Currently, we define the so-called "overflow group" as 'nogroup'.
However, one practical issue is that systemd-sysusers will otherwise
create a 'nobody' group with gid 999, because that's is what is usual to
define the overflow group: users and groups are defined in LSB (Linux
Standard Base):
https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html
Quoting: "If the username exists on a system,then they should be in the
suggested corresponding group".
Only Debian and derivatives depart from this custom, naming it 'nogroup'
(hence the rationale for commit 908198e756 (system/skeleton: remove
spurious group 'nobody').
See also commit 9c67af2c52 (system/skeleton: use uid/gid 65534 for
nobody/nogroup), and a related discussion on LWN.net (key is "overflow
UID" which also applies to GID):
https://lwn.net/Articles/695478/
Use the recommended groupname 'nobody'. Adapt packages accordingly.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- reword commit log
- extend commit log with more references (commits and LWN)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Group the udev users first, to make clear which software
requires them.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This supports 4 plugins, each will be added at the right spot if
enabled, based on the template coming with systemd.
The sed replacements are carefully written to be idempotent, and to
be robust enough to be combined with the other available packages
(nss_mdns4) in any installation order.
nss-systemd is used for the DynamicUser features, which is a defacto
necessity for systemd. It handles transient users/groups without
touching the /etc/{passwd,group} files on disk. To support the
'SupplementaryGroups' feature, groups should be merged.
nss-myhostname allows resolving the hostname, again without touching
files in /etc.
nss-mymachines adds name resolution from containers supported by
machined. Users from the containers might end up in system groups, so
groups should be merged.
nss-resolve, part of resolved, is required for consistent dns lookups.
As per the documentation (nss-resolve(8)), DNS queries shall not
continue past the resolve service, unless the service is not available.
We anchor nss_resolve to appear after files, if mymachines is also used,
remove that first (and add it back later). Other packages (mdns4) move
around the dns entry, so replacing that is not a good option.
If mdns4 is installed aswell, then resolved will take precedence for
host lookups.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- exp[lain why 'host: resolve' uses !UNAVAIL=return
- rewrap commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The rule to create the staging symlink has it depend on BASE_DIR, and
the symlink is created in BASE_DIR, which means that when the symlink
is created, BASE_DIR is updated, and thus made more recent than the
symlink itself.
As a consequence, every time one runs 'make', the symlink will be older
than BASE_DIR, and so will be re-created.
Ditto for the host symlink when the user has elected to have an
out-of-tree host dir.
Fix that by changing to using an order-only dependency.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
lm-sensors dropped MACHINE variable since version 3.6.0 and
0863eff8fa
instead it uses $(CC) -dumpmachine to guess the architecture
However, as $(TARGET_CONFIGURE_OPTS) is only passed to build step and
not to install steps, this result in some binaries being built for the
host during install step and raising a build failure on some autobuilders
Fixes:
- http://autobuild.buildroot.org/results/0180989afdd9272ecd5010a787931e0b10a6cdcf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In latest patch the SDMA installation was limited to platforms whose
name was mentioned in the binary but this approach wasn't flexible to
manage cases like imx8m using imx7 sdma binary, so this patch does:
- change VPU/SDMA FW options to string to allow specifying the name
(suggested by Thomas)
- remove imx27 sdma case as non-existent
- add imx8m family support (using imx7d binary)
- get rid of FIRMWARE_IMX_PLATFORM_LOWER macro
Fixes: fad2df39b9 ("package/freescale-imx/firmware-imx: clarify installation of firmware files")
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.24-2.1.0
- No changelog provided by NXP
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.24-2.1.0
- No changelog provided by NXP
- COPYING/EULA update: LA_OPT_NXP_Software_License v11 February 2020
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.24-2.1.0
- No changelog provided by NXP
- COPYING/EULA update: LA_OPT_NXP_Software_License v11 February 2020
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- based on NXP imx_5.4.24_2.1.0 release
- includes latest stable releases, hence 5.4.x naming
- includes support for all Boundary Devices platforms + accessories
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This brings to the swupdate package two fixes [2][3] that have also
been backported in the meta-swupdate Yocto layer, see [1].
[1]: 3fccf23e28
[2]: 1078af97a5
[3]: e3a6b120ff
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gtkvncviewer has been added since version 0.9.13 and
2650cfc17b,
disable it as it is only an example
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
go1.13.13 (released 2020/07/14) includes security fixes to the
crypto/x509 and net/http packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for imx6ullevk_defconfig that allows booting a mainline
kernel and mainline U-Boot.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Separate the fields in the hash file by two spaces and remove hash of
old version.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Separate the fields in the hash file by two spaces.
