[OE-core] [dunfell][PATCH] grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content

[Hitendra Prajapati]

Source: https://git.savannah.gnu.org/cgit/grub.git/
MR: 116495
Type: Security Fix
Disposition: Backport from 
https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4
ChangeID: fce3d59e50320bef247bb981352051b8f953a4fc
Description:
CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow 
unprivileged user to read the file content.

Affects "grub2 < 2.06"

Signed-off-by: Hitendra Prajapati 
---
 .../grub/files/CVE-2021-3981.patch| 32 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3981.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981.patch 
b/meta/recipes-bsp/grub/files/CVE-2021-3981.patch
new file mode 100644
index 00..e27027ea65
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2021-3981.patch
@@ -0,0 +1,32 @@
+From 67740c43c9326956ea5cd6be77f813b5499a56a5 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati 
+Date: Mon, 27 Jun 2022 10:15:29 +0530
+Subject: [PATCH] CVE-2021-3981
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4]
+CVE: CVE-2021-3981
+Signed-off-by: Hitendra Prajapati 
+---
+ util/grub-mkconfig.in | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index 9f477ff..ead94a6 100644
+--- a/util/grub-mkconfig.in
 b/util/grub-mkconfig.in
+@@ -287,7 +287,11 @@ and /etc/grub.d/* files or please file a bug report with
+ exit 1
+   else
+ # none of the children aborted with error, install the new grub.cfg
+-mv -f ${grub_cfg}.new ${grub_cfg}
++oldumask=$(umask)
++umask 077
++cat ${grub_cfg}.new > ${grub_cfg}
++umask $oldumask
++rm -f ${grub_cfg}.new
+   fi
+ fi
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 0d3f6d05da..9e98d8249d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -95,6 +95,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \

file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \

file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
+   file://CVE-2021-3981.patch\
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167367): 
https://lists.openembedded.org/g/openembedded-core/message/167367
Mute This Topic: https://lists.openembedded.org/mt/92059814/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] binutils : CVE-2019-1010204

[Pgowda]

Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a4fc266dbf77ed7ab83da16468e9ba627b8bc2d]

Signed-off-by: Pgowda 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0014-CVE-2019-1010204.patch  | 49 +++
 2 files changed, 50 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index dc0a2a4054..a069071c97 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -32,5 +32,6 @@ SRC_URI = "\
  file://0011-sync-with-OE-libtool-changes.patch \
  file://0012-Check-for-clang-before-checking-gcc-version.patch \
  file://0013-Avoid-as-info-race-condition.patch \
+ file://0014-CVE-2019-1010204.patch \
 "
 S  = "${WORKDIR}/git"
diff --git 
a/meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch 
b/meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch
new file mode 100644
index 00..dad4a62038
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch
@@ -0,0 +1,49 @@
+From 2a4fc266dbf77ed7ab83da16468e9ba627b8bc2d Mon Sep 17 00:00:00 2001
+From: Nick Clifton 
+Date: Mon, 27 Jun 2022 13:07:40 +0100
+Subject: [PATCH] Have gold's File_read::do_read() function check the start
+ parameter
+
+   PR 23765
+   * fileread.cc (File_read::do_read): Check start parameter before
+   computing number of bytes to read.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a4fc266dbf77ed7ab83da16468e9ba627b8bc2d]
+
+Signed-off-by: Pgowda 
+---
+ gold/ChangeLog   | 6 ++
+ gold/fileread.cc | 6 ++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/gold/ChangeLog b/gold/ChangeLog
+index 5103dab7b67..8557dc6db7f 100644
+--- a/gold/ChangeLog
 b/gold/ChangeLog
+@@ -1,3 +1,9 @@
++2022-06-27  Nick Clifton  
++
++  PR 23765
++  * fileread.cc (File_read::do_read): Check start parameter before
++  computing number of bytes to read.
++
+ 2022-02-17  Nick Clifton  
+ 
+   * po/sr.po: Updated Serbian translation.
+diff --git a/gold/fileread.cc b/gold/fileread.cc
+index 2b653f78c2e..af2df215468 100644
+--- a/gold/fileread.cc
 b/gold/fileread.cc
+@@ -385,6 +385,12 @@ File_read::do_read(off_t start, section_
+   ssize_t bytes;
+   if (this->whole_file_view_ != NULL)
+ {
++  // See PR 23765 for an example of a testcase that triggers this error.
++  if (((ssize_t) start) < 0)
++  gold_fatal(_("%s: read failed, starting offset (%#llx) less than zero"),
++ this->filename().c_str(),
++ static_cast(start));
++  
+   bytes = this->size_ - start;
+   if (static_cast(bytes) >= size)
+   {
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167366): 
https://lists.openembedded.org/g/openembedded-core/message/167366
Mute This Topic: https://lists.openembedded.org/mt/92059622/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-pycryptodome: upgrade 3.14.1 -> 3.15.0

[wangmy]

Changelog:
=

New features

Add support for curves Ed25519 and Ed448, including export and import of 
keys.
Add support for EdDSA signatures.
Add support for Asymmetric Key Packages (RFC5958) to import private keys.

Resolved issues
---
GH#620: for Crypto.Util.number.getPrime , do not sequentially scan numbers 
searching for a prime.



Signed-off-by: Wang Mingyu 
---
 ...n3-pycryptodome_3.14.1.bb => python3-pycryptodome_3.15.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-pycryptodome_3.14.1.bb => 
python3-pycryptodome_3.15.0.bb} (38%)

diff --git a/meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb 
b/meta/recipes-devtools/python/python3-pycryptodome_3.15.0.bb
similarity index 38%
rename from meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb
rename to meta/recipes-devtools/python/python3-pycryptodome_3.15.0.bb
index c0324590c2..cabe9189f2 100644
--- a/meta/recipes-devtools/python/python3-pycryptodome_3.14.1.bb
+++ b/meta/recipes-devtools/python/python3-pycryptodome_3.15.0.bb
@@ -1,5 +1,5 @@
 require python-pycryptodome.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = 
"e04e40a7f8c1669195536a37979dd87da2c32dbdc73d6fe35f0077b0c17c803b"
+SRC_URI[sha256sum] = 
"9135dddad504592bcc18b0d2d95ce86c3a5ea87ec6447ef25cfedea12d6018b8"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167365): 
https://lists.openembedded.org/g/openembedded-core/message/167365
Mute This Topic: https://lists.openembedded.org/mt/92058718/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-numpy: upgrade 1.22.4 -> 1.23.0

[wangmy]

Changelog:
==
The NumPy 1.23.0 release continues the ongoing work to improve the
handling and promotion of dtypes, increase the execution speed, clarify
the documentation, and expire old deprecations. The highlights are:

Implementation of loadtxt in C, greatly improving its performance.
Exposing DLPack at the Python level for easy data exchange.
Changes to the promotion and comparisons of structured dtypes.
Improvements to f2py.


Signed-off-by: Wang Mingyu 
---
 .../python/{python3-numpy_1.22.4.bb => python3-numpy_1.23.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-numpy_1.22.4.bb => 
python3-numpy_1.23.0.bb} (96%)

diff --git a/meta/recipes-devtools/python/python3-numpy_1.22.4.bb 
b/meta/recipes-devtools/python/python3-numpy_1.23.0.bb
similarity index 96%
rename from meta/recipes-devtools/python/python3-numpy_1.22.4.bb
rename to meta/recipes-devtools/python/python3-numpy_1.23.0.bb
index 8ad3442413..5457b7d34b 100644
--- a/meta/recipes-devtools/python/python3-numpy_1.22.4.bb
+++ b/meta/recipes-devtools/python/python3-numpy_1.23.0.bb
@@ -13,7 +13,7 @@ SRC_URI = 
"https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${S
file://run-ptest \

file://0001-generate_umath.py-do-not-write-full-path-to-output-f.patch \
"
-SRC_URI[sha256sum] = 
"b4308198d0e41efaa108e57d69973398439c7299a9d551680cdd603cf6d20709"
+SRC_URI[sha256sum] = 
"bd3fa4fe2e38533d5336e1272fc4e765cabbbde144309ccee8675509d5cd7b05"
 
