Commit 8cbfbe487a (package/skeleton-systemd: systemd-ify mounting /var
tmpfs with ro rootfs) removed the fstab handling of /var, and left the
macro deal solely about keeping / read-only.
However, the code about how the var factory is handled was left above
the macro, which is now misleading and confusing.
Move the comment closer to the actual rootfs-pre-cmd hook which actually
deals with handling the var factory.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519,
CVE-2022-2520, CVE-2022-2521, CVE-2022-2953, CVE-2022-34526,
CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599,
CVE-2022-3626, CVE-2022-3627 and CVE-2022-3970
- COPYRIGHT renamed to LICENSE.md and year updated with
fa1d6d787f
- Use new --{en,dis}able options added by
1ab0e2696ahttp://www.simplesystems.org/libtiff/releases/v4.5.0.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version)
- Drop autoreconf
- Update hash of README.md (year updated with
4c954948ba
and licensing terms slightly reworded with
2a9a4de21e)
https://www.libraw.org/news/libraw-0-21-release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 86d32208b6 (support/testing/tests/init/test_systemd.py: use
downloaded kernel) stopped building a custom kernel for the systemd
tests, but forgot to drop the associated kernel config fragment.
That fragment is now not used in any test case, so we can drop it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, when one does not enable remounting the rootfs read-write,
i.e. keep it read-only, for example because the filesystem is actually
read-only by design, like squashfs, then two things happen:
- we create a factory from the content of /var at build time, register
tmpfiles entries for it, and mount a tmpfs on /var at runtime, so
that systemd-tmpfiles does populate /var from the factory; this is
only done when the rootfs is not remounted r/w;
- we trigger systemd-tmpfiles at build time, which uses the tmpfiles
db, of which our /var entries, to pre-populate the filesystem; this
is always done, whether the rootfs is remounted r/w or not.
Note that Buildroot mounts a tmpfs on /var, and leaves to the integrator
to care for providing an actual filesystem, as there are too many
variants and is very specific to each use-case.
These two mechanisms are conflicting, semantically, but also
technically: the files from the factory will be duplicated, but that
may help in some situations when the actual /var filesystem is not
mountable.
In some cases, it might be preferable to have none, either, or both
mechanisms enabled; it highly depends on the ultimate integration scheme
chosen for a device.
For example, some people will be very happy with a /var that is actually
on a tmpfs and that it gets reseeded form scratch at every boot, while
others may want to ensure that their system continue to work even when
they can't mount something that makes /var writable.
YMMV, as they used to say back in the day...
So, we introduce two new options, in the system sub-menu, each to drive
each mechanism. We default those options to y, to keep the previous
behaviour by default, except the var factory is only available when the
rootfs is not remounted r/w, as it were so far.
We still hint in the help text that there might be some conflict between
the two mechanisms, but since it has been that way for some time, it
does not look too broken for most people.
Since that introduces more options related to systemd being chosen as an
init system, we gather those two options and the existing one inside a
if-endif block, rather than adding more 'depends on' on each options.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Romain Naour <romain.naour@smile.fr>
Cc: Jérémy Rosen <jeremy.rosen@smile.fr>
Cc: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 0d9b84b7a8 (package/systemd: invoke systemd-tmpfilesd on final
image) forcefully introduced a call to systemd-tmpfiles as a per-rootfs
hook, on the premise that would help with read-only rootfs.
However, that did not account for the then-pre-existing handling of /var
as a factory when the user opted not to remount / read-write (by not
setting BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW).
This means that, for users who want to use a factory for /var, the
generated filesystem contains the factory files twice: once as stored in
the factory, and once as populated by systemd-tmpfilesd.
In the hope to reconcile the two solutions, we move the handling of
calling systemd-tmpfilesd to the skeleton-init-systemd package, where we
already handle the /var factory. Having the two in the same package will
make it easier, in the future, to provide the user with a choice whether
to use one of the other.
Note that it is very important to keep the order of the hooks as they
are.
