| Age | Commit message (Collapse) | Author |
|---|
|
|
|
openblas: Upgrade to 0.2.20 and fix cross builds
|
|
Its under BSD-3-Clause to make LICENSE reflect that
Define PREFIX and CROSS_PREFIX to get the tooling right
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
support whole-disk encryption with TPM 2.0
|
|
During installation, TPM 1.2 or 2.0 have to be chosen explicitly via
the "tpm" env variable. Detecting whether a /dev/tpm0 supports TPM 1.2
or 2.0 turned out to be
tricky (https://github.com/intel/tpm2-tools/issues/604) and probably
isn't worth the effort and potential error cases.
Conceptually TPM 2.0 supports is similar to the one for 1.2, with one
exception: because it is possible to use NVRAM without taking
ownership and taking ownership with known passwords wouldn't provide
any advantages, the TPM 2.0 support code skips that step.
Testing switches to swtpm2 for both the existing TPM1.2 test and the
new TPM2.0 test. It just gets parameterized differently.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
When we failed to retrieve a password, zapping the empty keyfile led
to dd being called with bs=0, triggering an error. Using count=0 is
fine. While at it, the regular dd output gets silenced because it is
irrelevant and might even expose some undesirable information (length
of password).
Not finding a password was not reported well. Now there is an explicit
error message about it.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Remove ovmf secure boot patch
|
|
Previously it was only a kernel module. Because we don't add kernel
modules to the refkit initramfs, TPM support was not available during
early boot on hardware using such a TPM: installation with
TPM2-enabled whole-disk encryption worked, but booting failed.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
The previous approach of setting KERNEL_FEATURES globally
had some problems:
- it was based on the assumption that all BSPs have meta
data which contains the specified features, breaking
compilation for those BSPs which don't have them or have them
under different names
- it couldn't be used to enable features that are not yet
supported by the BSPs, like TPM2
To address both of these problems, kernel config fragments are stored
again together with the distro itself. The files were copied from
yocto-kernel-cache and meta-measured, so the actual config is
unchanged.
The new linux-%.bbappend is meant to be a permanent config change and
does not address a temporary issue in one of the upstream layers,
therefore it intentionally gets created under
meta-refkit-core/recipes-bsp and not somewhere under
meta-refkit-core/bbappends.
The alternative would be to leave kernel reconfiguration to the
developer who sets up a build. This would lead to a worse
out-of-the-box experience when building refkit and therefore has been
rejected.
For a discussion of this problem see
https://bugzilla.yoctoproject.org/show_bug.cgi?id=8191
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
This gets done for the sake of consistency with other
layers (meta-security, meta-measured) and the naming of the kernel
config files.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Code for connecting qemu with a TPM provided by a running swtpm has
been merged into upstream qemu. It makes it possible to do:
swtpm socket -d --pid file=/tmp/swtpm.pid --tpmstate dir=/path/to/my-tpm \
--ctrl type=unixio,path=/tmp/swtpm-ctrl \
--log file=/tmp/swtpm.log,level=5 &
qemu-system-x86_64 \
[...] \
-chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
[...]
The non-upstreamable chardev-connect-socket-to-a-spawned-command.patch
makes it possible to spawn swtpm from inside qemu:
-chardev 'socket,id=chrtpm0,cmd=exec swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2' \
-tpmdev emulator,id=tpm0,chardev=chrtpm0 \
-device tpm-tis,tpmdev=tpm0
We do that because then we don't need to modify runqemu or the test
framework.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Now that we can run swtpm2 entirely as normal user, the CUSE support
is no longer needed.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
These recipes are derived from the corresponding swtpm recipes in
meta-security. swtpm2 is a superset of the stable swtpm and supports
both TPM1.2 and TPM2.0:
* once it gets released, we could instead just bump the version of
the normal swtpm recipe
* in refkit, we build only swtpm2 and use it for both TPM1.2 and TPM2.0
The recipes get added here because the code is still experimental.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
This makes it possible to build tpm2-tools from meta-measured. That
layer is used instead of meta-security/meta-tpm because WindRiver is
also using meta-measured.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Dumping the keyfile with "od" was done only for debugging
and accidentally leaked the key.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Pulls latest meta-intel changes. Due to restructuring in meta-intel
layer, also update BBMASK in refkit.conf to match the new meta-intel
layer structure.
Signed-off-by: Jussi Laako <jussi.laako@linux.intel.com>
|
|
meta-intel-realsense update
|
|
This is required because the old librealsense recipe no longer builds
from source (upstream git repo was reorganized).
