By default, tar will not include any extended attribute (xattr) when
creating archives, and thus will not store capabilties either (as they
are stored in the xattr 'security.capability').
Using option --xattrs is enough to create a tarball with all the xattrs
attached to a file. However, extracting all xattrs from a tarball
requires that --xattrs-include='*' be used. This is not symetric (but on
purpose, as per the documentation), and so is confusing to some.
So, we use --xattrs-include='*' to create the archive, so as to be
explicit that we want all xattrs to be stored.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 4adaa581b2, S29netplug looks for
/etc/default/network instead of /etc/sysconfig/network. When this
file exists but does not define $NETWORKING, the script fails on line
29 with something like:
/etc/init.d/S29netplug: 29: [: =: unexpected operator
Fix quoting so this error no longer happens.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
[Thomas: keep double quotes around "no", keep curly braces when
referencing the variable.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/e29/e293aadc692d2ed337881ef2172ddf66a60bc05c/
And many more.
Install as 'host-make' rather than just 'make', as that otherwise confuses a
number of packages when they invoke recursive / sub-make. The internal job
control logic of GNU make is version dependant, so mixing versions may lead
to issues like:
make[1]: Entering directory `/home/peko/autobuild/instance-0/output/build/boa-0.94.14rc21'
(cd src && make -w --jobserver-fds=5,6 -j)
make: unrecognized option '--jobserver-fds=5,6'
With this rename, only packages explicitly opting in for our host-make
(using the BR2_MAKE / BR2_MAKE_HOST_DEPENDENCY logic) will use it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script contains logic to figure out what make program to
invoke for subdirectories (trying gnumake, gmake, make). Explicitly force
it to use our BR2_MAKE to ensure the right make version is used.
As GLIBC_CONF_ENV is only initialized below, move this section below it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit fa0d1ebff9 (libnftnl: bump to version 1.0.9) removed the mxml
dependency. Remove the redundant BR2_PACKAGE_LIBNFTNL_XML config symbol
as well.
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building with glibc 2.28+, the "major", "minor" and "makedev"
functions are defined in "sys/sysmacros.h". This commit backports
upstream commit 1a74985b2a404639b08882c57f3147229605dfd5 to fix the
build with glibc 2.28.
Link: https://www.syslinux.org/wiki/index.php?title=Building
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The commands like "make show-build-order" or "make
<package>-show-build-order" show the build order and then print
"make[1]: Nothing to be done for 'show-build-order'" to stdout. It
pollutes output. Technically this message is true but it's not true
for user because he gets an information.
The <package>-show-build-order targets use $(info) for package name
printing. The make utility doesn't consider the internal directive as
a command so it think that it's "Nothing to be done". The patch adds
the empty command to <package>-show-build-order to inform make utility
that taget makes some real actions.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: invert $(info) and @:, as suggested by Yann.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
None of the other 82 packages that use start-stop-daemon does this.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since bumping luv from version 1.9.1 to 1.22.0, building luvi fails, as
"luv.h" now includes "compat-5.3.h", which is locally shipped as a
dependency to lua-compat-5.3.
Fixing the issue reveals, that luvi is using `luaL_newlib` which is not
available in the Lua 5.1 API. Building luvi with luv 1.9.1 was not an
issue before, because luv 1.9.1 defined `luaL_newlib` in luv.h, which
was removed in 1.22.0 in favour of using lua-compat-5.3.
Therefore, add a patch which defines `luaL_newlib` in luvi.h.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a patch to fix a build issue with luvi after bumping luv from
version 1.9.1 to 1.22.0.
The problem is that luv now uses lua-compat-5.3 instead of defining the
Lua 5.3 API itself. Unfortunately, luv.h now includes compat-5.3.h in the
header file, which causes the build issue with luvi, as luvi does not
find this local header file. Note, that luv ships lua-compat-5.3 as a
dependency.
Therefore, the patch includes compat-5.3.h in the source file luv.c, so
it isn't exposed to external programs.