Indeed, skeleton-init-systemd sorts before systemd, so its hooks were
registered before systemd's hooks; now that we move the CREATE_TMPFILES
hook, we must ensure it is called after the PRE_ROOTFS_VAR one, so that
the behaviour of acting on the var factory remains.
As a final note: we chose the move this way, rather than move the var
factory into the systemd package, because it is more related to the
system integration on the Buildroot side, rather than the integration
of the systemd package in Buildroot.
Similarly, the other four rootfs hooks, SYSTEMD_LOCALE_PURGE_CATALOGS,
SYSTEMD_UPDATE_CATALOGS, SYSTEMD_RM_CATALOG_UPDATE_SERVICE, and
specially SYSTEMD_PRESET_ALL, should also be moved out of the systemd
package, because they too are more related to the Buildroot system,
rather than to the systemd package itself; but the frontier is very
porous in either way, for such a package as special as systemd.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Romain Naour <romain.naour@smile.fr>
Cc: Jérémy Rosen <jeremy.rosen@smile.fr>
Cc: Yann E. MORIN <yann.morin@orange.com>
Acked-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
To mount our /var tmpfs when the rootfs is mounted read-only (really,
not remounted read-write), we use an entry in fstab.
However, /etc could also be a tmpfs (for full state-less systems, or
easy factory-reset, see [0]). It also prevents easily ordering other
systemd units until after /var is mounted (not impossible, but less
easy).
So, we register /var as a systemd mount unit, so that we can also have
the /var factory populated and functional even when /etc is empty. The
var.mount unit is heavily modelled after systemd's own tmp.mount one, so
we carry the same license for that file (in case that may apply).
This has two side effects:
- as hinted previously, it simplifies writing other systemd units to
order them after /var is mounted
- user can easily replace it with their own, which mounts an actual
filesystem
[0] http://0pointer.de/blog/projects/stateless.html
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Romain Naour <romain.naour@smile.fr>
Cc: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- split original patch in two
- this one only handles converting /var mounting into a systemd unit
- adapt commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr (as suggested by Norbert):
- fix Before= dependencies
- drop [Install] section
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When the rootfs is not remounted read-write (thus assuming a read-only
rootfs like squashfs), we create a tmpfiles.d factory for /var.
However, we register those in /etc/tmpfiles.d/, but /etc could also be
a tmpfs (for full state-less systems, or easy factory-reset, see [0]).
So, we move our var factory to /usr/lib/tmpfiles.d/, which is also the
location where systemd itself places its own tmpfiles, and where we
already put all our other tmpfiles (see audit, avahi, cryptsetup, dhcp,
lighttpd, nfs-utils, quagga, samba4, swupdate) and our handling of
systemd's catalog files too. We also rename the file to a better name,
so that it is obvious it is generated by us (systemd already installs a
var.conf of its own, so we want to avoid name clashing).
Last little detail: there is no need or reason to create .../tmpfiles.d/
at install time; it is only needed in the rootfs-pre-cmd hook, so we
only create it just before we need it.
[0] http://0pointer.de/blog/projects/stateless.html
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Romain Naour <romain.naour@smile.fr>
Cc: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- split original patch in two
- this one only moves out of /etc and into /usr/lib
- adapt commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- rename to 00-buildroot-var.conf as suggested by Norbert
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The http site automatically redirects to the https variant, so let's
just use that as the default.
The mirror list URL http://search.cpan.org/mirror seems outdated
(re-directed to https://metacpan.org/mirrors aka 'Not Found - The
resource you requested could not be found.').
The closest matching URLs we found were:
https://www.cpan.org/SITES.htmlhttp://mirrors.cpan.org/map.htmlhttp://mirrors.cpan.org/
That last one has all the list, so we use that; the second is a world
map, so we also include it.
Sadly, neither of the mirrors list (table or map) are served as https;
they are only available as http...
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- add a little blurb to explain http->https redirect
- update the mirror list URL, and...
- extend commit message with original explanations from Peter, and..
- notice that they are not served via https...
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As the comment in package/perl/perl.mk instructs, bumping the perl
version must be propagated to utils/scancpan as well.