* meta-intel-realsense 211ce75...50c6863 (2):
> librealsense2: Add recipe for librealsense2 with Python support
> librealsense: Restructure librealsense recipes in preparation for librealsense2
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
meta-flatpak: fix ostree build failure with updated glib-2.0 (2.54.2).
|
|
Updated ostree to the latest tagged upstream release v2017.13.
This should fix libglnx compilation problems when compiling
against glib-2.54.2 or newer.
The recently added bash completion ise split out to a sub-
package of its own. If your image has bash and you want
autocompletion for ostree add the subpackage to your image.
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
|
|
hardware.rst: drop Intel 570x
|
|
meta-ros: pull in latest master branch
|
|
The update contains
5a5a79f rospack: backport lunar patch to fix boost incompatibility
8d686fc gmapping: updating to 1.3.9
Fixes [YOCTO: #12340]
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
The builds are no longer tested on Intel 570x so drop
its section from doc/hardware.rst.
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
|
|
jenkins-intel-iot-refkit-upstream-monitor-master-116
|
|
* bitbake 28249c4...be393f2 (2):
> toaster/highlight.pack.js: Fix corrupted file
> toaster: Remove prettify
* meta-intel 9f9b61b...863590f (12):
> lttng-modules: Fix SRC_URI for Yocto Layer Compatibility
> Revert "linux-intel: blacklist snd-soc-skl module"
> maintainers: Update with available team members
> lttng-modules: also apply patch if linux-intel-rt is preferred kernel
> linux-intel/4.9: Update kernel SRCREVs for v4.9.56
> CHANGELOG: Add major rocko changes
> documentation: add Secure Boot information
> linux-intel/4.9: Update kernel SRCREVs
> linux-intel: SRCREV updates for kernel and cache
> ixgbevf: skip host depmod
> ixgbe: skip host depmod
> add .gitignore
* meta-ros 60e4b4a...b579fb7 (4):
> Merge pull request #558 from synapticon/fix_tf2_py
> Merge pull request #559 from synapticon/fix_smach_deps
> Merge pull request #557 from synapticon/fix_tf2_rdep
> Merge pull request #556 from rojkov/patch-desc-fixup
* meta-security 607d2bc...de48d57 (9):
> fscryptctl: add v0.1.0
> openscape: fix ptest compile errors and update
> keynote: update the SRC_URI
> openssl-tpm-engine: add package
> tpm2-abrmd: add package
> tpm-quote-tools: Add package
> pcr-extend: add new package
> README: update with basic info
> swtpm: fix cuse depends
* meta-yocto e1f3639...2d8a572 (2):
> poky: add debian-9 to SANITY_TESTED_DISTROS
> packagegroups: remove a bbappend
* openembedded-core 70e5444...3b413a8 (28):
> README.qemu: qemuppc64 is not supported
> bitbake.conf: Adds ipv6 to DISTRO_FEATURES_NATIVE
> libxml2: use HTTP instead of FTP in SRC_URI
> sqlite3: fix CVE-2017-13685
> bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
> go: Export correct GO386 value for target
> goarch.bbclass: Define HOST_GO386 and TARGET_GO386
> prelink: fix upstream version check
> bash: add missing build dependencies for ptest
> cmake: fix typo in toolchain file
> gstreamer1.0-plugins-bad: Add dependency on libdrm when wayland is enabled
> musl: use a more specific fix for ARM thumb + frame pointers
> perl: remove the reference of DEBUG_PREFIX_MAP
> gcc: Backport fix for a segfault on riscv
> devtool: standard: Expand SRCREV before using it in _update_recipe_srcrev
> own-mirrors.bbclass: allow other settings of PREMIRRORS have effect
> mesa: explictly add lib expat to intel libvulkan's lib depends
> archiver: preserve sysroot paths in configured mode for multilib
> sstate.bbclass: provide an exception for useradd scenario
> screen: fix configure failed while build dir contains "yes"
> linux-firmware: make i.MX SDMA split complete
> libgcrypt: Fix building on armv6
> cross.bbclass: Remove usage of host flags for cross-compilation
> wpa_supplicant: fix WPA2 key replay security bug
> bitbake.conf: add tools required by testimage to HOSTTOOLS conditionally
> gcc-6.3: Backport patch to fix ICE on ARM
> e2fsprogs: modify ptest script
> linux-firmware: Split i.MX SDMA firmwares
|
|
intel-iot-refkit: move to use mraa and upm from meta-oe
|
|
mraa/upm were added in meta-oe so there's no need to
maintain them in meta-refkit-core anymore.
