Sort the certificates into alphabetical order so the contents of
ca-certificates.crt can be built reproducibly.
Note: The certificates are sorted uppercase then lowercase filenames
so the contents of ca-certificates.crt matches the source debian package.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Rebuilding ca-certificates using make ca-certificates-rebuild
caused duplicate certificates to be installed in the target. Its build
system is broken: it doesn't detect that the output file already exists,
and instead of overwriting it, a duplicate is generated under a
different name. The net effect is that all certificates are installed
twice after rebuild.
Fix this by cleaning the build directory before building the package.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
c_rehash looks at all files in /etc/ssl/certs, generates the hash for
the certificates in them, and makes a symlink from the hash to the
certificate file.
However, ca-certificates.crt is also installed in /etc/ssl/certs and
it contains all the certificates. c_rehash will take one of them (the
first?) and create a symlink from that hash to ca-certificates.crt.
Usually, this results in an error like:
WARNING: Skipping duplicate certificate ca-certificates.crt
and all is well. However, depending on filesystem order,
ca-certificates.crt may come first, and the actual certificate is
not symlinked.
To fix this install certificates.crt to /etc/ssl/certs *after* we run
c_rehash to prevent it getting hashed by mistake.
Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so
this fix also works for rebuilds.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch provides support for the board Odroid XU4. It uses a recent
4.14 kernel released by Hardkernel, and the current u-boot 2017.05
also from Hardkernel.
Signed-off-by: Pierre CROKAERT <pct@crookies.net>
[Thomas:
- Update DEVELOPERS file
- Update .gitlab-ci.yml file
- Simplify the boot.ini script
- Add missing BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14 option
- Add BR2_PACKAGE_HOST_DOSFSTOOLS and BR2_PACKAGE_HOST_MTOOLS since a
VFAT filesystem is generated
- Keep the default root filesystem size, since it is sufficient.
- Reduce the size of the VFAT filesystem]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
nss-myhostname is helpful to resolve local hostname without domain.
For instance, if we set hostname to myboard and ping myboard
without .local suffix, it fails if /etc/hosts stays unchanged.
nss-myhostname modifies /etc/nsswitch.conf file.
It set myhostname resolution just after files in hosts line,
for example:
hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns
This choice comes from Debian commit [1] and Yocto recipe [2].
Also, nss-myhostname author suggests myhostname should be used as
a backup and appended at the end of hosts line. Both choices are valid.
Discussion on Debian bug tracker [3] gives some details on issue
that may occurs using nss-myhostname (see fqdn).
Note nss-myhostname is already included in systemd, so ensure is conflicts
with it.
[1] http://git.nomeata.de/?p=libnss-myhostname.git;a=commit;h=5104d7f0045df55ee8be526e8c84078750e1e0ed
[2] https://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-support/nss-myhostname/nss-myhostname_0.3.bb
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756224
[Peter: simplify sed invocation, adjust Config.in]
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the nsswitch.conf installation logic moved to the post-install-install
hook of the toolchain package, it is guaranteed to be available when
nss-mdns is run - So drop the logic.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
nsswitch.conf is processed both by the toolchain, nss-mdns and
nss-myhostname without any guaranteed ordering in between.
The toolchain package ensures that nsswitch.conf is available, and the two
nss-* packages tweaks the content, so the toolchain processing should run
before the nss-* ones. Toolchain is a dependency of all the packages, so
ensure this is done by moving the toolchain handling to a
post-target-install hook.
Also move the variable to toolchain/toolchain/toolchain.mk where the virtual
toolchain package is defined for clarity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Both nss-mdns and nss-myhostname patch nsswitch.conf file so it needs to be
done at the final stage to support per-package host/target directories.
[Peter: reword]
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 15c00b9a23, because
the hashes do not match the upstream tarballs. We need to understand
what happened rather than blindly fixing the hashes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-package that is able to shorten the load time of entry_points declared
in setup.py of python packages.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc does not build when the srcdir path contains a '@', because that
path is then substitued in a texi file as argument to an @include
directive. But then, the '@' in the path will start a command evaluation
of its own, thus breaking the build. For example, with a $(O) path set
to /home/ymorin/dev/buildroot/O/to@ti :
perl ../../gcc/../contrib/texi2pod.pl ../../gcc/doc/invoke.texi > gcc.pod
../../gcc/doc/invoke.texi:1678: unknown command `ti'
../../gcc/doc/invoke.texi:1678: @include: could not find /home/ymorin/dev/buildroot/O/to/build/host-gcc-initial-7.3.0/build/gcc/../../gcc/../libiberty/at-file.texi
[Peter: use findstring instead of subst/compare]
Reported-by: c32 on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If a custom external toolchain is used, we can't enable the fortran
support. Add a new option for that.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The download link was broken, former qt versions are stored into a
distinct location.
Signed-off-by: Francois Gerin <francois.gerin@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The download infra now knows to look for per-version hash files, so we
can now drop the unversioned hash files.
Instead of removing them, add a comment that redirects the developper to
update the per-version hash files instead (so they do not re-add a
unversioned one in the future).
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gaël Portay <gael.portay@savoirfairelinux.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that packges may have hashes for their downloaded files in a
versioned subdir or in the unversioned hash file, we can no longer
hard-code the path to the package hash file anymore.