Fixes:
http://autobuild.buildroot.net/results/2244cd30986aff29b763fb7183f6fc27a82bd7fahttp://autobuild.buildroot.net/results/01938f7f018dc69d564c22489933647b1daf62f3http://autobuild.buildroot.net/results/8217e863c2776d299cb90b90f1a2ed8233ec82ba
.. and many more
Note, that fixing this issue reveals another issue in luvi, which is
fixed by the follow up patch.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch 0007-Disable-DES-authentification-support.patch has been
renamed to 0005-Disable-DES-authentification-support.patch.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_ENABLE_DEBUG is set, use RelWithDebInfo instead of default Debug
as Debug will add -pg (gprof) which is not always available on toolchain
Fixes:
- http://autobuild.buildroot.org/results/a12ae622a44bbe025c3a8b7e8e4c253b52927ae8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e7af4033c3 ("rpm: use the new
gettext logic") introduced a really nasty bug: by adding
$(TARGET_NLS_DEPENDENCIES) to RPM_DEPENDENCIES, it completely
overwrote the existing value of RPM_DEPENDENCIES, entirely masking all
mandatory RPM dependencies.
rpm is fairly towards the end of the alphabet, and most other
mandatory dependencies (berkeleydb, host-pkgconf, file and popt)
appear earlier by alphabetic ordering. Only zlib was afterwards, but
since file depends on zlib, it was always built before. This probably
explains why our autobuilders haven't encountered a single build
failure.
However, a simple "make rpm" clearly exhibits the failure, and
obviously the upcoming per-package folder mechanism makes such bugs
even more obvious.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump the Xen package to the latest release and backport a fix from the
Xen master brach.
This fixes autobuilder issue:
http://autobuild.buildroot.net/results/6e0d8e962e861a32f5bf2e5031ef51c25768f1f6/
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bump to 79e9798eee9cd972d92ed2b18f170de856d153c9 added the new ufb
daemon through the following commit:
ce808f3010
So install ufb on target
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bump to 79e9798eee9cd972d92ed2b18f170de856d153c9 added the following
commit:
ce808f3010
This new ufb daemon uses usb_functionfs_descs_head_v2 which is available
only since 3.18:
1df22b4ea9
So add a dependency on headers >= 3.18
Fixes:
- http://autobuild.buildroot.org/results/1081062b1c32c44a9feb5b14288095bc72d15986
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
UCLIBC_INSTALL_LDSO_SYMLINKS is not defined anywhere to nuke it.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since glibc 2.28
(https://savannah.gnu.org/forum/forum.php?forum_id=9205), the obsolete
functions encrypt, encrypt_r, setkey, setkey_r, cbc_crypt, ecb_crypt,
and des_setparity are no longer available to newly linked binaries, and
the headers <rpc/des_crypt.h> and <rpc/rpc_des.h> are no longer
installed. These functions encrypted and decrypted data with the DES
block cipher, which is no longer considered secure. Software that still
uses these functions should switch to a modern cryptography library,
such as libgcrypt.
So add a NO_CRYPT variable to disable test/crypt
Fixes:
- http://autobuild.buildroot.org/results/158438debb0ce313b012b871e199bed42ba38294
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When $(TOPDIR)/dl is a symlink, checking out git submodules can fail,
as reported by Michael in #11086.
To reproduce a similarly-related mis-behaviour:
$ mkdir -p foo/bar foo/buz
$ cd foo/bar
$ ln -s ../buz meh
$ cd meh
$ cd ../../foo
The last command should not succeed, because, relative to meh, there is
no ../../foo directory; we would expect it to be ../../../foo, instead.
But since meh is a symlink to a directory, then a relative path from that
symlink is interpreted as relative to the derefrenced directory, i.e.
from buz in this case.
But where this gets even weirder, is that, if the last command is
replaced by:
$ cd ../../../foo
then it still works, too.
And that is the root of Michael's issue: the dl directory in Buildroot's
TOPDIR is a symlink to a similarly-named directory one directory higher,
which then confuses relative paths, which gets especially and noticeably
bad for git submodules.
Avoid this strangeness, and just use so-called "physical" path, i.e. a
path where all symlinks to directories have been dereferenced.