The change needs adjustments in layer dependencies and
a few other places to get the compatibility checks passing.
* meta-openembedded 4a45235...5d6d21e (201):
> libreport: fix Nothing RPROVIDES 'lib32-python3-libreport'
> libpwquality: fix Nothing RPROVIDES 'lib32-python3-libpwquality'
> postgresql: Update to 9.4.14
> stress-ng: Add recipe
> fluidsynth: update 1.1.6 -> 1.1.8
> nodejs: Update to 8.7.0
> nodejs: Remove unreferenced patches
> tslib: update project homepage
> gperftools: Fix build on musl/mips
> python3-asn1crypto: add support for Python 3
> python-cffi: update to version 1.11.2
> python-lxml: update to version 4.1.0
> imagemagick: 7.0.7-1 -> 7.0.7-7
> oprofile: move from oe-core, as it's being deprecated there
> rocksdb: add version 5.8
> nodejs: Add npx to nodejs-npm package
> toybox: Switch building from git src_uri
> hostapd: fix WPA2 key replay security bug
> libmnl: Move to oe-core
> wireshark: update to 2.2.10
> gpsd: Fix gpsd Yocto pyro build for read only rootfs
> python-asn1crypto: add new package
> python-pytest: fix egg version of package
> python-twisted: remove empty lore subpackage
> meta-oe/conf/layer.conf: Remove "id" from HOSTTOOLS
> nghttp2: add recipe for Nghttp2: HTTP/2 C Library.
> python3-ujson: support Python 3
> python3-protobuf: add python3 version
> netkit-rsh: correct the file attribute
> mdns: move from meta-intel-iot-middleware
> dnsmasq: upgrade to 2.78
> libauthen-radius-perl: move recipe to meta-networking
> lldpd: Update to version 0.9.8
> ebtables: Add HOMEPAGE info into recipe file.
> c-ares: Build native version
> net-snmp: check that executable is used before testing for existance
> openl2tp: Fix build with musl/libtirpc
> yp-tools: Ignore cpp warnings as errors
> drbd-utils: remove 0001-drbd-8.4.4-drbd-tools-only-rmmod-if-DRBD-is-a-module.patch
> iproute2: Move tipc enablement to oe-core
> network-manager-applet: Disable gobject-introspection on musl
> klibc: Pass Optimization with KLIBCOPTFLAGS
> breakpad: fix typo ( minidump_cpu_arm.h -> minidump_cpu_arm64.h )
> initramfs-kexecboot-image: replace deprecated license file
> initramfs-debug: replace deprecated license file
> python-grpcio-tools: update to version 1.6.3
> python-twisted: update to version 17.9.0
> python-parse-type: update to version 0.4.2
> python-flask-sqlalchemy: update to version 2.3.0
> python-cython: update to version 0.27.1
> python-pylint: update to version 1.7.4
> leveldb: fix parallel build II
> Add python pandas recipes
> upm: add recipe from meta-refkit-core
> mraa: move recipe from meta-refkit-core
> gperftools: Enable on mips
> klibc.bbclass: Pass TUNE_CCARGS in flags
> ubi-utils-klibc: Update to 1.5.2 release of mtd-utils
> python-m2crypto: Upgrade to 0.26.4
> phoronix-test-suite: Upgrade from v6.6.1 to v7.4.0
> meta-perl: update layer.conf to include openembedded-layer
> meta-webserver: update the layer.conf to include the openembedded-layer
> mongodb: Pass computed endian variable
> uftrace: update version to 0.8
> python-pyfirmata: move in from meta-intel-iot-middleware and upgrade
> python-can: update to version 2.0.0b1
> libol: Add HOMEPAGE info into recipe file.
> python-parse-type: update to version 0.4.1
> python-zopeinterface: update to version 4.4.3
> python-pyasn1: update to version 0.3.6
> python-pytest: update to version 3.2.2
> python-babel: update to version 2.5.1
> python-cython: update to version 0.27
> python-futures: Build native version
> protobuf: Upgrade to 3.4.1
> lvm2: refactoring code to disable package config thin-provisioning-tools
> mongodb: Fix build on aarch64
> leveldb: Fix parallel build
> rcmd: Fix build with musl
> nbench-byte: Update SRC_URI to fossies.org
> breakpad: Fix build with musl/mips
> toybox: Upgrade to 0.7.4
> openwsman: Fix build with musl
> cpupower: add a new recipe
> lvm2: fix start lvm2-monitor.service failed
> lvm2: disable thin provisioning support if GPLv3 incompatible
> dfu-util: Add HOMEPAGE info into recipe file.
