Fixes build error
Building dns library in /home/bernd/buildroot/br4/output/build/dhcp-4.4.3-
P1/bind/bind-9.11.36/lib/dns
./gen: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found
(required by ./gen)
make[4]: *** [Makefile:601: include/dns/enumtype.h] Error 1
make[3]: *** [Makefile:595: include] Error 2
with this defconfig
BR2_x86_64=y
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_DHCP=y
Please note that this build error only occurs when the target and the
host system have the same arch. For example this defconfig builds fine:
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_DHCP=y
on a Debian 12 x86_64 host using glibc-2.36:
$ /lib/ld-linux.so.2 --version
ld.so (Debian GLIBC 2.36-9+deb12u1) stable release version 2.36.
The error occurs since buildroot commit 34f8d874ee which bumped glibc
from 2.37 to 2.38.
This patch is inspired by the Yocto Project:
https://patchwork.yoctoproject.org/project/oe/patch/20230715212159.3265080-1-raj.khem@gmail.com/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
eza is a modern, maintained replacement for ls, built on exa.
https://github.com/eza-community/eza.git
Signed-off-by: Saeed Kazemi <kazemi.ms@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since Docker v1.13.0 experimental only exists as a runtime flag. Drop
the config from buildroot as well.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch to using HTTPS for downloading libzlib from zlib.net.
(zlib.net doesn't default to HTTPS but does suggest HTTPS in the permalink
for the latest zlib release. Also works better with some corporate firewalls
that get suspicious about zlib for some reason.)
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable the AUFS snapshotter by default. AUFS support has been deprecated
since v1.5 and won't be available with containerd v2.0.
Add configuration option for the ZFS snapshotter and add the proper
runtime dependencies.
Add configuration option for Kubernetes CRI support. Note that CRI
support requires a writeable /etc or an appropriate containerd
configuration.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch which was applied upstream:
e1e6aa201a
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to the latest release, remove fix that was merged upstream.
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2023-24805: cups-filters contains backends, filters, and other
software required to get the cups printing service working on operating
systems other than macos. If you use the Backend Error Handler (beh) to
create an accessible network printer, this security vulnerability can
cause remote code execution. `beh.c` contains the line `retval =
system(cmdline) >> 8;` which calls the `system` command with the operand
`cmdline`. `cmdline` contains multiple user controlled, unsanitized
values. As a result an attacker with network access to the hosted print
server can exploit this vulnerability to inject system commands which
are executed in the context of the running server. This issue has been
addressed in commit `8f2740357` and is expected to be bundled in the
next release. Users are advised to upgrade when possible and to restrict
access to network printers in the meantime.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
procs is a modern replacement for ps written in Rust
https://github.com/dalance/procs.git
Signed-off-by: Saeed Kazemi <kazemi.ms@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In 6fa3a239 the gen-missing-cpe support script was removed together with
"make missing-cpe".
Remove the leftover path variable and drop it from "make clean".
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This should have been part of commit
9a51a07a91 ("configs/sipeed_licheepi_nano:
new board")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
"mschap" and "realm" are already part of default required
raddb modules(DEFAULT_MODULES in raddb/all.mk).
so removed them from disabled module list so that
radiusd.service can start without following errors:
- /etc/raddb/mods-enabled/mschap[11]: Failed to link to module 'rlm_mschap': /usr/lib/rlm_mschap.so
- /etc/raddb/mods-enabled/realm[21]: Failed to link to module 'rlm_realm': /usr/lib/rlm_realm.so
Signed-off-by: Kalpesh Panchal <kalpesh.panchal2@collins.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
linux-pam is required to login via OpenSSH if the upstream refpolicy for
SELinux is enaabled, as linux-pam handles changing user contexts. If a
user wants to make their own policy and use a refpolicy via git, we of course
should let them do so. As such, only select linux-pam if the upstream version
of refpolicy is selected.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ifrename tool is separate from iwconfig and is not being built. The
upstream does not have an install target for ifrename either, so we must
manually install it.
Signed-off-by: Neal J. Buchmeyer <neal.buchmeyer@collins.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow disabling iwconfig for targets that only want the library.
Signed-off-by: Neal J. Buchmeyer <neal.buchmeyer@collins.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When dealing with enterprise-grade networks, it is more often than not
the case that the wider internet is unreachable but through proxies.
