systemd can use elfutils when available, so this commit adds the
detection of this library.
Signed-off-by: Keith Mok <ek9852@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also add a hash for the license file.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wget is the only downloader currently usable with BR2_PRIMARY_SITE, and that
doesn't work at all for file:// URLs. The symptoms are these:
support/download/dl-wrapper -c '2.4.47' -d '/PATH/build/sw/source/attr' -D '/PATH/build/sw/source' -f 'attr-2.4.47.src.tar.gz' -H 'package/attr//attr.hash' -n 'attr-2.4.47' -N 'attr' -o '/PATH/build/sw/source/attr/attr-2.4.47.src.tar.gz' -u file\|urlencode+file:///NFS/buildroot_dl_cache/attr -u file\|urlencode+file:///NFS/buildroot_dl_cache -u http+http://download.savannah.gnu.org/releases/attr -u http\|urlencode+http://sources.buildroot.net/attr -u http\|urlencode+http://sources.buildroot.net --
file:///NFS/buildroot_dl_cache/attr/attr-2.4.47.src.tar.gz: Unsupported scheme `file'.
ERROR: attr-2.4.47.src.tar.gz has wrong sha256 hash:
ERROR: expected: 25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859
ERROR: got : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
In the case of custom Linux kernel versions, this is fatal, because there isn't
necessarily a hash file to indicate that wget's empty tarball is wrong.
This seems to have been broken by commit c8ef0c03b0, because:
1. BR2_PRIMARY_SITE always appends "urlencode" (package/pkg-download.mk)
2. Anything with the "|urlencode" suffix in $uri will end up using wget due to
the backend case wildcarding.
3. The wget backend rejects file:/// URLs ("unsupported scheme"), and we end up
with an empty .tar.gz file in the downloads directory.
Fix that by shell-extracting the backend name from the left of "|". I'm not
positive if all URLs will have a "|", so this code only looks for a "|" left of
the "+".
Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds host-checksec package support. This tool provides a
script to offline check the properties of a security hardened elf file.
REF: https://github.com/slimm609/checksec.sh
Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: add entry to DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-nodejs is configured to build openssl by using its included openssl
source code which is based on openssl 1.0.2. If host-libopenssl was
already built its header files are being picked up during host-nodejs
build, this was verified by adding debug code to
$(HOST_DIR)/include/openssl/opensslv.h.
This situation was not a problem as long as host-libopenssl was the
same version than the openssl code included in nodejs.
Some code in host-nodejs-8.11.4/src/node_crypto.cc is guarded by
#if OPENSSL_VERSION_NUMBER < 0x10100000L
to be used only with openssl 1.0.x.
This leads to problems if host-libopenssl 1.1.x was built before. Due
to the usage of its header files some code in node_crypto.cc is not
built leading to many linking errors later on, for example:
node_crypto.cc:(.text+0x1a1): undefined reference to `DH_get0_pqg'
When the nodejs package originally was added to buildroot back in
March 2013:
https://git.buildroot.net/buildroot/commit/?id=b31bc7d4387095091a109eb879464d54d37a5eab
We did not have a host-libopenssl package back then, it was added one
month later:
https://git.buildroot.net/buildroot/commit/?id=7842789cb539b6b64d61b03f5c8dbe6813f01da7
To fix the problem we use host-libopenssl for host-nodejs.
By using host-libopenssl the build time of nodejs is reduced by ~15s.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current download location fails, and Buildroot falls back to
sources.b.o:
--2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]
This commit fixes the download location:
--2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]
This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current download location fails, and Buildroot falls back to
sources.b.o:
--2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]
This commit fixes the download location:
--2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]
This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Depends on gcc >= 4.8:
https://github.com/randombit/botan/blob/master/readme.rst
Rebased patch 0001, added license hash and updated license path.
Updated configure options for shared/static libraries after commit
299119f02c
Added configure for ssp support after commit
ebeae68aba
This fixes a build error with toolchains without ssp support.
