Buildroot currently has all of the needed packages to use Mender as the primary
update system. However, there isn't any documentation or examples now that
provide a starting point for users. This lack of documentation makes setting up
a Mender based update system difficult and time-consuming.
Provided in this patch series is a mender_x86_64_efi_defconfig of which sets up
an x86_64 EFI based build that is ready to flash to a USB pen drive or use in a
QEMU environment. The system partition schema comprises of two equally sized
root partitions and a data partition that mounts to /var/lib/mender as a
persistent data store partition.
There is a board/mender/readme.txt provided, which gives users documentation on
how to flash the built image or boot the image using QEMU as well.
The post-build and post-image-efi scripts also have four options:
-a --artifact-name:
- The name of the artifact, this is added to /etc/mender/artifact_info
-o --data-part-size:
- The data partition size.
-d --device-type
- The device-type used by mender to catagorize registered devices.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Mikael Bourhis-Cloarec <mikael.bourhis@smile.fr>
[Romain: rebase on master (01.2022)
- update genimage-efi.cfg to use GPT partition table and genimage-15 syntax
- bump the kernel to 5.15.13
- Add host-libelf kernel dependency
- Use BR2_TARGET_GRUB2_BUILTIN_MODULES_EFI after commit 82d1e8c628
(boot/grub2: use none platform when building for host)
- Add regexp grub mandatory module for mender-grubenv
- remove startup.nsh from genimage-efi.cfg after commit 3efb5e31fc
(board, boot, package: remove usage of startup.nsh in EFI partition)]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[Arnout:
- abbreviate sizes and partition uuids, remove implicit ones in genimage.cfg
- change data partition uuid to Linux (instead of x86_64 rootfs)
- fix whitespace and shellcheck errors in scripts
- remove --generate-mender-image option, always create it
- remove empty directory and -O ^64bit when creating data fs
- remove redundant e2fsck
- add -serial stdio option to qemu call
- update kernel to current stable 5.18.14
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Upstream makes releases very irregularly; our current version is already
two years old and upstream HEAD contains a lot of fixes. Therefore:
- Bump to the current HEAD SHA1
- Remove patches applied to upstream
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for libsafec can not be completely disabled - currently,
--disable-safec does not exactly allow for compiling libest on
systems without libsafec, but instead just uses bundled copy of
library from safe_c_stub/
To avoid that, do automatically select the full-featured safeclib
package and always use --with-system-libsafec
Signed-off-by: Aleksandr Makarov <aleksandr.o.makarov@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Version 2.3.4 of libtalloc needs to define PYTHONHASHSEED, as a check has been added
to the configure script, and build will fail if it is not defined.
This is originately a workaround by samba developpers meant to avoid rebuilding talloc
with each call to make. Defining PYTHONHASHSEED would not be required in the context
of builroot, if not for the check in the configure script.
Signed-off-by: David GOUARIN <david.gouarin@thalesgroup.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop minnowboard_max-graphical_defconfig from DEVELOPERS as it has been
removed by commit b9bc22ee8a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 'from' in comment of Config.in which was added by commit
00deb6a7c1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop patch which is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
And switch to PyPi to fetch the source code.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In GStreamer commit 0a657d6db5ba912b13092a907ea507638cd01cf9, merged
in Gstreamer 1.19.x, the GstAppSinkCallbacks structure was extended
with another field calle new_event. This requires an update in the
WebKit code, without which we have a build failure:
platform/audio/gstreamer/AudioFileReaderGStreamer.cpp:234:5: error: braces around scalar initializer for type ‘gboolean (*)(GstAppSink*, gpointer) {aka int (*)(_GstAppSink*, void*)}’
There are no autobuilder failures, but the issue could be reproduced
using the following defconfig:
BR2_arm=y
BR2_cortex_a8=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_LINARO_ARM=y
BR2_PACKAGE_QT5=y
BR2_PACKAGE_QT5WEBKIT=y
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
[Thomas: find the actual upstream fix and use that, improve the
explanation about the issue in the commit message]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
No release announcement available from upstream this time so we had to
computed the tarball hash ourselves.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop BUILD_HACKRF_TOOLS which has never been recognized since the
addition of the package in commit
29b7cc88f4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Single hyphen commands has been removed since Mender 3.0.0 [1]
The hyphen was added back while fixing check-pkg and shellcheck warnings [2]
[1] fd838ec1b0
[2] 0b350cf756
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
It's been ages (5 years at the next release) that we've not installed
host packages in $(HOST_DIR)/usr, but we still have a few packages that
reference it or install things in there.
