When BR2_TARGET_OPTEE_OS=y, mkimage_fit_atf.sh is executed with two additional
variables so that the ITS file contains an additional node for the TEE binary.
Then the TEE binary will be packaged into the ITB in addition to TF-A and
U-Boot.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also, only host-python-installer itself needs to be added now.
host-python-flit-core is a dependency of host-python-installer so
doesn't need to be added explicitly.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package is moving to flit and will soon be dropping distutils
compatibility support.
We need to use flit-bootstrap as opposed to the normal flit setup
type since host-python-pypa-build depends on host-python-installer.
We need to add the src directory to the PYTHONPATH so that installer
can run from the src directory when installing itself.
We need to explicitly add host-python-flit-core to the dependencies -
only host-python-installer is automatically added to the depenedencies
for flit-bootstrap packages, and this would create a circular dependency
so is explicitly excluded in the infra.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This adds the option to set systemd's default.target in
the System Configuration subheading if systemd is
specified as the init system.
The argument for default.target is specified pre-build
as opposed to overriding the hardcoded "multi-user.target"
symlink with post-build scripts or a rootfs overlay
Signed-off-by: Sen Hastings <sen@phobosdpl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
CONFIG_CRYPTO_AEAD2=y.
CONFIG_CRYPTO_AEAD2 and CONFIG_CRYPTO_SKCIPHER2 are needed to fix the
following build failure:
ERROR: modpost: "crypto_alloc_skcipher" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "scatterwalk_map_and_copy" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_ahash_final" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_encrypt" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_setkey" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_skcipher_decrypt" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_destroy_tfm" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_skcipher_setkey" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_decrypt" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
ERROR: modpost: "crypto_aead_setauthsize" [/home/autobuild/autobuild/instance-2/output-1/build/cryptodev-linux-1.12/./cryptodev.ko] undefined!
However, those options are not user-selectable. They are enabled by the
appropriate consumers of those cyphers. Since cryptodev is anyway meant
to give userspace access to kernel crypto (hardware), it makes sense to
enable CONFIG_CRYPTO. The easiest way to also get AEAD2 and SKCIPHER2 is
to enable CONFIG_CRYPTO_USER_API_AEAD as well.
Fixes:
- http://autobuild.buildroot.org/results/a06708369c233f6e60a1a3ffd7a77a4edd932c9a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When tbb is built in Debug mode, it installs libtbb_debug.so instead of
libtbb.so. This confuses downstream packages that want to link with it
(e.g. sysdig).
Always build in Release mode. This means that BR2_ENABLE_RUNTIME_DEBUG
has no effect for this package, but that shouldn't be a bi issue.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some files in kvm-unit-tests are licensed under the GPL v2 nowadays:
https://gitlab.com/kvm-unit-tests/kvm-unit-tests/-/commit/b29b222beb424a00
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
[yann.morin.1998@free.fr: do not replace LGPLGv2, add to the list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A simple update by bumping the version number and sha256 sum
to the current version.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In order to remove a patch which needs frequent updates on major version
bumps and to get rid of autoreconf we just add -lz when creating a static
build. This make sure that static linking occurs in the right order.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There are many varibles shared via setuptools, distutils and pep517,
combine those common env/opts variables to make them easier to
maintain.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with libressl raised since bump to
version 3.5.2 in commit 8b216927db:
./dnssec.c: In function 'ldns_key_buf2dsa_raw':
./dnssec.c:386:5: error: invalid use of incomplete typedef 'DSA' {aka 'struct dsa_st'}
386 | dsa->p = P;
| ^~
Fixes:
- http://autobuild.buildroot.org/results/d754fbaa8f6687597682fbf0b71c16527c8cd603
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commits 4db37c663c (dhcp: add config option for delayed-ack feature
of dhcp server) and 40f7adae3c (package/dhcp: add security options to
DHCP server) forgot to explicit disable the option when not requested.
Fix that now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Andreas Ehmanns <universeiii@gmx.de>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas De Schampheleire <patrickdepinguin+buildroot@gmail.com>
Cc: Jan Havran <havran.jan@email.cz>
Cc: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This script gives the address, the offset and the size of binaries have been
stored into U-Boot FIT image that contains TF-A, U-Boot and OP-TEE.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with libressl raised since bump to
version 3.5.2 in commit 8b216927db:
crypt.c:71:25: error: field 'h' has incomplete type
71 | _libssh2_cipher_ctx h;
| ^
Fixes:
- http://autobuild.buildroot.org/results/47f492ccd4888fe4a150b36e12c88f1e068d46b6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
sysdig 0.27.1 cannot be cross-compiled to, e.g., aarch64 because it uses open()
syscall [1].