Removed dependency to gmp:
https://github.com/randombit/botan/issues/719
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some live555 libraries were missing in LIVE555_LIBS.
Instead of maintaining the list of live555 library files we use pkgconf
instead.
Fixes
http://autobuild.buildroot.net/results/744/7445bdc2fdcb28aa7f58c0249653329414e447df/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed for vlc to fix linking issue.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for OpenSSL 1.1 is broken, use builtin crypto for now like
Debian does:
09d9f916ec (8756c63497c8dc39f7773438edf53b220c773f67_27_26)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release includes support for OpenSSL 1.1.x
Added hashes for tarball and license file.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When libidn2 is statically build with libunistring support, mutt needs
to add -lunistring to LIBS.
To do that, add a call to PKG_CHECK_MODULES to retrieve this information
from libidn2.pc
Fixes:
- http://autobuild.buildroot.net/results/177da8f4798f69298db5385957184f1c53cca923
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The download wrapper call is currently always being displayed, even
without V=1, which is a bit annoying. It shows something like this:
thomas@windsurf:~/projets/buildroot (master)$ make tslib-source
>>> tslib 1.16 Downloading
PATH="/home/thomas/projets/buildroot/output/host/bin:/home/thomas/projets/buildroot/output/host/sbin:/usr/local/bin:/usr/bin:/bin:/home/thomas/.rvm/bin:/usr/local/sbin:/usr/sbin:/home/thomas/.rvm/bin:/home/thomas/sys/bin:/home/thomas/.gem/ruby/2.1.0/bin:/home/thomas/.rvm/bin" BR2_DL_DIR=/home/thomas/dl BUILD_DIR=/home/thomas/projets/buildroot/output/build O=/home/thomas/projets/buildroot/output flock /home/thomas/dl/tslib/ support/download/dl-wrapper -c '1.16' -d '/home/thomas/dl/tslib' -D '/home/thomas/dl' -f 'tslib-1.16.tar.xz' -H 'package/tslib//tslib.hash' -n 'tslib-1.16' -N 'tslib' -o '/home/thomas/dl/tslib/tslib-1.16.tar.xz' -u https+https://github.com/kergoth/tslib/releases/download/1.16 -u http\|urlencode+http://sources.buildroot.net/tslib -u http\|urlencode+http://sources.buildroot.net --
Let's silence this dl-wrapper call by prepending with $(Q).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the introduction of Python 3.7.0, setuptools also needs to be updated.
Without the update, several packages will fail to build or install with a
ValueError: bad marshal data (unknown type code).
Updating setuptools to 40.0.0 version fixes this issue.
Even though 40.1.0 is out, updating to 40.0.0 is recommended as it seems like
40.1.0 breaks version detection on some python packages such as
python-cryptography which will error out with a complaint that setuptools is too
old, even though it's at 40.1.0. Using 40.0.0 fixes the issue.
Fixes:
http://autobuild.buildroot.net/results/636/636da0febe02f991095965d52cc4a8b2da644777/http://autobuild.buildroot.net/results/5f6/5f659130a6a32a4c43d6ed2c3b559df77ae18249/
Signed-off-by: Adam Duskett <aduskett@greenlots.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes
In file included from commands.cpp:32:0:
crypto.hpp:60:7: error: 'unique_ptr' in namespace 'std' does not name a template type
std::unique_ptr<Aes_impl> impl;
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
MySQL detects on the build machine where the hostname program is
located, and uses this value in a number of configuration files and
scripts that are generated and installed in the target:
output/target$ grep -r "bin/hostname" *
etc/inittab:::sysinit:/bin/hostname -F /etc/hostname
usr/share/mysql/mysql.server: pid_file=$datadir/mysqlmanager-`/usr/bin/hostname`.pid
usr/share/mysql/mysql.server: server_pid_file=$datadir/`/usr/bin/hostname`.pid
usr/bin/mysql_install_db:hostname=`/usr/bin/hostname`
usr/bin/mysqld_safe: err_log=$DATADIR/`/usr/bin/hostname`.err
usr/bin/mysqld_safe: pid_file="$DATADIR/`/usr/bin/hostname`.pid"
However, the hostname on the build machine may not necessarily be at
the same location as the hostname program on the target. Buildroot has
its hostname program (coming from Busybox) in /bin, but some Linux
distributions (such as Fedora) use /usr/bin/hostname, causing the
incorrect hostname paths above.