> byacc: Add HOMEPAGE info into recipe file.
> opencv: fix CVE-2017-14136
> luajit: Fix mips build with clang
> php: add libgcc to the runtime depends
> php: update stable version to 5.6.31
> php: update version to 7.1.9
> msgpack-c: update to version 2.1.5
> jsoncpp: update to version 1.8.3
> opencv: Fix build on aarch64
> flatbuffers: Fix build with clang on big-endian machines
> openct: Add HOMEPAGE info into recipe file.
> python-bitarray: add a python3 version of the recipe
> python-bcrypt: add a python3 version of the recipe
> python-appdirs: add an initial recipe
> python-twisted: update version to 17.5.0
> adduser: update to version 3.116
> breakpad: Fix mips build on musl
> ltrace: Fix build with musl/mips
> python3-multidict: update to version 3.2.0
> python-cassandra-driver: update to version 3.11.0
> python-protobuf: update to version 3.4.0
> python-pymisp: update to version 2.4.80
> python-pyasn1: update to version 0.3.5
> python-tornado: update to version 4.5.2
> python-grpcio-tools: update to version 1.6.0
> python-grpcio: update to version 1.6.0
> python-cmd2: update to version 0.7.7
> python-lxml: update to version 4.0.0
> python-pyro4: update to version 4.62
> python-pymongo: split the package into bson and original pymongo package
> python-aws-iot-device-sdk-python: update to version 1.2.0
> python-six: update to version 1.11.0
> python-cffi: update to version 1.10.0
> python-psutil: update to version 5.3.1
> python-xlrd: update to version 1.1.0
> python-pyopenssl: update to version 17.3.0
> python-redis: update to version 2.10.6
> libnet-dns-perl: Add HOMEPAGE info into recipe file.
> libhtml-parser-perl: Add HOMEPAGE info into recipe file.
> ipc-run: Add HOMEPAGE info into recipe file.
> fbset: Add HOMEPAGE info into recipe file.
> eventlog: Add HOMEPAGE info into recipe file.
> imagemagick: 7.0.6-9 -> 7.0.7-1
> python-cython: update to version 0.26.1
> python-babel: update to version 2.5.0
> python-ndg-httpsclient: update to version 0.4.3
> python-pybind11: update to version 2.2.1
> autoconf-archive: Delete ( moved to oe-core )
> android-tools: Fix build with musl
> python-pymisp: update to version 2.4.79
> python-pymongo: update to version 3.5.1
> python-jsonpointer: update to version 1.12
> python-pytest-runner: update to version 2.12.1
> python-django: update to version 1.11.5
> python-pyasn1: update to version 0.3.4
> python-sqlalchemy: update to version 1.1.14
> nginx: update development version to 1.13.5
> breakpad: Upgrade to latest master
> rsyslog: update from 8.22 to 8.29
> librelp: upgrade from 1.2.12 to 1.2.14
> python-pyparsing: add support for native build
> networkmanager: Disable gobject-introspection on musl
> netkit-telnet: Add HOMEPAGE info into recipe file.
> opensaf: Upgrade to 5.17.07
> openhpi: Fix build with musl
> ypbind-mt: Upgrade to 2.4
> stunnel: Add HOMEPAGE info into recipe file.
> libtdb: Add HOMEPAGE info into recipe file.
> samba: Add HOMEPAGE info into recipe file.
> networkmanager: Add HOMEPAGE info into recipe file.
> tcpdump: update to 4.9.2 to fix CVEs
> ipvsadm: Add HOMEPAGE info into recipe file.
> yp-tools: Upgrade to 4.2.2
> autofs: Fix build with musl
> poco: update to 1.7.9
> krb5: CVE-2017-11462
> libp11: 0.4.0 -> 0.4.7
> recipes: fix invalid license file
> gnome-keyring: Fix build with musl
> apache2: change files layout to debian style
> apache2: use volatiles for sysvinit
> pidgin-otr: Upgrade to 4.0.2
> Nginx: use PACKAGECONFIG variables in configure
> sgpio: Add HOMEPAGE info into recipe file.