Fixes: #11086
Reported-by: Michael Nosthoff <posted@heine.so>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Michael Nosthoff <posted@heine.so>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
flatcc is named flatcc_d if BR2_ENABLE_DEBUG is set because of the
following line in CMakeLists.txt: set(CMAKE_DEBUG_POSTFIX "_d")
So update FLATCC_TARGET_REMOVE_FLATCC_COMPILER hook to replace flatcc
by flatcc*
Fixes:
- http://autobuild.buildroot.org/results/a47f49cd2fdd809257bd7e83dca620f2e6aac85b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The command "make show-build-order" doesn't show dependencies of rootfs-common target.
This patch adds $(ROOTFS_COMMON_DEPENDENCIES) to PACKAGES variable.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When adding the custom BR2_WGET value in the configuration,
genrandconfig forgets to add a newline. Due to this, the next option
that is added is printed on the same line as BR2_WGET="", which causes
it to be ignored.
Due to this, in all builds, the line right after BR2_WGET was
ignored. It could have been BR2_ENABLE_DEBUG, BR2_INIT_BUSYBOX,
BR2_INIT_SYSTEMD, BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV,
BR2_STATIC_LIBS or BR2_PACKAGE_PYTHON_PY_ONLY depending on the
randomization.
Fix that by adding a proper newline at the end of the BR2_WGET option.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
RISC-V supports unaligned accesses, but these might run extremely slowly
depending on the implementation so set as_cv_unaligned_access to no on
this architecture, see:
8a156d1725
Fixes:
- http://autobuild.buildroot.org/results/dca32c929350311fca1a85e251d318b43c4a3177
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure.ac script uses PKG_CHECK_MODULES(), and we autoreconf
the package, so host-pkgconf should be listed in the dependencies.
This issue is seen either with per-package folders, or by doing a
clean build with just "make openocd":
>>> openocd 0.10.0 Configuring
>>> openocd 0.10.0 Autoreconfiguring
[...]
configure.ac:12: error: possibly undefined macro: AC_MSG_WARN
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure.ac:201: error: possibly undefined macro: AC_DEFINE
configure.ac:582: error: possibly undefined macro: AC_MSG_NOTICE
Even if the message seems unrelated, it's really the lack of pkg.m4
from host-pkgconf that causes the issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libassuan library installs libassuan-config, but it is not
currently fixed up by our <pkg>_CONFIG_SCRIPTS logic. While this
doesn't cause any problem today, it fails badly with per-package
folders, so let's use <pkg>_CONFIG_SCRIPTS.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- changes since 1.16.1
0f68a3f6 configure: build without BPF support in ir-keytable
5f8bd4e8 keytable: fix compilation warning
f735bee7 keytable: fix BPF protocol compilation on mips
c393c3bc Prepare for 1.16.2 release
- use new '--disable-bpf' option instead of ac_cv_prog_CLANG
to disable BPF support, fixes [1]:
bpf.c:48:4: error: #error __NR_bpf not defined. libbpf does not support your arch.
- remove upstream denied patch (see [2]) fixing part of the BPF support
for older toolchains
[1] http://autobuild.buildroot.net/results/32b8f63e84616f91b645230e889eb1518972a398
[2] https://www.spinics.net/lists/linux-media/msg142729.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports an upstream commit adding RISC-V support to
libsigsegv, and adds a patch that finalizes the RISC-V support to make
it compatible with cross-compilation.
Fixes:
http://autobuild.buildroot.net/results/bd12cb3db3b46860a4ab8fb91052319dce75202a/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Hash has been reported as wrong by autobuilder since August 16th
Perhaps, it was wrong since bump to v2018.05.0 on August 9th
Fixes:
- http://autobuild.buildroot.org/results/c6c8ede30623cc20011916cc95dbdae34dcc0344
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Tested-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Main changes:
- fix build error with glibc 2.28
- re-factor the code
- use unique CPU ID when available
- improve UDC management
Fixes:
http://autobuild.buildroot.net/results/b39d56c1573308c4f947de23363da7c05e2aaf0d/
Also switch back the repository from codeauroraforum to NXPmicro now
that the Qualcomm/NXP merger was denied.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When /etc/selinux/semanage.conf does not exist, libsemanage tries to
overwrite it. For the target package, it works fine because $(DESTDIR)
is taken into account.