This commit fixes that by passing the appropriate autoconf cache
variable value.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: add commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 0.8.6 is a bugfix release including a nasty bug that has
potential to crash applications when parsing certain URIs (like
"//:%aa@", excluding quotes).
For more details please check the change log at
https://github.com/uriparser/uriparser/blob/uriparser-0.8.6/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is used when calling the mender client with the
-version option and it says "unknown" if not set in
linker.
Now it displays the following:
# mender -version
1.4.0
runtime: go1.10.2
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also added license checksums in mender.hash
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These files are part of Mender sources and no point in keeping duplicate
files locally.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tenant Token is a configuration option that has to do with Hosted Mender,
where you you need to set this for the devices to connect to the
correct organization in a multi-tenant system.
The removal of tenant.conf usage (and /var/lib/mender/authtentoken)
was in Mender client version 1.2.0, where it was switched to be an mender.conf
option instead as the example above demonstrates. As the first version that was
integrated in Buildroot was 1.4.0, the inclusion of tenant.conf and the
creation of the symlink is not necessary.
Now it is specified as such in mender.conf:
Example:
/etc/mender/mender.conf
{
TenantToken: "very long base64 encoded string"
}
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Mender client uses fw_printenv/fw_setenv to manipulate the U-boot
environment, e.g to change the boot candidate after a update has been
done.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mender state-scripts are essentially "hooks" that can be provided to
influence the update flow.
They should be placed inside /etc/mender/scripts and the directory must
contain a file containing the current state-script format version. It is
currently "2".
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current values that are in mender.conf will actually
cause the Mender client to fail to start because of invalid
values.
Provide sane default values that at least allow the Mender client
to parse the configuration options and start running.
The values provided will actually work in a "Demo Environment",
see https://docs.mender.io/getting-started/create-a-test-environment.
Though an entry is required in /etc/hosts to resolve the URL to the
local IP address of the running demo server.
Example:
echo "192.168.0.10 docker.mender.io s3.docker.mender.io" >> \
/etc/hosts
Above is required because the demo certificate
(/etc/mender/server.crt) is created for https://docker.mender.io.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These scripts are used to generate the device identity and to populate
the the device inventory. The Mender client will call these and at least
the mender-device-identity is required to be present at the correct
location. Inventory scripts are there as an example and not
actually required.
Example output from identity script:
$ ./mender-device-identity
mac=de:ad:ca:fe:00:01
cpuid=1112233
Example output from inventory script:
$ ./mender-inventory-network
mac_br-fbfdad18c33c=02:42:7e:74:96:85
network_interfaces=br-fbfdad18c33c
ipv4_br-fbfdad18c33c=172.21.0.1/16
mac_enp0s25=de:ad:be:ef:bb:05
network_interfaces=enp0s25
ipv4_enp0s25=123.22.0.197/16
ipv4_enp0s25=10.20.20.105/16
ipv6_enp0s25=fe80::2aad:beff:feef:bb05/64
Inventory and device identity data is presented on the Mender server
front-end.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Recent U-Boot no longer ship the flex/bison generated kconfig parser, as
of commit e91610da7c8a9fe42f3e5a75f06c3d1a0cb5f815 (kconfig: re-sync
with Linux 4.17-rc4).
So, add the conditional kconfig dependencies, as we just did for the
kernel.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