> orbit2: Add HOMEPAGE info into recipe file.
> numactl: Add HOMEPAGE info into recipe file.
> mozjs: Add HOMEPAGE info into recipe file.
> mailcap: Add HOMEPAGE info into recipe file.
> libnih: Add HOMEPAGE info into recipe file.
> ceres-solver: add new recipe
> gnome-keyring: Resolve conflict with gcr 3 and gold linking error
> libndp: Add HOMEPAGE info into recipe file.
> fbset: Add HOMEPAGE info into recipe file.
> daemontools: Add HOMEPAGE info into recipe file.
> liblockfile: Add HOMEPAGE info into recipe file.
> libjs-sizzle: Add HOMEPAGE info into recipe file.
> gerbera: clean recipe
> libupnp: Add recipe for version 1.8.2
> capnproto: add version 0.6.1
> flatbuffers: add version 1.7.1
> libgpiod: bump version to v0.3.1
> protobuf-c: update to 1.3.0
> protobuf: update to 3.4.0
> debsums: inherit gettext
> lvm2: Add HOMEPAGE info into recipe file.
> libidl: Add HOMEPAGE info into recipe file.
> v4l-utils: added missing dependency on udev
> python-jsonschema, python3-jsonschema: add vcversioner-native dependency
> system-setup-keyboard: delete blacklisted
> smbnetfs: delete blacklisted
> klibc.bbclass: Add -mfloat-abi on arm
> klibc.bbclass: Use forcevariable override to define flags
> klibc: Edit out gcc hardcoding in do_compile
> leveldb: Fix build with clang
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
|
|
refkit-ci.inc: stop CI DAFT tests on 570x HW (Joule)
|
|
Signed-off-by: Olev Kartau <olev.kartau@intel.com>
|
|
meta-refkit-extra: add rps-demo
|
|
Add the Rock Paper Scissors computer vision demo to meta-refkit-extra layer.
Signed-off-by: Christian da Costa <christian.da.costa@intel.com>
|
|
darknet: added a new package.
|
|
Refkit CI: pull in the latest changes
|
|
* bitbake 9c0f6e8...28249c4 (9):
> README: new readme file including main aspects of the project
> bitbake-user-manual-metadata: include a space on a append example
> bitbake-user-manual/bitbake-user-manual: remove YP as build system
> Add args.force to localargs before do_add_layer
> bitbake-user-manual: add more gitsm fetcher limitations
> toaster: build missing toaster.conf settings
> bitbake-user-manual: Updated kernel version in PREFERRED_VERSION example
> bitbake: lib/bb/utils: fix movefile() copy to dir fallback
> server/process: Increase runCommand timeout
* meta-clang 4f13399...2c16196 (1):
> llvm: Fix wrong code generation when floor() libm function is called
* meta-intel 989db4c...9f9b61b (16):
> backport-iwlwifi: Fix version check for Intel Production Kernel
> linux-firmware: remove bbappend
> backport-iwlwifi: comment about firmware requirements
> backport-iwlwifi: don't use AUTOREV
> meta-intel.inc: Use grub-efi for x32
> meta-qat: Move to independant meta-intel-qat layer
> meta-dpdk: Move to independant layer
> meta-*/layer.conf: Add LAYERDEPENDS
> linux-intel/4.9: Update both SRCREVs
> README*: Updates pyro -> rocko
> lttng-modules: Add patch for API Change
> qat: Move BSP specific configurations from recipes to machine.conf
> dpdk: Move BSP specific configurations from recipes to machine.conf
> Move dpdk and qat components to meta-dpdk and meta-qat
> libyami: use git clone instead of unstable tarball
> thermald: use git clone instead of unstable tarball
* meta-security e180062...607d2bc (19):
> linux-yocto/4.12: update path version
> bastile: fix QA issue
> lynis: move recipe to correct layer
> openscap-daemon: fix QA issue
> suricata: update to 4.0.0
> redhat-security: remove PR and fix style
> checksecurity: fix recipe style
> libenv-perl: add recipe removed from core
> layer.conf: update layer depends
> libewf: fix build issue
> oe-release: add oe-release file for openscap
> os-release: needed by openscap
> openscap: Add oe specific files
> openscap: add dameon
> openscap: add scap-security-guide
> openscap: add package
> lynis: add auditing tool
> meta-security-compliance: add new layer for compliance and audit applications
> clamav: update llvm to use 5.0 to match version in core
* meta-yocto 6909368...e1f3639 (5):
> poky.conf: Fix typo
> poky: Set version/codename for 2.4/rocko
> yocto-bsp: add BBG dtb
> poky-tiny: Bump default kernel version to 4.12
> conf: remove maintainers.inc, now in oe-core
* openembedded-core a15ec97...70e5444 (178):
> bash-ptest: install additional locales