 UPSTREAM_CHECK_URI = "https://github.com/numpy/numpy/releases";
 UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)\.tar"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167364): 
https://lists.openembedded.org/g/openembedded-core/message/167364
Mute This Topic: https://lists.openembedded.org/mt/92058717/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-dbusmock: upgrade 0.28.0 -> 0.28.1

[wangmy]

Changelog:
==
Again works on RHEL/CentOS 8 (0.27 broke there), now in CI
Avoid glib GI dependency for main dbusmock, for running in virtualenv

Signed-off-by: Wang Mingyu 
---
 .../{python3-dbusmock_0.28.0.bb => python3-dbusmock_0.28.1.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-dbusmock_0.28.0.bb => 
python3-dbusmock_0.28.1.bb} (83%)

diff --git a/meta/recipes-devtools/python/python3-dbusmock_0.28.0.bb 
b/meta/recipes-devtools/python/python3-dbusmock_0.28.1.bb
similarity index 83%
rename from meta/recipes-devtools/python/python3-dbusmock_0.28.0.bb
rename to meta/recipes-devtools/python/python3-dbusmock_0.28.1.bb
index 6155c866a2..d6889f4313 100644
--- a/meta/recipes-devtools/python/python3-dbusmock_0.28.0.bb
+++ b/meta/recipes-devtools/python/python3-dbusmock_0.28.1.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/python-dbusmock/";
 LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=e6a600fd5e1d9cbde2d983680233ad02"
 
-SRC_URI[sha256sum] = 
"c63edeacec7796c4f379b2e17566d62afa404c048931ac9eba446470cec80ada"
+SRC_URI[sha256sum] = 
"6434e544c055e3570b20e341e50a3d2dd50b19d9e55d579b919e14879f9f1e57"
 
 PYPI_PACKAGE = "python-dbusmock"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167363): 
https://lists.openembedded.org/g/openembedded-core/message/167363
Mute This Topic: https://lists.openembedded.org/mt/92058705/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-certifi: upgrade 2022.5.18.1 -> 2022.6.15

[wangmy]

Signed-off-by: Wang Mingyu 
---
 ...hon3-certifi_2022.5.18.1.bb => python3-certifi_2022.6.15.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-certifi_2022.5.18.1.bb => 
python3-certifi_2022.6.15.bb} (86%)

diff --git a/meta/recipes-devtools/python/python3-certifi_2022.5.18.1.bb 
b/meta/recipes-devtools/python/python3-certifi_2022.6.15.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-certifi_2022.5.18.1.bb
rename to meta/recipes-devtools/python/python3-certifi_2022.6.15.bb
index ff460d40b9..f78409b177 100644
--- a/meta/recipes-devtools/python/python3-certifi_2022.5.18.1.bb
+++ b/meta/recipes-devtools/python/python3-certifi_2022.6.15.bb
@@ -7,7 +7,7 @@ HOMEPAGE = " http://certifi.io/";
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=67da0714c3f9471067b729eca6c9fbe8"
 
-SRC_URI[sha256sum] = 
"9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7"
+SRC_URI[sha256sum] = 
"84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d"
 
 inherit pypi setuptools3
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167362): 
https://lists.openembedded.org/g/openembedded-core/message/167362
Mute This Topic: https://lists.openembedded.org/mt/92058704/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-importlib-metadata: upgrade 4.11.4 -> 4.12.0

[wangmy]

License-Update:
  Add text content of “http://www.apache.org/licenses/LICENSE-2.0"; to LICENSE

Changelog:
===
py-93259: Now raise ValueError when None or an empty string are passed to
Distribution.from_name (and other callers).

Signed-off-by: Wang Mingyu 
---
 ...etadata_4.11.4.bb => python3-importlib-metadata_4.12.0.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-importlib-metadata_4.11.4.bb => 
python3-importlib-metadata_4.12.0.bb} (79%)

diff --git a/meta/recipes-devtools/python/python3-importlib-metadata_4.11.4.bb 
b/meta/recipes-devtools/python/python3-importlib-metadata_4.12.0.bb
similarity index 79%
rename from meta/recipes-devtools/python/python3-importlib-metadata_4.11.4.bb
rename to meta/recipes-devtools/python/python3-importlib-metadata_4.12.0.bb
index 807a16d6db..c00e42cb1c 100644
--- a/meta/recipes-devtools/python/python3-importlib-metadata_4.11.4.bb
+++ b/meta/recipes-devtools/python/python3-importlib-metadata_4.12.0.bb
@@ -1,14 +1,14 @@
 DESCRIPTION = "Read metadata from Python packages"
 HOMEPAGE = "https://pypi.org/project/importlib-metadata/";
 LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e88ae122f3925d8bde8319060f2ddb8e"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"

 inherit pypi python_setuptools_build_meta

 PYPI_PACKAGE = "importlib_metadata"
 UPSTREAM_CHECK_REGEX = "/importlib-metadata/(?P(\d+[\.\-_]*)+)/"

-SRC_URI[sha256sum] = 
"5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700"
+SRC_URI[sha256sum] = 
"637245b8bab2b6502fcbc752cc4b7a6f6243bb02b31c5c26156ad103d3d45670"

 S = "${WORKDIR}/importlib_metadata-${PV}"

--
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167360): 
https://lists.openembedded.org/g/openembedded-core/message/167360
Mute This Topic: https://lists.openembedded.org/mt/92058701/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-babel: upgrade 2.10.1 -> 2.10.3

[wangmy]

Changelog
=
Fallback count=”other” format in format_currency() (#872)

Fix get_period_id() with dayPeriodRule across 0:00 (#871)

Add support for b and B period symbols in time format (#869)

chore(docs/typo): Fixes a minor typo in a function comment (#864)

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-babel_2.10.1.bb => python3-babel_2.10.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-babel_2.10.1.bb => 
python3-babel_2.10.3.bb} (87%)

diff --git a/meta/recipes-devtools/python/python3-babel_2.10.1.bb 
b/meta/recipes-devtools/python/python3-babel_2.10.3.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-babel_2.10.1.bb
rename to meta/recipes-devtools/python/python3-babel_2.10.3.bb
index d06eb2bf5c..7420bfc917 100644
--- a/meta/recipes-devtools/python/python3-babel_2.10.1.bb
+++ b/meta/recipes-devtools/python/python3-babel_2.10.3.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://babel.edgewall.org/";
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=1b3f4650099e6d6a73e5a7fc8774ff18"

-SRC_URI[sha256sum] = 
"98aeaca086133efb3e1e2aad0396987490c8425929ddbcfe0550184fdc54cd13"
+SRC_URI[sha256sum] = 
"7614553711ee97490f732126dc077f8d0ae084ebc6a96e23db1482afabdb2c51"

 PYPI_PACKAGE = "Babel"

--
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167361): 
https://lists.openembedded.org/g/openembedded-core/message/167361
Mute This Topic: https://lists.openembedded.org/mt/92058702/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-chardet: upgrade 4.0.0 -> 5.0.0

[wangmy]

This release is the first release of chardet that no longer supports Python < 
3.6.

License-Update: Adjust document format, change "St" to "Street"

Signed-off-by: Wang Mingyu 
---
 .../{python3-chardet_4.0.0.bb => python3-chardet_5.0.0.bb}| 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-chardet_4.0.0.bb => 
python3-chardet_5.0.0.bb} (74%)

diff --git a/meta/recipes-devtools/python/python3-chardet_4.0.0.bb 
b/meta/recipes-devtools/python/python3-chardet_5.0.0.bb
similarity index 74%
rename from meta/recipes-devtools/python/python3-chardet_4.0.0.bb
rename to meta/recipes-devtools/python/python3-chardet_5.0.0.bb
index f53bdc974a..80baed7986 100644
--- a/meta/recipes-devtools/python/python3-chardet_4.0.0.bb
+++ b/meta/recipes-devtools/python/python3-chardet_5.0.0.bb
@@ -1,9 +1,9 @@
 SUMMARY = "Universal encoding detector for Python 2 and 3"
 HOMEPAGE = "https://pypi.org/project/chardet/";
 LICENSE = "LGPL-2.1-only"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=4fbd65380cdd255951079008b364516c"
 
-SRC_URI[sha256sum] = 
"0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa"
+SRC_URI[sha256sum] = 
"0368df2bfd78b5fc20572bb4e9bb7fb53e2c094f60ae9993339e8671d0afb8aa"
 