Drop all of those in one fell swoop.
The run-time test still succeeds, and the following defconfig, which
should exercise all touched packages [*], does build:
BR2_x86_i686=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_GAWK=y
BR2_PACKAGE_GETTEXT=y
BR2_PACKAGE_ABOOTIMG=y
BR2_PACKAGE_DBUS_PYTHON=y
BR2_PACKAGE_OLA=y
BR2_PACKAGE_JIMTCL=y
BR2_PACKAGE_LUA=y
# BR2_PACKAGE_LUA_32BITS is not set
BR2_PACKAGE_ARGPARSE=y
BR2_PACKAGE_PERL=y
BR2_PACKAGE_PHP=y
BR2_PACKAGE_PHP_APCU=y
BR2_PACKAGE_PHP_LUA=y
BR2_PACKAGE_PHP_PAM=y
BR2_PACKAGE_PHP_PECL_DBUS=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON_CRYPTOGRAPHY=y
BR2_PACKAGE_PYTHON_PLY=y
BR2_PACKAGE_PYTHON_PYBIND=y
BR2_PACKAGE_LIBVA=y
BR2_PACKAGE_BIND=y
BR2_PACKAGE_BIND_SERVER=y
BR2_PACKAGE_BIND_TOOLS=y
BR2_PACKAGE_APPARMOR=y
BR2_PACKAGE_APPARMOR_BINUTILS=y
BR2_PACKAGE_APPARMOR_UTILS=y
BR2_PACKAGE_APPARMOR_UTILS_EXTRA=y
BR2_PACKAGE_APPARMOR_PROFILES=y
BR2_PACKAGE_REFPOLICY=y
BR2_PACKAGE_URANDOM_SCRIPTS=y
BR2_PACKAGE_BASH=y
# embiggen-disk to exercise go
BR2_PACKAGE_EMBIGGEN_DISK=y
BR2_TARGET_GRUB2=y
BR2_TARGET_GRUB2_I386_PC=y
BR2_TARGET_GRUB2_I386_EFI=y
[*] exceptions:
- zfs was not tested: it needs a kernel to be built;
- compiler-rt was not tsted: it needs llvm to be built, that takes
ages, and other packages already reference the correct location for
llvm-config, so it was assumed that is OK.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Anisse Astier <anisse@astier.eu>
Cc: Antoine Tenart <atenart@kernel.org>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Christian Stewart <christian@paral.in>
Cc: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Cc: Francois Perrad <francois.perrad@gadz.org>
Cc: Guillaume William Brs <guillaume.bressaix@gmail.com>
Cc: Hervé Codina <herve.codina@bootlin.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Cc: Julien Boibessot <julien.boibessot@armadeus.com>
Cc: Julien Olivain <ju.o@free.fr>
Cc: Matt Weber <matthew.weber@collins.com>
Cc: Nicolas Carrier <nicolas.carrier@orolia.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
---
Changes v1 -> v2:
- fix new instance that have crept in (Romain)
Commit d69d40c029 (package/rustc: add support for Tier 1 and Tier 2
platforms) misspelled the config options for i586 and i686.
They are BR2_x86_i586 and BR2_x86_i686, not BR2_i586 or BR2_i686.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
---
Changes v1 -> v2:
- in commit log: s/BR2_i386_/BR2_x86_/g (Baruch)
- Fix CVE-2021-43306: An exponential ReDoS (Regular Expression Denial
of Service) can be triggered in the jquery-validation npm package,
when an attacker is able to supply arbitrary input to the url2 method
- Fix CVE-2022-31147: The jQuery Validation Plugin (jquery-validation)
provides drop-in validation for forms. Versions of jquery-validation
prior to 1.19.5 are vulnerable to regular expression denial of service
(ReDoS) when an attacker is able to supply arbitrary input to the url2
method. This is due to an incomplete fix for CVE-2021-43306. Users
should upgrade to version 1.19.5 to receive a patch.
- Use LICENSE.md instead of README.md which is available since version
1.14.0 and
96b7036eb4https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.4https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