This patch bumps its version to enable cross-compilation. Existing
patches have been upstream, but a new patch (merged upstream) has to be
added to avoid downloading json-for-modern-cpp during the build.
[1] https://marc.info/?l=buildroot&m=164951521629400
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a dependency of newer sysdig. It contains the driver, and also a
few userspace components. The latter however are not meant to be
installed in the sysroot; instead, the whole thing is meant to be
included directly in the build of the project using it. Changing things
so it does work in the normal way of installing to the sysroot turns out
to be pretty complicated.
Basically, falcosecurity-libs is just a component of sysdig. It's
defined as a separate package only because that's an easier way to
download it than defining extra download and extract commands in sysdig
itself. For this reason, it's defined as a blind option in Config.in.
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The main goal is to use buildroot host-libbpf instead of pahole libbpf
git submodule (which ends up being the same thing anyway). However, this
creates compilation errors due to the use of deprecated APIs (like
btf__get_nr_types). Bump pahole to a commit that is compatible with
current libbpf:
73383b3a39af ("libbpf: Update libbpf to the latest git HEAD")
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This reverts commit 8e91385a2c.
This commit is incorrect, as it is perfectly valid for
BR2_TOOLCHAIN_EXTERNAL_PATH to be empty. The help text of
BR2_TOOLCHAIN_EXTERNAL_PATH even documents it as a supported case:
If empty, the compiler will be searched in $PATH.
Commit 392b0a26f5 ("toolchain-external:
default BR2_TOOLCHAIN_EXTERNAL_PATH to empty") even made that the
default saying "In addition, it in fact works correctly when it is
empty. In that case, the toolchain will be searched in PATH."
A user has reported that commit
8945ba4948 (the backport of 8e91385a2c to
the 2022.02.x LTS branch) breaks his use-case:
https://lore.kernel.org/buildroot/CADBnMvhgaozAgZgy3njckjL1i0U6bZ0fLrq-kdFF-qpGhFWgmw@mail.gmail.com/
Reported-by: Kristof Havasi <havasiefr@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: reference 8e91385a2c on master]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that recent versions of binutils work with FLAT binaries, we can
drop the old 2.32 version, which was kept only to keep support FLAT
binaries.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thanks to the bump of elf2flt to version 2021.08, the issue with
recent versions of binutils has been fixed, so we can re-enable using
the recent binutils versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It contains several fixes and improvements compared to our current
version, and two of our patches have been accepted upstream. Most
notably, it fixes the issue we had in using elf2flt with recent
versions of binutils (upstream commit
ba379d08bb78c9300e84351c11080c26ddcc36b3).
Patch 0001-ld-elf2flt-behave-properly-when-called-with-a-name-d.patch
is upstream as of commit 1c9b454336eaf38f7d037917a3120fae04193fbe
Patch 0002-elf2flt.c-add-new-relocation-types-for-xtensa.patch is
upstream as of commit d7eb73163bcea31168c438fc132a0967ac172e3d
The other two patches are refreshed to apply properly on 2021.08.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The afboot-stm32 build system was initially linking with gcc, but that
was changed upstream following a Buildroot contribution to use ld
instead.
However, the build system was still passing -nostartfiles, which is a
gcc option. By luck, this option was simply ignored by older versions
of ld (such as binutils 2.32), but newer versions of ld (2.36 and
newer, at least) no longer accept/ignore this option.
This commit adds a patch that drops the use of this option, since it
is useless for ld.
The first patch is slightly updated because the upstream pull request
has been updated to contain both build fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable builtin harfbuzz which is enabled by default since bump to
version 2.0.18 in commit f4da031a77 and
834ec54127
resulting in the following build failure without threads:
In file included from external/harfbuzz-2.8.0/src/hb.hh:470,
from external/harfbuzz-2.8.0/src/hb-aat-layout.cc:28:
external/harfbuzz-2.8.0/src/hb-mutex.hh:53:10: fatal error: pthread.h: No such file or directory
53 | #include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ac8b366558bec61ada84ec15cf27652fde2b63b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2022-1381: global heap buffer overflow in skip_range in GitHub
repository vim/vim prior to 8.2.4763. This vulnerability is capable of
crashing software, Bypass Protection Mechanism, Modify Memory, and
possible remote execution
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>