 # setup.py of chardet needs this.
 DEPENDS += "${PYTHON_PN}-pytest-runner-native"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167359): 
https://lists.openembedded.org/g/openembedded-core/message/167359
Mute This Topic: https://lists.openembedded.org/mt/92058684/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Announcing pkgexp

[Otavio Salvador]

Em ter., 28 de jun. de 2022 às 11:26, Michael Opdenacker via
lists.openembedded.org  escreveu:

>
> On 6/28/22 16:24, Ross Burton wrote:
> >
> >> On 28 Jun 2022, at 15:11, Michael Opdenacker <
> michael.opdenac...@bootlin.com> wrote:
> >> Hey, this looks very nice and very easy to use!
> >> One minor complaint, though: the "What Depends on" button didn't
> immediately catch my eye.
> >> Would it be possible to show such reverse dependencies in the same way
> you show RDEPENDS? The result may look better and everything would be on
> the same page.
> > The immediate problem with that is that for some packages, like libc,
> the reverse depends list can be hge.  If the page is redesigned to have
> scrollable regions then sure.  That would likely involve someone more
> skilled in web design than me getting involved ;)
>

Ross, take a look on ye (https://github.com/OSSystemsEmbeddedLinux/ye) it
does have some things worth adding as well.

-- 
Otavio Salvador O.S. Systems
http://www.ossystems.com.brhttp://code.ossystems.com.br
Mobile: +55 (53) 9 9981-7854  Mobile: +1 (347) 903-9750

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167358): 
https://lists.openembedded.org/g/openembedded-core/message/167358
Mute This Topic: https://lists.openembedded.org/mt/92043861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] glibc-tests: not clear BBCLASSEXTEND

[Randy MacLeod]

On 2022-06-28 12:03, Richard Purdie wrote:

On Tue, 2022-06-28 at 23:22 +0800, kai wrote:

From: Kai Kang 

It clears BBCLASSEXTEND in glibc-tests recipe to remove 'nativesdk'
which is set in glibc recipe. The side effect is that it removes
"${MULTILIBS}" at same time if multilib enabled. Then there will no
multilib version glibc-tests. So only remove 'nativesdk' from
BBCLASSEXTEND rather than clear it.

Signed-off-by: Kai Kang 
---
  meta/recipes-core/glibc/glibc-tests_2.35.bb | 5 +++--
  1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-tests_2.35.bb 
b/meta/recipes-core/glibc/glibc-tests_2.35.bb
index 414f8660de..028e83e865 100644
--- a/meta/recipes-core/glibc/glibc-tests_2.35.bb
+++ b/meta/recipes-core/glibc/glibc-tests_2.35.bb
@@ -18,7 +18,8 @@ python __anonymous() {
 d.setVar("PROVIDES", "${PN} ${PN}-ptest")
 d.setVar("RPROVIDES", "${PN} ${PN}-ptest")
  
-   d.setVar("BBCLASSEXTEND", "")

+   bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", 
"").strip()
+   d.setVar("BBCLASSEXTEND", bbclassextend)
 d.setVar("RRECOMMENDS", "")
 d.setVar("SYSTEMD_SERVICE:nscd", "")
 d.setVar("SYSTEMD_PACKAGES", "")
@@ -95,7 +96,7 @@ python populate_packages:prepend () {
  d.setVar('DEBIAN_NAMES', '')
  }
  
-FILES:${PN} = "${PTEST_PATH}/* /usr/src/debug/glibc-tests/*"

+FILES:${PN} = "${PTEST_PATH}/* /usr/src/debug/${PN}/*"
  
  EXCLUDE_FROM_SHLIBS = "1"



Have you tested the multilib glibc-tests and been able to use it
successfully?



If Kai hasn't Naveen will.

../Randy



Cheers,

Richard






--
# Randy MacLeod
# Wind River Linux


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167357): 
https://lists.openembedded.org/g/openembedded-core/message/167357
Mute This Topic: https://lists.openembedded.org/mt/92046086/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [master][kirkstone][PATCH 3/5] lib/oe/utils: create get_current_recipe_layer function

[Jose Quaresma]

Hi Davide,

Davide Gardenal  escreveu no dia terça,
28/06/2022 à(s) 14:38:

> get_current_recipe_layer returns the recipe layer given its
> file path.
>
> Signed-off-by: Davide Gardenal 
> ---
>  meta/lib/oe/utils.py | 8 
>  1 file changed, 8 insertions(+)
>
> diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
> index 46fc76c261..4e17b1b40e 100644
> --- a/meta/lib/oe/utils.py
> +++ b/meta/lib/oe/utils.py
> @@ -584,3 +584,11 @@ def directory_size(root, blocksize=4096):
>  total += sum(roundup(getsize(os.path.join(root, name))) for name
> in files)
>  total += roundup(getsize(root))
>  return total
> +
> +def get_current_recipe_layer(d):
> +"""
> +Extract the recipe layer from it's path.
> +Returns the layer name.
> +"""
> +fdir_name  = d.getVar("FILE_DIRNAME")
> +return fdir_name.split("/")[-3]
>

This doesn't seem very safe as you are assuming that all layers use the
same directory structure for placing the recipes.
So for example dynamic layer will not work with this patch.

Jose


> --
> 2.34.1
>
>
> 
>
>

-- 
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167356): 
https://lists.openembedded.org/g/openembedded-core/message/167356
Mute This Topic: https://lists.openembedded.org/mt/92043904/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] package_manager/ipk: do not pipe stderr to stdout

[Alexander Kanavin]

This needs additional justification. What are the error messages, why are
they harmless and why the solution is to suppress them instead of
addressing the reasons they appear?

Alex

On Tue 28. Jun 2022 at 23.13, Shruthi Ravichandran <
shruthi.ravichand...@ni.com> wrote:

> When parsing the output of a command, do not pipe stderr to stdout.
> Opkg sometimes prints harmless error messages even when the opkg
> command succeeds. When stderr is piped to stdout, these error
> messages may clobber the stdout and cause unexpected results while
> parsing the output.
>
> Signed-off-by: Shruthi Ravichandran 
> ---
>  meta/lib/oe/package_manager/ipk/__init__.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/lib/oe/package_manager/ipk/__init__.py
> b/meta/lib/oe/package_manager/ipk/__init__.py
> index 4cd3963111..d7f3f31853 100644
> --- a/meta/lib/oe/package_manager/ipk/__init__.py
> +++ b/meta/lib/oe/package_manager/ipk/__init__.py
> @@ -103,7 +103,7 @@ class OpkgDpkgPM(PackageManager):
>  """
>
>  try:
> -output = subprocess.check_output(cmd,
> stderr=subprocess.STDOUT, shell=True).decode("utf-8")
> +output = subprocess.check_output(cmd,
> shell=True).decode("utf-8")
>  except subprocess.CalledProcessError as e:
>  bb.fatal("Unable to list available packages. Command '%s' "
>   "returned %d:\n%s" % (cmd, e.returncode,
> e.output.decode("utf-8")))
> --
> 2.20.1
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167355): 
https://lists.openembedded.org/g/openembedded-core/message/167355
Mute This Topic: https://lists.openembedded.org/mt/92051989/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] package_manager/ipk: do not pipe stderr to stdout

[Shruthi Ravichandran]

When parsing the output of a command, do not pipe stderr to stdout.
Opkg sometimes prints harmless error messages even when the opkg
command succeeds. When stderr is piped to stdout, these error
messages may clobber the stdout and cause unexpected results while
parsing the output.