Instead, we now make use of the per-package variable, that points to the
package hash file.
Note: of the packages for which we offer a version choice, almost none,
but some of the qt5 ones, have a per-version hash file, so we still use
the unversioned hash file for them. As for the few qt5 packages that do
have a per-version hash file for their licensing terms, they've already
been updated to duplicate their download hashes in both the unversioned
and per-version hash files. So, one way or the other, no hash check
would go missing with this change.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt5 packages may have different licensing terms between the two
versions we support, and in some cases, those different terms are
expressed in similarly named files, like files named plain 'LICENSE' for
example.
Similarly, glibc also has different license files, especially since the
arc version still has libidn, which got dropped from upstream.
This is problematic, because, in a .hash file, we can't store two
different hashes for the same file. We've started to handle this case by
moving the licenses hashes to the per-version sub directories.
However, the hashes for the downloads are still stored inside the non-
versioned hash file of the package, which is not totally coherent: if we
have a per-version hash file, it should list all the hases for that
version, downloads included, and there should be no unversioned hash
file.
In preparation for this, we duplicate the downloads hashes from the main
hash files, and into the versioned ones. Once the download infra learns
to look for those hashes in these per-version subdirs, we'll remove the
unversioned hash files.
Note that, now that we have versioned hash files, the main hash files
will not be used to check license files, so we can already drop the
hashes for license files from the main hash files.
Note also that there are a few other packages for which we support
different versions (binutils, gcc, gdb, lua, xserver_xorg-server,
uboot), but none of those have different licensing terms due to the
version. Qt5 and glibc are alone in this case.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gaël Portay <gael.portay@savoirfairelinux.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a package has a version selection (e.g. Qt5), the licensing terms
may be different across versions, but lie in similarly named files (e.g.
'LICENSE').
However, when we check a file, all the hashes for it must match. So, we
can't have the hashes for two different content of the same file. We
overcame that limitation in the legal-license-file macro, which checks
whether a package has a .hash file in a versioned subdir.
For consistency, we would like to also store the source hashes in that
per-version subdir.
Rather than reconstruct the path to the hash file everywhere we need it,
add a variable that points to it.
Existing users will be converted over in followup patches.
Note: the check for a missing hash file is done in the check-hash helper
script, so this variable must always yield a filename, even of a missing
file, thus we do not use $(wildcard...) to resolve the hash file path;
we use $(wildcard...) only to check if the versioned .hash file exists.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit ac6fedda6b.
Quoting Jörg Krause:
http://lists.busybox.net/pipermail/buildroot/2018-August/228534.html
"The version bump as version 2.8.0 does only updates the projects
submodules, which we are not using at all. Instead, we always build
luvi with dependencies provided as packages in Buildroot."
[Peter: drop autobuilder reference, issue is in luv, not luvi]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
the generated subdirectory Makefiles are now fixed
now, the Pure Perl version is only useful when BR2_STATIC_LIBS
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
there are also runtime dependency
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add license hash.
License change: LICENSE renamed to LICENSE.rst, and one parahraph
has moved down (no actual content was added/deleted/modified)
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
get-developers tries to open DEVELOPERS in the current directory, so it
breaks when calling it from elsewhere than the toplevel Buildroot directory.
Traceback (most recent call last):
File "../utils/get-developers", line 107, in <module>
__main__()
File "../utils/get-developers", line 26, in __main__
devs = getdeveloperlib.parse_developers(os.path.dirname()
File "/home/peko/source/buildroot/utils/getdeveloperlib.py", line 161, in parse_developers
with open(os.path.join(basepath, "DEVELOPERS"), "r") as f:
IOError: [Errno 2] No such file or directory: '/home/peko/source/buildroot/output-foo/DEVELOPERS'
Fix it by instead figuring out where the DEVELOPERS file is relative to the
location of get-developers (E.G. one level up).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout:
- add realpath to support a symlinked get-developers script;
- pass devs_dir argument to check_developers() to support -c in subdir;
- convert basepath to absolute path to support -f option.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Enable gphoto2 if libgphoto2 and libgudev are available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable cdda if libcdio-paranoia and libgudev are available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable admin backend if libcap and polkit are available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch provides libclc, an open source implementation of the
library requirements of the OpenCL C programming language, as
specified by the OpenCL 1.1 Specification. It is intended to be used
with Clover (Mesa3D's OpenCL implementation for AMD GPUs.
It needs to be compiled with host-clang, as it generates LLVM IR bitcode
files containing device builtin functions for each target.
Currently, libclc supports AMDGCN, R600 and NVPTX targets.
As OpenCL kernels can be built dynamically on the target using libclang and
libLLVM, it is necessary to have clc headers installed on the target. Buildroot
removes /usr/include in its target-finalize step, so clc headers are installed to
/usr/share/clc.
Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
[Thomas:
- fix license information as noticed by Romain
- add comment to explain why --includedir=/usr/share is used]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Preliminary patch to prevent Mesa from building OpenCL lib as
soon as libclc is available.
Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Resolves:
support/testing/tests/core/test_hardening.py:25:42: E231 missing whitespace after ','
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>