> lib/oe/package_manager.py (rpm): Allow use of non-signed packages
> libxml2-ptest: set LC_ALL=en_US.UTF-8
> libxml2-ptest: support for encoding ISO-8859-5
> libxml2-ptest: improve reproducibility
> oe-pkgdata-util: add unescape option to read-value
> siteinfo: nios2-linux - remove wrong mutex info
> argp-standalone: drop RDEPENDS dev/staticdev packages on main package
> bitbake.conf: Add 'id' to HOSTTOOLS
> python-ptest: various fixes
> utils.bbclass: Support applications with arguments in check_app_exist()
> libarchive: re-add non-recursive extract and list support
> nspr, nss: Use BUILD_CC instead of hardcoded "gcc"
> glibc-locale.inc: fix typo in comment
> staging.bbclass: handle postinst-useradd-* fixmes
> systemd: drop unreferenced uclibc specific agetty -> getty patch
> systemd: drop uclibc specific exp10 support patch
> lttng-modules: Backport fixes for kernel instrumentation
> image_types: Fix bmaptool support for RSS
> license.py: Correct selection of licenses in is_included()
> packagegroup-go-sdk-target: inherit goarch
> go-runtime: prevent host leakage into target objects
> goarch.bbclass: rework mips architecture checks
> cml1: remove diffconfig return code checking
> openssh: Atomically generate host keys
> libarchive: CVE-2017-14502
> systemd: add runtime dependencies to pam plugins.
> package_manager: rpm: improve logging
> rootfs.py: remove update-alternatives correctly
> linux-firmware: package Broadcom BCM43362 firmware
> ffmpeg: backport patches to fix 12 CVEs
> glib-2.0: Remove recommend shared-mime-info for MinGW
> libparted: Use read only when probing devices on linux
> ovmf: add SUMMARY and fix HOMEPAGE url
> update-rc.d: Add HOMEPAGE info into recipe file.
> stat: Add HOMEPAGE info into recipe file.
> prelink: Add HOMEPAGE info into recipe file.
> at: Add HOMEPAGE info into recipe file.
> systemd-serialtty: allow empty package
> systemd-boot: Should not build x32
> wic: remove systemd-boot for x32
> arch-x86: Add x86-x32 to MACHINEOVERRIDES
> curl: Added option to enable http2 protocol.
> selftest/cases/runtime_test: ignore removal errors when cleaning temporary gpg directory
> sign_rpm.bbclass: force rpm serial signing
> core-image-sato-sdk-ptest: reduce size
> wic: Add option to not change fstab
> libgcrypt: fix CVE-2017-0379
> scripts: drop True option to getVar calls
> meta: drop True option to getVar calls
> systemd: move org.freedesktop.machine1.conf to systemd-container
> go: Fix build with -buildmode=pie
> go_1.9: remove obsolete overrides
> go: disable PIE flags for cgo
> goarch.bbclass: fixups for Go mips32 support
> linux-firmware: bump to latest linux-firmware git revision
> qemurunner: print tail qemu log in case bootlog is empty
> classes: drop image dependencies on TOPDIR variable
> useradd-staticids: don't create username-group if gid is specified
> lame: fix CVE-2017-13712
> staging: Reduce verbosity of log messages
> pseudo: Add fastop reply fix
> pseudo: use epoll API on Linux
> gstreamer1.0-libav: Fix build on mips
> uboot-extlinux: fix extlinux creation race (take 2)
> Revert "u-boot: fix extlinux creation race"
> kernel-devicetree.bbclass: Add support to generate append to kernel
> xf86-video-intel: use uxa to replace sna as the default acceleration mode
> kernel-fitimage: support MIPS (compressed)
> kernel-uboot: support compressed kernel on MIPS
> kernel-uimage: optimise UBOOT_ENTRYSYMBOL support
> kernel-fitimage: unbreak UBOOT_ENTRYSYMBOL support
> kernel-fitimage: sanitize dtb section name (unbreak MIPS)
> sysklogd: conflict with other syslog daemons
> busybox: fix syslog related meta data
> openssh: Fix key generation with systemd
> wic: allow multiple /boot partitions with different content
> qemu: Security fixes
> qemu: remove unused patches
> ptest-runner: fix segfault with -t option
> strace_4.18.bb: improve reproducibility
> gzip_1.8.bb: improve reproducibility
> linux-yocto-tiny: Enable qemux86-64 on linux-yocto-tiny 4.12
> linux-yocto-tiny: Enable qemux86-64 on linux-yocto-tiny 4.10
> linux-yocto-tiny: Enable qemux86-64 on linux-yocto-tiny 4.9
> linux-yocto-tiny: Enable qemux86-64 on linux-yocto-tiny 4.4
> core-image-tiny-initramfs: Enable running poky-tiny on qemux86-64
> ltp: fix hanging issue for gdb01 case
> psmisc: Add HOMEPAGE info into recipe file.