Signed-off-by: Shruthi Ravichandran 
---
 meta/lib/oe/package_manager/ipk/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/package_manager/ipk/__init__.py 
b/meta/lib/oe/package_manager/ipk/__init__.py
index 4cd3963111..d7f3f31853 100644
--- a/meta/lib/oe/package_manager/ipk/__init__.py
+++ b/meta/lib/oe/package_manager/ipk/__init__.py
@@ -103,7 +103,7 @@ class OpkgDpkgPM(PackageManager):
 """
 
 try:
-output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, 
shell=True).decode("utf-8")
+output = subprocess.check_output(cmd, shell=True).decode("utf-8")
 except subprocess.CalledProcessError as e:
 bb.fatal("Unable to list available packages. Command '%s' "
  "returned %d:\n%s" % (cmd, e.returncode, 
e.output.decode("utf-8")))
-- 
2.20.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167354): 
https://lists.openembedded.org/g/openembedded-core/message/167354
Mute This Topic: https://lists.openembedded.org/mt/92051989/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [master][kirkstone][PATCH 4/5] cve-check: major class refactor

[Richard Purdie]

On Tue, 2022-06-28 at 15:37 +0200, Davide Gardenal wrote:
> The rationale behind refactoring the class is to make testing 
> and maintainability easier.
> 
> This commit includes:
> - bb var refactor for better readability
> - function and program flow refactor for better scalability
>   and extensibility
> - better documentation for all the functions
> - minor bug fixes when using specific configurations
> 
> Deleted bb vars:
> - CVE_CHECK_LOG
> - CVE_CHECK_TMP_FILE
> - CVE_CHECK_SUMMARY_DIR
> - CVE_CHECK_SUMMARY_FILE_NAME
> - CVE_CHECK_SUMMARY_FILE
> - CVE_CHECK_SUMMARY_FILE_NAME_JSON
> - CVE_CHECK_SUMMARY_INDEX_PATH
> - CVE_CHECK_LOG_JSON
> - CVE_CHECK_RECIPE_FILE
> - CVE_CHECK_RECIPE_FILE_JSON
> - CVE_CHECK_MANIFEST
> - CVE_CHECK_MANIFEST_JSON
> - CVE_CHECK_CREATE_MANIFEST
> 
> Renamed bb vars:
> - CVE_CHECK_DIR -> CVE_CHECK_OUTPUT_DIR
> - CVE_CHECK_COPY_FILES -> CVE_CHECK_CREATE_RECIPE_REPORTS
> 
> Added bb vars:
> - CVE_CHECK_CREATE_BUILD_REPORT: flag to control if cve-check
>   creates a build report or not
> - CVE_CHECK_CREATE_IMAGE_REPORT: flag to control if cve-check
>   creates an image report or not
> - CVE_CHECK_TXT_INDEX_FILE: path of the temporary index file
>   for the txt output format. Deleted after the build is
>   completed
> - CVE_CHECK_TXT_INDEX_DIR: folder path where all the temp
>   recipes reports with txt format are store. Deleted after
>   the build is completed
> - CVE_CHECK_JSON_INDEX_FILE: same as CVE_CHECK_TXT_INDEX_FILE
>   but for the json format
> - CVE_CHECK_JSON_INDEX_DIR: same as CVE_CHECK_TXT_INDEX_DIR
>   but for the json format
> - CVE_CHECK_IMAGE_REPORT_FILE_NAME_BASE: name without extension
>   of the report for the image
> - CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE: name without extension
>   of the report for the entire build
> - CVE_CHECK_RECIPE_FILE_NAME_BASE: name without extension of
>   the report for every recipe
> 
> Default output structure (with txt and json format enabled):
> tmp
> > -log
>|-cve
>   |-build_reports
>   |  |-txt
>   |  |  |- build report files with txt format
>   |  |-json
>   | |- build report files with json format
>   |-image_reports
>   |  |-txt
>   |  |  |- image report files with txt format
>   |  |-json
>   | |- image report file with json format
>   |-recipe_reports
>   |  |-txt
>   | |- recipe report files with txt format
>   |  |-json
>   | |- recipe report files with json format
>   |-cve-report.json -> link pointing to the latest json build report
>   |-cve-report.txt  -> link pointing to the latest txt build report
> 
> Note that a link to the latest image report is present in the
> image deploy folder.
> 
> Signed-off-by: Davide Gardenal 
> ---
>  meta/classes/cve-check.bbclass | 642 
> +
>  1 file changed, 390 insertions(+), 252 deletions(-)

I'm a bit worried about this patchset since it changes lots of
different things and it does it as a flag day, there is no incremental
approach to the patches or backwards compatibility.

The patch commit long says a lot about the mechanics of the change but
not a lot about the reasons for the change and how they benefit the
user or the project?

If we're going to do something that radical, should we just drop the
text based output and use the json output?

Normally where new common functions are created like 2/5 and 3/5, we'd
adjust existing code to use them in the same patch.

I'm also worried about the implications for the CVE code in dunfell and
kirkstone with this level of changes. At some point those codebases may
need to diverge :/

Cheers,

Richard






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167353): 
https://lists.openembedded.org/g/openembedded-core/message/167353
Mute This Topic: https://lists.openembedded.org/mt/92043906/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Error building an npm package: npmignore: not found

[Michael Opdenacker via lists.openembedded.org]

Richard, Enrico,

On 6/27/22 18:47, Richard Purdie wrote:

On Mon, 2022-06-27 at 18:37 +0200, Enrico Scholz via
lists.openembedded.org wrote:

"Michael Opdenacker via lists.openembedded.org"
 writes:


I'm testing the Yocto Project Documentation for creating NPM packages

npm is broken since kirkstone; see
https://patchwork.yoctoproject.org/project/oe-core/list/?series=4303 for
patches.


Thanks for the reminder, we should probably test and merge these. I was
hoping we'd get some review from someone else but it seems not many
people are using those code paths :/.



Ye, the changes now in Poky's master branch allowed me to build my 
recipe and all issues are gone.

What the documentation describes still works.
Many thanks
Michael.

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167352): 
https://lists.openembedded.org/g/openembedded-core/message/167352
Mute This Topic: https://lists.openembedded.org/mt/91903472/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [master][kirkstone][PATCH 5/5] selftest/cve_check: update to new cve-check bb var

[Marta Rybczynska]

On Tue, Jun 28, 2022 at 3:38 PM Davide Gardenal 
wrote:

> After cve-check.bbclass refactor some variables changed,
> this commit updates them to get the test working properly.
>
>
A general comment on this patch-set. There are quite many changes but it
makes
code way more regular between the text and JSON output.

I have currently other refactoring and various changes (symlinks,
generating the output without the database etc) but holding off to have
discussion on this one.

Kind regards,
Marta

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167351): 
https://lists.openembedded.org/g/openembedded-core/message/167351
Mute This Topic: https://lists.openembedded.org/mt/92043908/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] glibc-tests: not clear BBCLASSEXTEND

[Richard Purdie]

On Tue, 2022-06-28 at 23:22 +0800, kai wrote:
> From: Kai Kang 
> 
> It clears BBCLASSEXTEND in glibc-tests recipe to remove 'nativesdk'
> which is set in glibc recipe. The side effect is that it removes
> "${MULTILIBS}" at same time if multilib enabled. Then there will no
> multilib version glibc-tests. So only remove 'nativesdk' from
> BBCLASSEXTEND rather than clear it.
> 
> Signed-off-by: Kai Kang 
> ---
>  meta/recipes-core/glibc/glibc-tests_2.35.bb | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/meta/recipes-core/glibc/glibc-tests_2.35.bb 
> b/meta/recipes-core/glibc/glibc-tests_2.35.bb
> index 414f8660de..028e83e865 100644
> --- a/meta/recipes-core/glibc/glibc-tests_2.35.bb
> +++ b/meta/recipes-core/glibc/glibc-tests_2.35.bb
> @@ -18,7 +18,8 @@ python __anonymous() {
> d.setVar("PROVIDES", "${PN} ${PN}-ptest")
> d.setVar("RPROVIDES", "${PN} ${PN}-ptest")
>  
> -   d.setVar("BBCLASSEXTEND", "")
> +   bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", 
> "").strip()
> +   d.setVar("BBCLASSEXTEND", bbclassextend)
> d.setVar("RRECOMMENDS", "")
> d.setVar("SYSTEMD_SERVICE:nscd", "")
> d.setVar("SYSTEMD_PACKAGES", "")
> @@ -95,7 +96,7 @@ python populate_packages:prepend () {
>  d.setVar('DEBIAN_NAMES', '')
>  }
>  
> -FILES:${PN} = "${PTEST_PATH}/* /usr/src/debug/glibc-tests/*"
> +FILES:${PN} = "${PTEST_PATH}/* /usr/src/debug/${PN}/*"
>  
>  EXCLUDE_FROM_SHLIBS = "1"
> 

Have you tested the multilib glibc-tests and been able to use it
successfully?