There is a usual set of variables that users can set in the
environment to point various tools (curl, git...) to use those
proxies.
Propagate those variables inside the container.
Note that there are a few tools (e.g. cvs, svn) that may not recognise
those variables; instead, they require custom setup that is too
complex to handle, so is left as an exercise to interested parties.
Similarly, there are other types of proxy, socks4 or socks5, that also
require custom setup that is not trivial to replicate in a container,
so is also left out as an exercise for interested parties.
In the large majority of cases, those few variables are enough to Make
Things Work™.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Our utils/docker-run wrapper is needed to provide a reproducible build
environment: tools, variables, etc... but is not meant for
isolation. As such, we do not care which network configuration is
used.
In some settings (e.g. enterprise networks), it is often the case that
a VPN is in use, especially in those wonderful times of widespread
remote work.
Letting Docker decide on the network setup will most usually lead to
it creating a private network that is NATed onto the principal network
interface, leading to non-functional network in the container when a
VPN is in use.
As such, always use the host network configuration, and do not let
Docker create a private network for the container.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Replace NUT_FIX_CONFIGURE by an upstreamable patch
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The description of REFPOLICY_CUSTOM_GIT states:
The custom refpolicy must define the full policy explicitly,
and must be a fork of the original refpolicy, to have the
same build system. When this is selected, only the custom
policy definition are taken into account and all the modules
of the policy are built into the binary policy.
Currently, if a user definess their own policy, a package containing a selinux
directory would add to their custom policy, which is not what they would want.
Disable applying selinux policies in selinux/ directories for custom git
refpolicies.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The licensing terms are inherited from the target variant to the host
variant: when the host _LICENSE is empty, then the value of the target
_LICENSE is used.
However, for the golang infra, we want to append a little blurb about
vendored depndencies. If the package is a host-only, then it would
inherit the target _LICENSE, i.e. the variable without the leading
HOST_. If that is defined, this is inherited in the generic-package part
of the infra, but in the golang infra, we saw an empty variable, and so
we would not add the vendoring blurb.
We can't move the condition appending that blurb, after we called into
the generic-package infra, otherwise in that case, we'd have the
opposite issue for packages that are both target and host packages,
where the blurb would be duplicated for host packages...
Instead, we workaround the issue by duplicating the heuristic to inherit
the target value, from the generic- into the golang-package infra.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The golang infrastructure automatically expands the list of licenses
with a little blurb that the licenses for vendored dependencies might be
missing in the list.
However, when a package does not define a license, the resulting text is
sub-optimal, resulting in a manifest that contains (with a leading
comma, yes):
, vendored dependencies licenses probably not listed
In that case, pointing out some unkown licensing terms may be part of
unkonwn licensing terms is superfluous.
Instead, just let the legal infra do its job, and report an "unkown"
license altogether.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The licensing terms are inherited from the target variant to the host
variant: when the host _LICENSE is empty, then the value of the target
_LICENSE is used.
However, for the cargo infra, we want to append a little blurb about
vendored depndencies. If the package is a host-only, then it would
inherit the target _LICENSE, i.e. the variable without the leading
HOST_. If that is defined, this is inherited in the generic-package part
of the infra, but in the cargo infra, we saw an empty variable, and so
we would not add the vendoring blurb.
We can't move the condition appending that blurb, after we called into
the generic-package infra, otherwise in that case, we'd have the
opposite issue for packages that are both target and host packages,
where the blurb would be duplicated for host packages...
Instead, we workaround the issue by duplicating the heuristic to inherit
the target value, from the generic- into the cargo-package infra.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The cargo infrastructure automatically expands the list of licenses with
a little blurb that the licenses for vendored dependencies might be
missing in the list.
However, when a package does not define a license, the resulting text is
sub-optimal, resulting in a manifest that contains (with a leading
comma, yes):
, vendored dependencies licenses probably not listed
In that case, pointing out some unkown licensing terms may be part of
unkonwn licensing terms is superfluous.
Instead, just let the legal infra do its job, and report an "unkown"
license altogether.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Drop patch which is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Firewalld requires IPV6 to function. We also should enable the
other dependencies such as networking support to ensure all other
options in the giant list of kernel config options are selected
properly.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
redis handling is wrong since the addition of the package in commit
736c4c1655. Indeed, freeradius-server
needs hiredis, not redis
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>