilliard
7e5958d077 package/python-dnspython: bump to version 2.4.2
Drop patch which is now upstream.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:15:25 +01:00
James Hilliard
285b10cb80 package/python-dbus-fast: bump to version 2.12.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:13:03 +01:00
James Hilliard
d7a908f730 package/python-dataproperty: bump to version 1.0.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:13:01 +01:00
James Hilliard
34a7ac32b3 package/python-daemon: bump to version 3.0.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:12:58 +01:00
James Hilliard
29a799afc8 package/python-cython: bump to version 0.29.36
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:12:56 +01:00
James Hilliard
f61f52ade9 package/python-cycler: bump to version 0.12.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:12:54 +01:00
James Hilliard
be5d04e91a package/python-cssutils: bump to version 2.9.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:12:52 +01:00
James Hilliard
43d1d468b7 package/python-crontab: bump to version 3.0.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:12:50 +01:00
James Hilliard
b9cbe43f38 package/python-construct: bump to version 2.10.69
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:12:48 +01:00
Peter Korsgaard
deb8d71c92 configs/avenger96_defconfig: downgrade to TF-A v2.5
Commit 27bf08e4ad (configs/avenger96_defconfig: bump ATF version to 2.9
for binutils 2.39+ support) bumped TF-A, but it unfortunately does not boot
and instead dies with a panic:

NOTICE:  CPU: STM32MP157AAC Rev.B
NOTICE:  Model: Arrow Electronics STM32MP157A Avenger96 board
ERROR:   nvmem node board_id not found
INFO:    PMIC version = 0x10
ERROR:   Product_below_2v5=1:
ERROR:          HSLVEN update is destructive,
ERROR:          no update as VDD > 2.7V
PANIC at PC : 0x2fff086f

Exception mode=0x00000016 at: 0x2fff086f

Instead use v2.5 to match the other stm32mp1 boards and use the same E=0
-Werror workaround.  The avenger95 support is unfortunately broken since
v2.3 with the introduction of authentication support, so add a patch to the
DTS to fix that.

Notice that the authentication support was reworked in v2.7 so it is skipped
for the mp157a variant used on the avenger96, so the patch is not upstreamable.

While we're at it, also drop the debug option for consistency with the other
boards.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:10:39 +01:00
Peter Korsgaard
69ac9fdbc4 configs/stm32mp157c_odyssey_defconfig: use a fixed TF-A version
Commit f20589cbc7 (configs/stm32mp157c_odyssey: new defconfig) forgot to
specify a fixed TF-A version, so do that now.

When the defconfig was added, the default version was v2.5 - So use that.
Similarly to the other stm32mp1 defconfigs, this needs disabling -Werror
with E=0 to fix a build issue with GCC >= 12.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:10:08 +01:00
Peter Korsgaard
1c0c67fc1a configs/stm32mp157c_dk2_defconfig: unbreak TF-A build with GCC >= 12
With the move to default to GCC 12 in commit e0091e42ee (package/gcc:
switch to gcc 12.x as the default), TF-A now fails to build as a warning is
generated and it builds with -Werror:

  CC      plat/st/stm32mp1/bl2_plat_setup.c
drivers/st/io/io_stm32image.c: In function ‘stm32image_partition_read’:
drivers/st/io/io_stm32image.c:249:13: error: ‘result’ may be used uninitialized [-Werror=maybe-uninitialized]
  249 |         int result;
      |             ^~~~~~
cc1: all warnings being treated as errors

This is fixed in TF-A v2.6 with commit c1d732d0db24 (fix(io_stm32image):
uninitialized variable warning), but I do not have the board to verify if
v2.6 works, so instead disable -Werror by passsing E=0.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:09:55 +01:00
Peter Korsgaard
5c40f41b2e configs/stm32mp157a_dk1_defconfig: unbreak TF-A build with GCC >= 12
With the move to default to GCC 12 in commit e0091e42ee (package/gcc:
switch to gcc 12.x as the default), TF-A now fails to build as a warning is
generated and it builds with -Werror:

  CC      plat/st/stm32mp1/bl2_plat_setup.c
drivers/st/io/io_stm32image.c: In function ‘stm32image_partition_read’:
drivers/st/io/io_stm32image.c:249:13: error: ‘result’ may be used uninitialized [-Werror=maybe-uninitialized]
  249 |         int result;
      |             ^~~~~~
cc1: all warnings being treated as errors

This is fixed in TF-A v2.6 with commit c1d732d0db24 (fix(io_stm32image):
uninitialized variable warning), but I do not have the board to verify if
v2.6 works, so instead disable -Werror by passsing E=0.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:09:31 +01:00
Fabrice Fontaine
fdae1d231c package/freeradius-server: fix python build
Fix the following build failure raised since bump to version 3.2.3 in
commit 4155139365:

In file included from /home/thomas/autobuild/instance-1/output-1/host/include/python3.11/Python.h:38,
                 from src/modules/rlm_python3/rlm_python3.c:37:
/home/thomas/autobuild/instance-1/output-1/host/include/python3.11/pyport.h:596:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
  596 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
      |  ^~~~~

Fixes:
 - http://autobuild.buildroot.org/results/36143ab06b66a047aa2247ea66b1df0d6c1cbd66

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:08:03 +01:00
Fabrice Fontaine
4513f5198a package/freeradius-server: fix python handling
python handling is wrong since the addition of the package in commit
736c4c1655 so disable python(2) and enable
python3 if needed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:07:57 +01:00
James Hilliard
16dd1e4100 package/python-click: bump to version 8.1.7
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:02:44 +01:00
James Hilliard
4a3b7a18f3 package/python-cheroot: bump to version 10.0.0
Drop no longer required python-six runtime dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:02:40 +01:00
James Hilliard
31f7ec223c package/python-charset-normalizer: bump to version 3.3.2
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:02:34 +01:00
James Hilliard
f8ed020fc0 package/python-chardet: bump to version 5.2.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:02:28 +01:00
James Hilliard
67df8af1da package/python-channels-redis: bump to version 4.1.0
Replace python-aioredis runtime dependency with python-redis.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 23:00:05 +01:00
James Hilliard
29181f711a package/python-cffi: bump to version 1.16.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:58:46 +01:00
James Hilliard
0322ff8e60 package/python-cbor2: bump to version 5.5.1
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:58:32 +01:00
James Hilliard
7c4a650372 package/python-arrow: bump to version 1.3.0
License hash changed due to date update:
de0aea9805

Add new types-python-dateutil runtime dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:58:17 +01:00
James Hilliard
7b507f22e4 package/python-types-python-dateutil: new package
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-06 22:52:18 +01:00