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167350): 
https://lists.openembedded.org/g/openembedded-core/message/167350
Mute This Topic: https://lists.openembedded.org/mt/92046086/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OpenEmbedded Happy Hour June 29 9pm/2100 UTC

[Tim Orling]

All,

You are cordially invited to the next OpenEmbedded Happy Hour on June 29
for Europe/Americas time zones @ 2100/9pm UTC (5pm ET / 2pm PT).

https://www.openembedded.org/wiki/Calendar
https://www.openembedded.org/wiki/Happy_Hours
https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+June+29&iso=20220629T21&p1=1440

Regards,
Tim "moto-timo" Orling

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167349): 
https://lists.openembedded.org/g/openembedded-core/message/167349
Mute This Topic: https://lists.openembedded.org/mt/92046217/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] glibc-tests: not clear BBCLASSEXTEND

[kai]

From: Kai Kang 

It clears BBCLASSEXTEND in glibc-tests recipe to remove 'nativesdk'
which is set in glibc recipe. The side effect is that it removes
"${MULTILIBS}" at same time if multilib enabled. Then there will no
multilib version glibc-tests. So only remove 'nativesdk' from
BBCLASSEXTEND rather than clear it.

Signed-off-by: Kai Kang 
---
 meta/recipes-core/glibc/glibc-tests_2.35.bb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-tests_2.35.bb 
b/meta/recipes-core/glibc/glibc-tests_2.35.bb
index 414f8660de..028e83e865 100644
--- a/meta/recipes-core/glibc/glibc-tests_2.35.bb
+++ b/meta/recipes-core/glibc/glibc-tests_2.35.bb
@@ -18,7 +18,8 @@ python __anonymous() {
d.setVar("PROVIDES", "${PN} ${PN}-ptest")
d.setVar("RPROVIDES", "${PN} ${PN}-ptest")
 
-   d.setVar("BBCLASSEXTEND", "")
+   bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", 
"").strip()
+   d.setVar("BBCLASSEXTEND", bbclassextend)
d.setVar("RRECOMMENDS", "")
d.setVar("SYSTEMD_SERVICE:nscd", "")
d.setVar("SYSTEMD_PACKAGES", "")
@@ -95,7 +96,7 @@ python populate_packages:prepend () {
 d.setVar('DEBIAN_NAMES', '')
 }
 
-FILES:${PN} = "${PTEST_PATH}/* /usr/src/debug/glibc-tests/*"
+FILES:${PN} = "${PTEST_PATH}/* /usr/src/debug/${PN}/*"
 
 EXCLUDE_FROM_SHLIBS = "1"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167348): 
https://lists.openembedded.org/g/openembedded-core/message/167348
Mute This Topic: https://lists.openembedded.org/mt/92046086/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Status 28 June 2022 (WW26)

[Stephen Jolley]

Current Dev Position: YP 4.1 M2

Next Deadline: 11th July 2022 YP 4.1 M2 Build

 

Next Team Meetings:

*   Bug Triage meeting Thursday June 30th 7:30 am PDT (

https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
*   Monthly Project Meeting Tuesday July 5th at 8 am PDT (

https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09
 )
*   Weekly Engineering Sync Tuesday June 28th  at 8 am PDT (

https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09
 )
*   Twitch -  See  
https://www.twitch.tv/theyoctojester

 

Key Status/Updates:

*   YP 4.0.2 is due to build this week however we want to fix one
bitbake logging regression first.
*   A fix has been merged for a logging regression found in bitbake
where the first message to the console during parsing would be shown but
subsequent ones would not. 
*   Fedora 36 is causing problems on the autobuilder since it drops
support for the scp protocol requiring sftp on target instead to exchange
files. Dropbear does not have sftp support. We need scp to perform several
of our image tests.

We can add sftp to both dropbear and openssh images however that then causes
dev-pkg conflicts since openssh and dropbear cannot be installed at the same
time but are pulled in by openssh-dev and dropbear-dev.

*   As such we're proposing to change -dev package dependencies to
become rrecommends instead of rdepends. This does radically change the
contents of some images but in a way which is much more correct.
*   There is a potential follow up change to change injected symlink
dependencies from rdepends to rrecommends as well, which reduces the delta
of "dev-pkg" featured images even more.
*   There are also problems in the cve-check selftests causing other
build failures.
*   Various npm fixes were merged, thanks Enrico.
*   There are problems with rust-cross-canadian, it has never worked
correctly for the full set of different targets cross-canadian might be set
to. Help to fix that would be much appreciated.
*   Help is very much welcome in trying to resolve our autobuilder
intermittent issues. You can see the list of failures we're continuing to
see by searching for the "AB-INT" tag in bugzilla:

https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT

 

Ways to contribute:

*   There are bugs identified as possible for newcomers to the project:

https://wiki.yoctoproject.org/wiki/Newcomers
*   There are bugs that are currently unassigned for YP 4.1. See:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_4.1_Unassigned_Enhan
cements.2FBugs
*   We'd welcome new maintainers for recipes in OE-Core. Please see the
list at:

http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/main
tainers.inc and discuss with the existing maintainer, or ask on the OE-Core
mailing list. We will likely move a chunk of these to "Unassigned" soon to
help facilitate this.
*   Help us resolve CVE issues:
 CVE metrics 

 

YP 4.1 Milestone Dates:

*   YP 4.1 M2 build date 2022/07/11
*   YP 4.1 M2 Release date 2022/07/22
*   YP 4.1 M3 build date 2022/08/22
*   YP 4.1 M3 Release date 2022/09/02
*   YP 4.1 M4 build date 2022/10/03
*   YP 4.1 M4 Release date 2022/10/28

 

Upcoming dot releases:

*   YP 4.0.2 build date 2022/06/27
*   YP 4.0.2 Release date 2022/07/08
*   YP 3.1.18 build date 2022/07/18
*   YP 3.1.18 Release date 2022/07/29
*   YP 4.0.3 build date 2022/08/08
*   YP 4.0.3 Release date 2022/08/19
*   YP 3.1.19 build date 2022/08/29
*   YP 3.1.19 Release date 2022/09/09
*   YP 4.0.4 build date 2022/09/19
*   YP 4.0.4 Release date 2022/09/30
*   YP 3.1.20 build date 2022/10/10
*   YP 3.1.20 Release date 2022/10/21
*   YP 4.0.5 build date 2022/10/31
*   YP 4.0.5 Release date 2022/11/11

 

Tracking Metrics:

*   WDD 2400 (last week 2430) (

https://wiki.yoctoproject.org/charts/combo.html)
*   OE-Core/Poky Patch Metrics

*   Total patches found: 1151 (last week 1160)
*   Patches in the Pending State: 326 (28%) [last week 326 (28%)]

*

Re: [OE-core] Announcing pkgexp

[Michael Opdenacker via lists.openembedded.org]

On 6/28/22 16:24, Ross Burton wrote:



On 28 Jun 2022, at 15:11, Michael Opdenacker  
wrote:
Hey, this looks very nice and very easy to use!
One minor complaint, though: the "What Depends on" button didn't immediately 
catch my eye.
Would it be possible to show such reverse dependencies in the same way you show 
RDEPENDS? The result may look better and everything would be on the same page.

The immediate problem with that is that for some packages, like libc, the 
reverse depends list can be hge.  If the page is redesigned to have 
scrollable regions then sure.  That would likely involve someone more skilled 
in web design than me getting involved ;)



Understood, this definitely makes sense. Forget it!
Cheers
Michael

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167346): 
https://lists.openembedded.org/g/openembedded-core/message/167346
Mute This Topic: https://lists.openembedded.org/mt/92043861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Announcing pkgexp

[Ross Burton]

> On 28 Jun 2022, at 15:11, Michael Opdenacker  
> wrote:
> Hey, this looks very nice and very easy to use!
> One minor complaint, though: the "What Depends on" button didn't immediately 
> catch my eye.
> Would it be possible to show such reverse dependencies in the same way you 
> show RDEPENDS? The result may look better and everything would be on the same 
> page.