> libffi: Add HOMEPAGE info into recipe file.
> libcgroup: Add HOMEPAGE info into recipe file.
> hdparm: Add HOMEPAGE info into recipe file.
> tiff: Security fix CVE-2017-13726 and CVE-2017-13727
> meta/lib/oe/rootfs.py: clean up dnf cache after creating an image
> sanity: check that path variables don't use ~
> sanity: correct Python version sanity check
> oe-build-perf-report-email.py: add cc and bcc options
> scripts: rename yocto-compat-layer to remove "compatible" nomenclature
> ncurses: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, CVE-2017-13728, CVE-2017-13731
> kernel.bbclass: build host programs with native sysroots
> image.bbclass: Sorted ctypes to avoid basehash error
> classes/image: move image_qa to between rootfs and image
> u-boot-fw-utils: Fix cross and target builds
> strace: Fix ptest bulds with musl/mips
> classes/image_live: fix using squashfs as image filesystem
> nspr: Fix build with musl/mips
> eudev: use archive tarball instead of Github generated tarball
> cross-canadian.bbclass: drop TARGET_* flags overrides
> systemd-serialgetty: remove systemd from RDEPENDS
> systemd: change some RRECOMMENDS to RDEPENDS
> classes/externalsrc: delete symlinks at start of do_buildclean
> bzip2: Create Makefile for run-ptest
> util-linux: package switch_root separately
> bluez5: Correct support for building without systemd
> sysvinit-inittab: start_getty: Cleanup comments
> sysvinit-inittab: start_getty: consider whitespaces in tty driver name
> core-image-tiny-initramfs: initramfs recipes should not generate an actual image file
> devtools: qemu: Remove obsolete '--with-system-pixman' option
> Add Go toolchain support
> go.bbclass: set TMPDIR during compilation
> go: fixes for cross-canadian builds
> go: fix linking issues for nativesdk builds
> go-crosssdk: fix host/target references and cleanup
> alsa-state: Add HOMEPAGE info into recipe file.
> udev-extraconf: Add HOMEPAGE info into recipe file.
> trace-cmd: Add HOMEPAGE info into recipe file.
> systemd-serialgetty: Add HOMEPAGE info into recipe file.
> systemd-compat-units: Add HOMEPAGE info into recipe.
> qemuwrapper-cross: Add HOMEPAGE info into recipe file.
> opkg-arch-config: Add HOMEPAGE info into recipe file.
> mobile-broadband-provider-info: Add HOMEPAGE info into recipe file.
> lsbtest: Add HOMEPAGE info into recipe file.
> lsbinitscripts: Add HOMEPAGE info into recipe file.
> libxml-sax-perl: Add HOMEPAGE info into recipe file.
> libxml-sax-base-perl: Add HOMEPAGE info into recipe file.
> libxml-parser-perl: Add HOMEPAGE info into recipe file.
> libtimedate-perl: Add HOMEPAGE info into recipe file.
> kbd: Add HOMEPAGE info into recipe file.
> initscripts: Add HOMEPAGE info into recipe file.
> i2c-tools: Add HOMEPAGE info into recipe file.
> dtc: Add HOMEPAGE info into recipe file.