However, commit 7c1ef8129f (package/perl: bump to version 5.34.0)
forgot to do so.
Fixes: 7c1ef8129f
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The only other language supported is CL (Common Lisp) which buildroot
does not package yet. This saves 52KB in the final root filesystem.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
[yann.morin.1998@free.fr: reformat for one-option per-line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Let's disable the CONFIG_PLATFORM_I386_PC that is set to y by default
involving the endianness to be set to little. This way we can set the
CFLAGS according to architecture with some default define like:
-DCONFIG_IOCTL_CFG80211
-DRTW_USE_CFG80211_STA_EVENT
-Wno-error
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to the upstream release notes of version 2.0.0:
https://lists.x.org/archives/xorg-announce/2022-July/003180.html
"This keyboard driver is primarily used with BSD, GNU Hurd, illumos, &
Solaris systems. Linux systems should instead use either xf86-input-
libinput or xf86-input-evdev.
While versions 1.9.0 and earlier had rudimentary support for Linux as
well, that has been removed in this release."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: Reword help text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A small package that does "Selectively remove C preprocessor conditionals".
The package will be needed for the upcoming webkitgtk 2.40.0 release.
I personally added it to get started with 2.39.2.
See: f76a7e30e5
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
[Peter: use prefix=]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to the latest version of the gcnano-binaries blobs, which are
compatible with the last v5.15-stm32mp-r2 kernel from the
STMicroelectronics BSP.
The management of libraries links have now changed. We moved on from
a version with several links present but few of them missing to no links
at all. Now, all the links are made by the build system. The loop
mechanism to make them are imported from the ST Yocto layer.
The packageconfig have also changed, no need to update prefix and version
value anymore.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel used is based on 6.1-rc3, so use the recently introduced 6.1
kernel headers version to fix a build issue:
Incorrect selection of kernel headers: expected 6.0.x, got 6.1.x
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel used is based on 6.1-rc3, so use the recently introduced 6.1
kernel headers version to fix a build issue:
Incorrect selection of kernel headers: expected 6.0.x, got 6.1.x
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel used is based on 6.1-rc3, so use the recently introduced 6.1
kernel headers version to fix a build issue:
Incorrect selection of kernel headers: expected 6.0.x, got 6.1.x
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a defconfig for the Starfive VisionFive2 board, a board built around the
Starfive JH7110 RISC-V 64bit SoC.
This board comes with functional lowlevel and U-Boot bootloaders in SPI
flash. The defconfig reuses these and only builds a (5.15 based) kernel and
rootfs.
The factory shipped U-Boot is hard coded to look at MMC partition 3.
Signed-off-by: Francois Dugast <francois.dugast.foss@gmail.com>
[Peter: add to DEVELOPERS]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Lichee RV Dock is a RISC-V Linux development kits with high integration,
small size and affordable price designed for opensource developer.
https://wiki.sipeed.com/hardware/en/lichee/RV/Dock.html
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Tested-by: Indrek Kruusa <indrek.kruusa@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Lichee RV - Nezha CM is a compute module with modular design, equipped
with Allwinner D1 chip (based on T-Head XuanTie C906 core), 512MB DDR3
RAM.
Board support is based on the nezha defconfig already available in
buildroot.
https://wiki.sipeed.com/hardware/en/lichee/RV/RV.htmlhttps://linux-sunxi.org/Sipeed_Lichee_RV
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: Indrek Kruusa <indrek.kruusa@gmail.com>
Tested-by: Indrek Kruusa <indrek.kruusa@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package install the required firmware for enabling the
Bluetooth device embedded in the RTL8723DS chip.
The driver is included in Linux main tree and can be enabled
with the BT_HCIUART_RTL symbol.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Tested-by: Indrek Kruusa <indrek.kruusa@gmail.com>
[Peter: use install -D]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop local patch that has been upstreamed[0] and drop the endianness
handling too since from this commit[1] on it's handled by using Linux
macro __LITTLE_ENDIAN.
[0]: 4a555ffb77
[1]: b3da33576d
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