The immediate problem with that is that for some packages, like libc, the 
reverse depends list can be hge.  If the page is redesigned to have 
scrollable regions then sure.  That would likely involve someone more skilled 
in web design than me getting involved ;)

Ross
IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167345): 
https://lists.openembedded.org/g/openembedded-core/message/167345
Mute This Topic: https://lists.openembedded.org/mt/92043861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Announcing pkgexp

[Michael Opdenacker via lists.openembedded.org]

Hi Ross

On 6/28/22 15:36, Ross Burton wrote:

Hi,

I’ve just released the first release of pkgexp, a tool to explore the pkgdata 
that has been generated in a build.  Quoting from the README:

pkgexp is a tool to visually explore the OpenEmbedded `pkgdata`, which is the 
generated package-scope metadata. Specifically, it is designed to answer common 
questions regarding what has been built:

- What recipes have been built?
- What packages did those packages build?
- What files are in a specific package?
- What other packages does this package depend on?
- What packages depend on this package?

It’s written in Python and is a local webapp (mainly because my build machine 
is remote, so little webapps make sense).

The code is at https://gitlab.com/rossburton/pkgexp, and positive feedback is 
welcome.

Cheers,
Ross



Hey, this looks very nice and very easy to use!
One minor complaint, though: the "What Depends on" button didn't 
immediately catch my eye.
Would it be possible to show such reverse dependencies in the same way 
you show RDEPENDS? The result may look better and everything would be on 
the same page.


I vote for including it in the next release :-)
Many thanks
Michael.

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167344): 
https://lists.openembedded.org/g/openembedded-core/message/167344
Mute This Topic: https://lists.openembedded.org/mt/92043861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [master][kirkstone][PATCH 5/5] selftest/cve_check: update to new cve-check bb var

[Davide Gardenal]

After cve-check.bbclass refactor some variables changed,
this commit updates them to get the test working properly.

Signed-off-by: Davide Gardenal 
---
 meta/lib/oeqa/selftest/cases/cve_check.py | 34 ++-
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py 
b/meta/lib/oeqa/selftest/cases/cve_check.py
index d0b2213703..a06bda019f 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -52,12 +52,14 @@ class CVECheck(OESelftestTestCase):
 config = """
 INHERIT += "cve-check"
 CVE_CHECK_FORMAT_JSON = "1"
+CVE_CHECK_CREATE_BUILD_REPORT = "1"
+CVE_CHECK_CREATE_RECIPE_REPORTS = "1"
 """
 self.write_config(config)
 
-vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", 
"CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
-summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], 
vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
-recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], 
"m4-native_cve.json")
+vars = get_bb_vars(["CVE_CHECK_OUTPUT_DIR", 
"CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE"])
+summary_json = os.path.join(vars["CVE_CHECK_OUTPUT_DIR"], 
str(vars["CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE"]) + ".json")
+recipe_json = os.path.join(vars["CVE_CHECK_OUTPUT_DIR"], 
"recipes_reports/json/m4-native.json")
 
 try:
 os.remove(summary_json)
@@ -88,11 +90,13 @@ CVE_CHECK_FORMAT_JSON = "1"
 config = """
 INHERIT += "cve-check"
 CVE_CHECK_FORMAT_JSON = "1"
+CVE_CHECK_CREATE_IMAGE_REPORT = "1"
+CVE_CHECK_IMAGE_REPORT_FILE_NAME_BASE = 
"cve-report_core-image-minimal-initramfs-qemux86-64"
 """
 self.write_config(config)
 
-vars = get_bb_vars(["CVE_CHECK_DIR", "CVE_CHECK_SUMMARY_DIR", 
"CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
-report_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], 
vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+vars = get_bb_vars(["DEPLOY_DIR_IMAGE", 
"CVE_CHECK_IMAGE_REPORT_FILE_NAME_BASE", "CVE_CHECK_OUTPUT_DIR"])
+report_json = os.path.join(vars["DEPLOY_DIR_IMAGE"], 
str(vars["CVE_CHECK_IMAGE_REPORT_FILE_NAME_BASE"]) + ".json")
 print(report_json)
 try:
 os.remove(report_json)
@@ -108,9 +112,9 @@ CVE_CHECK_FORMAT_JSON = "1"
 self.assertEqual(report["version"], "1")
 self.assertGreater(len(report["package"]), 1)
 
-# Check that a random recipe wrote a recipe report to deploy/cve/
+# Check that a random recipe wrote a recipe report to 
log/cve/recipes-reports/json
 recipename = report["package"][0]["name"]
-recipe_report = os.path.join(vars["CVE_CHECK_DIR"], recipename + 
"_cve.json")
+recipe_report = os.path.join(str(vars["CVE_CHECK_OUTPUT_DIR"]), 
"recipes_reports/json/" + recipename + ".json")
 self.assertExists(recipe_report)
 with open(recipe_report) as f:
 report = json.load(f)
@@ -124,12 +128,14 @@ CVE_CHECK_FORMAT_JSON = "1"
 INHERIT += "cve-check"
 CVE_CHECK_FORMAT_JSON = "1"
 CVE_CHECK_REPORT_PATCHED = "0"
+CVE_CHECK_CREATE_BUILD_REPORT = "1"
+CVE_CHECK_CREATE_RECIPE_REPORTS = "1"
 """
 self.write_config(config)
 
-vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", 
"CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
-summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], 
vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
-recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], 
"m4-native_cve.json")
+vars = get_bb_vars(["CVE_CHECK_OUTPUT_DIR", 
"CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE"])
+summary_json = os.path.join(vars["CVE_CHECK_OUTPUT_DIR"], 
str(vars["CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE"]) + ".json")
+recipe_json = os.path.join(vars["CVE_CHECK_OUTPUT_DIR"], 
"recipes_reports/json/m4-native.json")
 
 try:
 os.remove(summary_json)
@@ -160,12 +166,14 @@ CVE_CHECK_REPORT_PATCHED = "0"
 INHERIT += "cve-check"
 CVE_CHECK_FORMAT_JSON = "1"
 CVE_CHECK_REPORT_PATCHED = "1"
+CVE_CHECK_CREATE_BUILD_REPORT = "1"
+CVE_CHECK_CREATE_RECIPE_REPORTS = "1"
 """
 self.write_config(config)
 
-vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", 
"CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
-summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], 
vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
-recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], 
"logrotate_cve.json")
+vars = get_bb_vars(["CVE_CHECK_OUTPUT_DIR", 
"CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE"])
+summary_json = os.path.join(vars["CVE_CHECK_OUTPUT_DIR"], 
str(vars["CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE"]) + ".json")
+recipe_json = os.path.join(vars["CVE_CHECK_OUTPUT_DIR"], 
"recipes_reports/json/logrotate.json")
 
 try:
 os.remove(summary_json)
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167343): 
https://lists.openembedded.org/g/openembedd

[OE-core] [master][kirkstone][PATCH 4/5] cve-check: major class refactor

[Davide Gardenal]

The rationale behind refactoring the class is to make testing 
and maintainability easier.

This commit includes:
- bb var refactor for better readability
- function and program flow refactor for better scalability
  and extensibility
- better documentation for all the functions
- minor bug fixes when using specific configurations

Deleted bb vars:
- CVE_CHECK_LOG
- CVE_CHECK_TMP_FILE
- CVE_CHECK_SUMMARY_DIR
- CVE_CHECK_SUMMARY_FILE_NAME
- CVE_CHECK_SUMMARY_FILE
- CVE_CHECK_SUMMARY_FILE_NAME_JSON
- CVE_CHECK_SUMMARY_INDEX_PATH
- CVE_CHECK_LOG_JSON
- CVE_CHECK_RECIPE_FILE
- CVE_CHECK_RECIPE_FILE_JSON
- CVE_CHECK_MANIFEST
- CVE_CHECK_MANIFEST_JSON
- CVE_CHECK_CREATE_MANIFEST