However, for the host package, $(DESTDIR) is empty, and the location
used for /etc/selinux/semanage.conf is not affected by $(PREFIX). This
causes host-libsemanage to try to install /etc/selinux/semanage.conf,
which obviously fails with:
test -f /etc/selinux/semanage.conf || install -m 644 -D semanage.conf /etc/selinux/semanage.conf
install: cannot create directory '/etc/selinux': Permission denied
To fix this, this commit passes DEFAULT_SEMANAGE_CONF_LOCATION in the
make options when building/installing host-libsemanage, providing a
path to semanage.conf that Buildroot can write to.
Fixes:
http://autobuild.buildroot.net/results/cd27e3c66274622d0c3dd5a601a36efb1bc45011/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The xlib_libfontenc configure.ac uses PKG_CHECK_MODULES(), but the
Buildroot package does not have a dependency on host-pkgconf. This
causes a build failure with per-package host/target folders, or if one
builds just with "make xlib_libfontenc", which is why it was never
detected by the autobuilders.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils
before 2018-08-18 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted file.
CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers
to cause a denial of service (double free and application crash) or possibly
have unspecified other impact because it tries to decompress twice.
CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes
list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr
in dwarf_hasattr.c, leading to a heap-based buffer over-read and an
application crash.
For more details, see the announcement:
https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html
0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz
(no CVEs assigned):
https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.htmlhttps://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a
ServerHello that had an all-zero random.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c9e3d5b6c5 (libnspr: bump to version 4.20) did not refresh the
hunks touching the _linux.cfg file. As a result, these hunk were applied
to the wrong (x86 specific) place in that file, rendering them
ineffective. Refresh the patches to fix that.
Fixes:
http://autobuild.buildroot.net/results/2d1/2d1288e98a6459d84c2599c99b5617a2fde81f62/
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 118534fe54 (fs: use a common tarball as base for the other
filesystems), the filesystem creation is split in two steps, using an
intermediate tarball to carry the generic, common finalisations to the
per-filesystem finalisation and image creation.
However, this intermediate tarball causes an issue with capabilities:
they are entirely missing in the generated filesystems.
Capabilities are stored in the extended attribute security.capability,
which tar by default will not store/restore, unless explicitly told to,
e.g. with --xattrs-include='*', which we don't pass.
Now, passing this option when creating and extracting the intermediate
tarball, both done under fakeroot, will cause fakeroot to report an
invalid filetype for files with capabilities. mksquashfs would report
such unknown files as a warning, while mkfs.ext2 would fail (with a
similar error message), e.g.:
File [...]/usr/sbin/getcap has unrecognised filetype 0, ignoring
This is due to a poor interaction between tar and fakeroot; running as
root the exact same commands we run under fakeroot, works as expected.
Unfortunately, short of fixing fakeroot (which would first require
understanding the problem in there), we don't have much options.
The intermediate tarball was made to avoid redoing the same actions over
and over again for each filesystem to build. However, most of the time,
only one or two such filesystems would be enabled [0], and those actions
are usually pretty lightweight. So, using an intermediate tarball does
not provide a big optimisation.
The main reason to introduce the intermediate tarball, however, is that
it allows to postpone per-filesystem finalisations to be applied only
for the corresponding filesystem, not for all of them.
So, we get rid of the intermediate tarball, and simply move all of the
code to run under fakeroot to the per-filesystem fakeroot script.
Instead of extracting the intermediate tarball, we just rsync the
original target/ directory, and apply the filesystem finalisations on
that copy. The only thing still done in the rootfs-common step is to
generate the intermediate files (users file, devices file) that are used
in the fakeroot script.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11216
Note: an alternate solution would have been to keep the intermediate
tarball to keep most of the common finalisations, and move only the
permissions to each filesystem, but that was getting a bit more complex
and changed the ordering of permissions and post-fakeroot scripts. Once
we bite the bullet of having some common finalisation done in each
filesystem, it's easier to just move all of them.
[0] Most probsably, users would enable the real filesystem to put on
their device, plus the 'tar' filesystem, to be able to easily inspect
the content on their development machine.
Reported-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>