Change the hash of the license:
- Copyright message changed from 2018,2019 to 2019,2020
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change the hash of the license:
- Copyright message changed from 'present' to 2020
- Link to BSD 2-Clause License changed from http to https
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Without this backslash, any attempt to run make will result in the error:
package/mender/mender.mk:44: *** recipe commences before first target. Stop
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mender has support for performing other types of updates other than
just overwriting the rootfs partition that isn't currently in use on
the target.
Some of the default provided modules provide support for:
- Updating a docker container.
- Running a script.
- Installing an RPM.
- Overwriting a directory.
- Updating a single-file.
The single-file update module is used by upstream for onboarding a new
device to a server, and this fails with Buildroot devices because the
modules are currently not installed.
Install the directory, script, and single-file modules by default, and
install the docker or rpm script if their respective packages are
selected.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 3 scripts have been supported since version 2.0 and should be the
default.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the following license file hashes due to copyright year changes:
- vendor/github.com/mendersoftware/mendertesting/LICENSE
- vendor/github.com/mendersoftware/mender-artifact/LICENSE
Remove hashes for the the following removed files:
- vendor/github.com/mendersoftware/log/LICENSE
- vendor/github.com/mendersoftware/scopestack/LICENSE
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the following license file hashes due to copyright year changes:
- vendor/github.com/mendersoftware/mendertesting/LICENSE
- vendor/github.com/davecgh/go-spew/LICENSE
- vendor/github.com/stretchr/testify/LICENSE
Add hashes for the the following new files:
- vendor/github.com/minio/sha256-simd/LICENSE
- vendor/gopkg.in/yaml.v2/LICENSE
- vendor/github.com/klauspost/compress/LICENSE
- vendor/github.com/russross/blackfriday/v2/LICENSE.txt
- vendor/github.com/klauspost/pgzip/LICENSE
- vendor/github.com/cpuguy83/go-md2man/v2/LICENSE.md
- vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build will fail if gobject-introspection is built before network-manager
but python-gobject is not:
configure: error: "--enable-introspection aims to build the settings documentation. This requires GObject introspection for python (pygobject)
To avoid this build failure and because we don't need documentation,
just disable introspection
Fixes:
- http://autobuild.buildroot.org/results/d3b1bc2fa7559e66465033c455176761d6e184d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- drop patch included in version
- update hash file formatting (2 spaces)
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 35e240105f, gvfs needs
dynamic library as it uses shared_module to build libgvfs_dbus and
libgioremote_volume_monitor
Fixes:
- http://autobuild.buildroot.org/results/89a02fda05e75bfc9bd4fa17fea3bec23fd5da3d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump U-Boot to 2020.07 and kernel to version 5.7.8
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-networkx wasn't upgraded for a while due to incompatibilities
with setools not supporting versions above 1.11. With the recent version
bump of setools this is no longer true and we can bump python-networkx
to 2.4.
The license checksum had to be updated while bumping the package, but
only the year of the copyright has changed.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libfuse3 is an optional dependency since version 1.41.1 and
7a0a06186b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following security issues:
- SERVER-45514 [FLE] Reject document validators with encryption-related
keywords if the validationAction is “warn”
- SERVER-48039 Unrecognized option: net.ssl.clusterCertificateSelector
in MongoDB v4.2
- SERVER-45803 mongodecrypt needs a ServiceContext
- SERVER-46834 Use monotonic time in UserCacheInvalidator
- SERVER-47113 LDAP connection pool acquisition state should own host
list
https://docs.mongodb.com/manual/release-notes/4.2
Also:
- Update indentation in hash file (two spaces)
- Tweak version to be "compliant" with https://release-monitoring.org
- Use official tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
setools is no longer hosted on https://github.com/TresysTechnology/setools/.
Update the source location to its new home,
https://github.com/SELinuxProject/setools/.
Refresh patches 0001-remove-werror-flag-from-setup.patch and
0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch for
4.3.0 and remove patch 0003-setup.py-drop-path-prefix-from-man-install.patch
that is now upstream.
Add a new dependency on host-python-cython, as setup.py now depends on
it.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patch 0001-checkpolicy-remove-unused-te_assertions.patch is now part of
the upstream release 20200710.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Refresh patch 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
for 3.1; and remove patch 0003-fix-building-against-musl-and-uclibc-libraries.patch
that is now upstream.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>