Renamed bb vars:
- CVE_CHECK_DIR -> CVE_CHECK_OUTPUT_DIR
- CVE_CHECK_COPY_FILES -> CVE_CHECK_CREATE_RECIPE_REPORTS

Added bb vars:
- CVE_CHECK_CREATE_BUILD_REPORT: flag to control if cve-check
  creates a build report or not
- CVE_CHECK_CREATE_IMAGE_REPORT: flag to control if cve-check
  creates an image report or not
- CVE_CHECK_TXT_INDEX_FILE: path of the temporary index file
  for the txt output format. Deleted after the build is
  completed
- CVE_CHECK_TXT_INDEX_DIR: folder path where all the temp
  recipes reports with txt format are store. Deleted after
  the build is completed
- CVE_CHECK_JSON_INDEX_FILE: same as CVE_CHECK_TXT_INDEX_FILE
  but for the json format
- CVE_CHECK_JSON_INDEX_DIR: same as CVE_CHECK_TXT_INDEX_DIR
  but for the json format
- CVE_CHECK_IMAGE_REPORT_FILE_NAME_BASE: name without extension
  of the report for the image
- CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE: name without extension
  of the report for the entire build
- CVE_CHECK_RECIPE_FILE_NAME_BASE: name without extension of
  the report for every recipe

Default output structure (with txt and json format enabled):
tmp
|-log
   |-cve
  |-build_reports
  |  |-txt
  |  |  |- build report files with txt format
  |  |-json
  | |- build report files with json format
  |-image_reports
  |  |-txt
  |  |  |- image report files with txt format
  |  |-json
  | |- image report file with json format
  |-recipe_reports
  |  |-txt
  | |- recipe report files with txt format
  |  |-json
  | |- recipe report files with json format
  |-cve-report.json -> link pointing to the latest json build report
  |-cve-report.txt  -> link pointing to the latest txt build report

Note that a link to the latest image report is present in the
image deploy folder.

Signed-off-by: Davide Gardenal 
---
 meta/classes/cve-check.bbclass | 642 +
 1 file changed, 390 insertions(+), 252 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 50b9247f46..5ee53d4c77 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -19,44 +19,26 @@
 # This class/tool is meant to be used as support and not
 # the only method to check against CVEs. Running this tool
 # doesn't guarantee your packages are free of CVEs.
-
+#
+# Variables below are named using the following convention:
+# CVE_CHECK_ -> class prefix (always to use)
+# _DIR -> complete directory path
+# _FILE -> complete file path (including extension)
+# _FILE_NAME -> file name with extension
+# _FILE_NAME_BASE -> file name without extension (used when multiple 
extensions could be used)
+# For example: CVE_CHECK_IMAGE_REPORT_FILE_NAME_BASE has "_FILE_NAME_BASE" so 
that's just the file name,
+# without the extension, of the report file. And has "CVE_CHECK_" to indicate 
that this variable is
+# from the cve-check class
+
+
+# CHECK OPTIONS
 # The product name that the CVE database uses defaults to BPN, but may need to
-# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
+# be overridden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
 CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
-CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
-CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
-
-CVE_CHECK_LOG ?= "${T}/cve.log"
-CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
-CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
-CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
-CVE_CHECK_SUMMARY_FILE ?= 
"${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
-CVE_CHECK_SUMMARY_FILE_NAME_JSON = "cve-summary.json"
-CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
-
-CVE_CHECK_LOG_JSON ?= "${T}/cve.json"
-
-CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
-CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
-CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
-CVE_CHECK_MANIFEST ?= 
"${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
-CVE_CHECK_MANIFEST_JSON ?= 
"${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_N

[OE-core] [master][kirkstone][PATCH 3/5] lib/oe/utils: create get_current_recipe_layer function

[Davide Gardenal]

get_current_recipe_layer returns the recipe layer given its
file path.

Signed-off-by: Davide Gardenal 
---
 meta/lib/oe/utils.py | 8 
 1 file changed, 8 insertions(+)

diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
index 46fc76c261..4e17b1b40e 100644
--- a/meta/lib/oe/utils.py
+++ b/meta/lib/oe/utils.py
@@ -584,3 +584,11 @@ def directory_size(root, blocksize=4096):
 total += sum(roundup(getsize(os.path.join(root, name))) for name in 
files)
 total += roundup(getsize(root))
 return total
+
+def get_current_recipe_layer(d):
+"""
+Extract the recipe layer from it's path.
+Returns the layer name.
+"""
+fdir_name  = d.getVar("FILE_DIRNAME")
+return fdir_name.split("/")[-3]
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167341): 
https://lists.openembedded.org/g/openembedded-core/message/167341
Mute This Topic: https://lists.openembedded.org/mt/92043904/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [master][kirkstone][PATCH 2/5] lib/oe/rootfs: create image_list_installed_packages_pn function

[Davide Gardenal]

image_list_installed_packages_pn has been taken from cve-check.bbclass
to make it available for other classes.

Signed-off-by: Davide Gardenal 
---
 meta/lib/oe/rootfs.py | 9 +
 1 file changed, 9 insertions(+)

diff --git a/meta/lib/oe/rootfs.py b/meta/lib/oe/rootfs.py
index 9e6b411fb6..54a356102f 100644
--- a/meta/lib/oe/rootfs.py
+++ b/meta/lib/oe/rootfs.py
@@ -393,6 +393,15 @@ def image_list_installed_packages(d, rootfs_dir=None):
 cls = importlib.import_module('oe.package_manager.' + img_type)
 return cls.PMPkgsList(d, rootfs_dir).list_pkgs()
 
+def image_list_installed_packages_pn(d):
+recipies = set()
+for pkg in list(image_list_installed_packages(d)):
+pkg_info = os.path.join(d.getVar('PKGDATA_DIR'),
+'runtime-reverse', pkg)
+pkg_data = oe.packagedata.read_pkgdatafile(pkg_info)
+recipies.add(pkg_data["PN"])
+return recipies
+
 if __name__ == "__main__":
 """
 We should be able to run this as a standalone script, from outside bitbake
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167340): 
https://lists.openembedded.org/g/openembedded-core/message/167340
Mute This Topic: https://lists.openembedded.org/mt/92043903/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [master][kirkstone][PATCH 1/5] lib/oe/cve_check: refactor update_symlinks with safer version

[Davide Gardenal]

Now update_symlinks has more checks to prevent unwanted exception.
It returns False if the link is not created/updated, True otherwise.

Signed-off-by: Davide Gardenal 
---
 meta/lib/oe/cve_check.py | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index aa06497727..688693520e 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -169,7 +169,17 @@ def update_symlinks(target_path, link_path):
 Update a symbolic link link_path to point to target_path.
 Remove the link and recreate it if exist and is different.
 """
-if link_path != target_path and os.path.exists(target_path):
-if os.path.exists(os.path.realpath(link_path)):
-os.remove(link_path)
-os.symlink(os.path.basename(target_path), link_path)
+import os
+
+if target_path == link_path or \
+target_path is None or \
+link_path is None or \
+not os.path.exists(target_path):
+
+return False
+
+if os.path.lexists(link_path):
+os.remove(link_path)
+
+os.symlink(target_path, link_path)
+return True
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167339): 
https://lists.openembedded.org/g/openembedded-core/message/167339
Mute This Topic: https://lists.openembedded.org/mt/92043888/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Announcing pkgexp

[Ross Burton]

Hi,

I’ve just released the first release of pkgexp, a tool to explore the pkgdata 
that has been generated in a build.  Quoting from the README:

pkgexp is a tool to visually explore the OpenEmbedded `pkgdata`, which is the 
generated package-scope metadata. Specifically, it is designed to answer common 
questions regarding what has been built:

- What recipes have been built?
- What packages did those packages build?
- What files are in a specific package?
- What other packages does this package depend on?
- What packages depend on this package?

It’s written in Python and is a local webapp (mainly because my build machine 
is remote, so little webapps make sense).

The code is at https://gitlab.com/rossburton/pkgexp, and positive feedback is 
welcome.