> conf: add maintainers.inc from meta-poky
> gawk: Enable native building
> useradd.bbclass: Unify writing of script file in useradd_sysroot_sstate()
> binutils: apply mingw fix only for binutils-cross-canadian
> scripts/oe-build-perf-report: show recipe version changes in html report
> scripts/buildstats-diff: move more code to lib/buildstats.py
> scripts/oe-build-perf-report: summary of task resource usage
> scripts/buildstats-diff: move code to lib/buildstats.py
> scripts/oe-build-perf-report: tidy up html syntax
> scripts/oe-build-perf-report: provide valid title in the html report
> scripts/oe-build-perf-report: remove dead code
> scripts/oe-build-perf-report: use --hostname in --list
> scripts/oe-build-perf-report: fix handling of --history-length
> scripts/oe-build-perf-report: add AggregateTestData class
> scripts/oe-build-perf-report: fix dumping buildstats
> ruby: CVE-2017-14064
> attr: Backports to fix exported headers
> gcc-6.3.inc: Use ucontext_t not struct ucontext.
> oeqa/selftest/recipetool: use stable tarball for recipetool create test
> logrotate: use stable download URL
> libproxy: use stable download URL
> useradd: don't override pseudo environment
> systemd-machine-units: update LIC_FILES_CHKSUM
> e2fsprogs: set dir's mode correctly
> bitbake.conf: Add default FILESYSTEM_PERMS_TABLES
> tcp-wrappers: Add HOMEPAGE info into recipe file.
> sysprof: Add HOMEPAGE info into recipe file.
> minicom: Add HOMEPAGE info into recipe file.
> libxml-perl: Add HOMEPAGE info into recipe file.
> libxml-namespacesupport-perl: Add HOMEPAGE info into recipe file.
> libnotify: Add HOMEPAGE info into recipe file.
> libgudev: Add HOMEPAGE info into recipe file.
> blktrace: Add HOMEPAGE info into recipe file.
> devtool: ensure recipes devtool is working on are unlocked within the eSDK
> devtool: rework source extraction so that dependencies are handled
> ovmf: fix do_compile error when len(tmp)=410
> wic: accept '-' in bitbake variables
* meta-refkit(-core)
> adapt refkit_poky.py selftest to OE-core yocto-compat-layer*
renamings
> revert earlier hotfix for running bmaptool properly as it's now
fixed in OE-core
|
|
Darknet is an open source neural network framework written in C.
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
|
|
groupcheck, fwupd, fwupdate
|
|
fwupd is not in any of the images, but we want to know that it builds.
Therefore we have to list it explicitly.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Reconfiguring the kernel is something that may or may not be necessary
in a product, depending on what fwupd is meant to update. For now it
is something that has to be done by the developer who wants to test
fwupd.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
GPG is necessary for accessing the LVFS safely. Having it enabled
by default therefore makes sense. pkcs7 is meant to replace it
eventually, but is not quite there yet.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
This shows how to deliver firmware updates to fwupd via the filesystem
without relying on GPG.
The .xml snipped is from LVFS and can be distributed under "CC0-1.0 OR
CC-BY-3.0+ OR CC-BY-SA-3.0+ OR GFDL-1.1+ OR FSFAP", according to
Richard Hughes. But the firmware files can only be distributed by LVFS
servers. Downloading them for a local build is fine, redistributing
them is not.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
The example vendor config is not normally needed and can be separate.
Same for LVFS.
We want to use fwupd without always trusting LVFS, so keys related to
that must be packaged separately. We could put them into fwupd-lvfs,
but perhaps they also have a use for other cases (like distributing
files from LVFS via other means), so they are now in fwupd-pki.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
If groupcheck is selected by the distro, then we turn polkit policy
into groupcheck policy entries such that users in the "adm" group can
use fwupd.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
The introspection patch was merged upstream, but now we need to
disable the check for certtool when building without tests.
Also fix a warning about the missing bash RDEPENDS.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
This adds everything that is needed to build and run fwupd and fwupdate.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
The configuration is the one used by upstream fwupd, i.e. "fwupdmgr"
will pull updates from the Linux Vendor Firmware Service
servers (currently hosted on Amazon) and verify the files with GnuPG.
More work is needed to get rid of the GnuPG (GPLv3) and/or integrate
the delivery of firmware updates into the normal system update
mechanism.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Both patches were developed in parallel to fixing the problems
upstream. Updating fwupdate to the next release should get rid of
them.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Needed for fwupd. We can't build gobject-introspection data at the
moment, but that's not needed for fwupd, so it's turned off
unconditionally at the moment.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Needed for fwupd.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Needed for fwupd.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
Robert Dower
Mikko Ylinen
Khem Raj
Mikko Ylinen
Patrick Ohly
Jussi Laako
Krisztian Litkey
Dmitry Rozhkov
Refkit CI
Olev Kartau
Christian da Costa
Ismo Puustinen