Cheers,
Ross
IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167338): 
https://lists.openembedded.org/g/openembedded-core/message/167338
Mute This Topic: https://lists.openembedded.org/mt/92043861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] busybox: fix CVE-2022-30065

[Ross Burton]

Signed-off-by: Ross Burton 
---
 .../busybox/busybox/CVE-2022-30065.patch  | 29 +++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-30065.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch 
b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
new file mode 100644
index 000..25ad653b256
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
@@ -0,0 +1,29 @@
+Fix use-after-free in awk.
+
+CVE: CVE-2022-30065
+Upstream-Status: Submitted 
[http://lists.busybox.net/pipermail/busybox/2022-June/089768.html]
+Signed-off-by: Ross Burton 
+
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+
+Signed-off-by: Natanael Copa 
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 079d0bde5..728ee8685 100644
+--- a/editors/awk.c
 b/editors/awk.c
+@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
+ 
+   case XC( OC_MOVE ):
+   debug_printf_eval("MOVE\n");
++  /* make sure that we never return a temp var */
++  if (L.v == TMPVAR0)
++  L.v = res;
+   /* if source is a temporary string, jusk relink it to 
dest */
+   if (R.v == TMPVAR1
+&& !(R.v->type & VF_NUMBER)
+-- 
+2.36.1
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb 
b/meta/recipes-core/busybox/busybox_1.35.0.bb
index f2f1b35902d..edf896485ec 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -49,6 +49,7 @@ SRC_URI = 
"https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \

file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \

file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \

file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
+   file://CVE-2022-30065.patch \
"
 SRC_URI:append:libc-musl = " file://musl.cfg "
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167337): 
https://lists.openembedded.org/g/openembedded-core/message/167337
Mute This Topic: https://lists.openembedded.org/mt/92043711/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] eSDK dependencies

[Richard Purdie]

On Tue, 2022-06-28 at 07:55 +, Valek, Andrej wrote:
> Hello Richard and Alex,
> 
> Richard:
> We tried to revert the commits which you mentioned and it didn't work.
> 
> Alex:
> Yes, is fully reproducible on latest master.
> 
> bitbake core-image-minimal -c populate_sdk_ext
> 
> eSDK installed via: poky-glibc-x86_64-core-image-minimal-cortexa15t2hf-
> neon-qemuarm-toolchain-ext-4.1+snapshot.sh
> 
> . environment-setup-cortexa15t2hf-neon-poky-linux-gnueabi
> devtool modify busybox
> 
> Sstate summary: Wanted 14 Local 0 Mirrors 0 Missed 14 Current 6 (0%
> match, 30% complete)
> 
> So it started a compilation of missing components. We are assuming,
> that eSDK will include all build deps for all components in the image
> and not just a deps for image itself.

Ok. To confirm, SDK_EXT_TYPE is set to full in both cases? Could you
share the locked-sigs.inc file from both? I'd like to understand if the
tools are there but not being used or whether they're really not there
at all. Is there much of a size difference between the two eSDKs?

I suspect some kind of bisection to track down the change causing the
issue will be necessary unfortunately but at least that test case is
relatively straightforward...

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167336): 
https://lists.openembedded.org/g/openembedded-core/message/167336
Mute This Topic: https://lists.openembedded.org/mt/92019337/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] eSDK dependencies

[Alexander Kanavin]

I'm seeing that this builds patch-native (to be able to patch busybox)
and its dependencies (quilt/autoconf/automake). If this has been
working differently before, bisecting to the point where it changed
would be very appreciated.

Alex

On Tue, 28 Jun 2022 at 09:55, Valek, Andrej  wrote:
>
> Hello Richard and Alex,
>
> Richard:
> We tried to revert the commits which you mentioned and it didn't work.
>
> Alex:
> Yes, is fully reproducible on latest master.
>
> bitbake core-image-minimal -c populate_sdk_ext
>
> eSDK installed via: poky-glibc-x86_64-core-image-minimal-cortexa15t2hf-
> neon-qemuarm-toolchain-ext-4.1+snapshot.sh
>
> . environment-setup-cortexa15t2hf-neon-poky-linux-gnueabi
> devtool modify busybox
>
> Sstate summary: Wanted 14 Local 0 Mirrors 0 Missed 14 Current 6 (0%
> match, 30% complete)
>
> So it started a compilation of missing components. We are assuming,
> that eSDK will include all build deps for all components in the image
> and not just a deps for image itself.
>
>
> Regards,
> Andrej
>
> On Mon, 2022-06-27 at 14:35 +0100, Richard Purdie wrote:
> > On Mon, 2022-06-27 at 12:32 +, Valek, Andrej wrote:
> > > I have a question related to eSDK dependencies. We're using the
> > > dunfell
> > > branch were everything related to this eSDK topic works fine. Now
> > > we're
> > > in the transition phase to new LTS branch, where were we found one
> > > big
> > > difference between eSDKs.
> > >
> > > The old variant (dunfell) includes all application build
> > > dependencies,
> > > but the new variant (kirkstone/master) doesn't. Means if I
> > > installed
> > > the eSDK and used "devtool modify my-app" (application installed on
> > > the
> > > image) it works without any additional build deps recompilation.
> > > But now, if I do the same on the newer version it always recompile
> > > all
> > > build deps.
> > > I was already looked, what could be changed, but I didn't find so
> > > far
> > > something suspicious. So the question is, what has been changed,
> > > and
> > > how to bring the old variant back?
> >
> > Guessing is hard. Since you're asking me to guess:
> >
> > https://git.yoctoproject.org/poky/commit/?id=568f62214bca3ac6d35eef8d9f4562596fb4c9ab
> >
> > which was partially reverted here:
> >
> > https://git.yoctoproject.org/poky/commit/?id=f22e1fbdf7bed111e080d176fe5a39c5139308ed
> >
> > maybe? It could be something else. It wasn't a specific change to
> > remove such dependencies but I suspect it could have happened as an
> > unforeseen side effect of something else.
> >
> > You may need to come up with a simple test case and then bisect
> > between
> > the two releases to see which change it was. Once we understand what
> > change caused it, working out a solution would be easier, it is
> > premature to even try without knowing the cause.
> >
> > Cheers,
> >
> > Richard
> >
> >
> >
> >
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167335): 
https://lists.openembedded.org/g/openembedded-core/message/167335
Mute This Topic: https://lists.openembedded.org/mt/92019337/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] eSDK dependencies

[Andrej Valek]

Hello Richard and Alex,

Richard:
We tried to revert the commits which you mentioned and it didn't work.

Alex:
Yes, is fully reproducible on latest master.

bitbake core-image-minimal -c populate_sdk_ext

eSDK installed via: poky-glibc-x86_64-core-image-minimal-cortexa15t2hf-
neon-qemuarm-toolchain-ext-4.1+snapshot.sh

. environment-setup-cortexa15t2hf-neon-poky-linux-gnueabi
devtool modify busybox

Sstate summary: Wanted 14 Local 0 Mirrors 0 Missed 14 Current 6 (0%
match, 30% complete)

So it started a compilation of missing components. We are assuming,
that eSDK will include all build deps for all components in the image
and not just a deps for image itself.


Regards,
Andrej

On Mon, 2022-06-27 at 14:35 +0100, Richard Purdie wrote:
> On Mon, 2022-06-27 at 12:32 +, Valek, Andrej wrote:
> > I have a question related to eSDK dependencies. We're using the
> > dunfell
> > branch were everything related to this eSDK topic works fine. Now
> > we're
> > in the transition phase to new LTS branch, where were we found one
> > big
> > difference between eSDKs.
> > 
> > The old variant (dunfell) includes all application build
> > dependencies,
> > but the new variant (kirkstone/master) doesn't. Means if I
> > installed
> > the eSDK and used "devtool modify my-app" (application installed on
> > the
> > image) it works without any additional build deps recompilation.
> > But now, if I do the same on the newer version it always recompile
> > all
> > build deps.
> > I was already looked, what could be changed, but I didn't find so
> > far
> > something suspicious. So the question is, what has been changed,
> > and
> > how to bring the old variant back?
> 
> Guessing is hard. Since you're asking me to guess:
> 
> https://git.yoctoproject.org/poky/commit/?id=568f62214bca3ac6d35eef8d9f4562596fb4c9ab
> 
> which was partially reverted here:
> 
> https://git.yoctoproject.org/poky/commit/?id=f22e1fbdf7bed111e080d176fe5a39c5139308ed
> 
> maybe? It could be something else. It wasn't a specific change to
> remove such dependencies but I suspect it could have happened as an
> unforeseen side effect of something else.
> 
> You may need to come up with a simple test case and then bisect
> between
> the two releases to see which change it was. Once we understand what
> change caused it, working out a solution would be easier, it is
> premature to even try without knowing the cause.
> 
> Cheers,
> 
> Richard
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167333): 
https://lists.openembedded.org/g/openembedded-core/message/167333
Mute This Topic: https://lists.openembedded.org/mt/92019337/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-