|
[isar-cip-core][PATCH 2/2] Add kconfig menu
Jan Kiszka
From: Jan Kiszka <jan.kiszka@...>
Use the new kas menu plugin to present available image options to the user. This also allows to model their dependencies, specifically as not all options are supported on all boards. Signed-off-by: Jan Kiszka <jan.kiszka@...> --- Kconfig | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 37 ++++++++------ 2 files changed, 169 insertions(+), 14 deletions(-) create mode 100644 Kconfig diff --git a/Kconfig b/Kconfig new file mode 100644 index 0000000..72c75bf --- /dev/null +++ b/Kconfig @@ -0,0 +1,146 @@ +mainmenu "Isar core layer of the Civil Infrastructure Platform project" + +config KAS_INCLUDE_MAIN + string + default "kas-cip.yml" + +config KAS_BUILD_SYSTEM + string + default "isar" + +choice + prompt "Target board" + default TARGET_QEMU_AMD64 + +config TARGET_QEMU_AMD64 + bool "QEMU AMD64 (x86-64)" + +config TARGET_SIMATIC_IPC227E + bool "Siemens SIMATIC IPC227E" + +config TARGET_QEMU_ARM64 + bool "QEMU ARM64 (aarch64)" + +config TARGET_HIHOPE_RZG2M + bool "HopeRun HiHope-RZ/G2M" + +config TARGET_QEMU_ARM + bool "QEMU ARM (armhf)" + +config TARGET_BBB + bool "BeagleBone Black" + +config TARGET_IWG20D + bool "iWave Systems RainboW-G20D-Qseven" + +endchoice + +config KAS_INCLUDE_BOARD + string + default "kas/board/qemu-amd64.yml" if TARGET_QEMU_AMD64 + default "kas/board/simatic-ipc227e.yml" if TARGET_SIMATIC_IPC227E + default "kas/board/qemu-arm64.yml" if TARGET_QEMU_ARM64 + default "kas/board/hihope-rzg2m.yml" if TARGET_HIHOPE_RZG2M + default "kas/board/qemu-arm.yml" if TARGET_QEMU_ARM + default "kas/board/bbb.yml" if TARGET_BBB + default "kas/board/iwg20m.yml" if TARGET_IWG20D + +comment "Kernel options" + +choice + prompt "CIP kernel version" + default KERNEL_4_19 + +config KERNEL_4_4 + bool "Kernel 4.4.x-cip" + +config KERNEL_4_19 + bool "Kernel 4.19.x-cip" + +endchoice + +config KAS_INCLUDE_KERNEL + string + default "kas/opt/4.4.yml" + depends on KERNEL_4_4 + +config KERNEL_RT + bool "Real-time CIP kernel" + +config KAS_INCLUDE_KERNEL_RT + string + default "kas/opt/rt.yml" + depends on KERNEL_RT + +comment "Debian distribution options" + +choice + prompt "Debian Release" + default DEBIAN_BUSTER + +config DEBIAN_STRETCH + bool "stretch (9)" + +config DEBIAN_BUSTER + bool "buster (10)" + +config DEBIAN_BULLSEYE + bool "bullseye (11)" + +endchoice + +config KAS_INCLUDE_DEBIAN + string + default "kas/opt/stretch.yml" if DEBIAN_STRETCH + default "kas/opt/bullseye.yml" if DEBIAN_BULLSEYE + +comment "Image features" + +choice + prompt "Image formats" + default IMAGE_FLASH + +config IMAGE_FLASH + bool "Flashable image" + +config IMAGE_ARTIFACTS + bool "Separate artifacts for NFS boot" + +endchoice + +config KAS_INCLUDE_IMAGE_FORMAT + string + default "kas/opt/targz.yml" if IMAGE_ARTIFACTS && (TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM) + default "kas/opt/wic-targz.yml" if IMAGE_ARTIFACTS && !(TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM) + +config IMAGE_SECURITY + bool "Security extensions" + +config KAS_INCLUDE_SECURITY + string + default "kas/opt/security.yml" if IMAGE_SECURITY + +config IMAGE_TESTING + bool "Test extensions" + +config KAS_INCLUDE_TESTING + string + default "kas/opt/test.yml" if IMAGE_TESTING + +if IMAGE_FLASH + +config IMAGE_SWUPDATE + bool "SWUpdate support for root partition" + depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E + +config IMAGE_SECURE_BOOT + bool "Secure boot support" + depends on TARGET_QEMU_AMD64 + +config KAS_INCLUDE_SWUPDATE_SECBOOT + string + default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT + default "kas/opt/ebg-secure-boot-snakeoil.yml" if !IMAGE_SWUPDATE && IMAGE_SECURE_BOOT + default "kas/opt/ebg-snakeoil-swu.yml" if IMAGE_SWUPDATE && IMAGE_SECURE_BOOT + +endif diff --git a/README.md b/README.md index 537a615..d245111 100644 --- a/README.md +++ b/README.md @@ -18,16 +18,30 @@ Install `kas-container` from the [kas project](https://github.com/siemens/kas): Furthermore, install docker and make sure you have required permissions to start containers. -To build, e.g., the QEMU AMD64 target inside Docker, invoke kas-container like -this: +Open up the image configuration menu and select the desired target and its +options: - ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml + ./kas-container menu -This image can be run using `start-qemu.sh x86`. +You can direct start the build from the menu. -The BeagleBone Black target is selected by `... kas-cip.yml:kas/board/bbb.yml`. In -order to build the image with the PREEMPT-RT kernel, append `:kas/opt/rt.yml` to -the above. Append `:kas/opt/4.4.yml` to use the kernel version 4.4 instead of 4.19. +If you prefer selecting the configuration via the command line, this builds +the BeagleBone Black target image with real-time kernel, e.g.: + + ./kas-container build kas-cip.yml:kas/board/bbb.yml:kas/opt/rt.yml + + +## Running Target Images + +When having built a virtual QEMU target image, this can be started directly. +Run, e.g., + + ./start-qemu.sh x86 + +when having built a QEMU AMD64 image. A security image for QEMU can be started +like this: + + TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86 Physical targets will generate ready-to-boot images under `build/tmp/deploy/images/`. To flash, e.g., the BeagleBone Black image to an SD @@ -36,14 +50,9 @@ card, run dd if=build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img \ of=/dev/<medium-device> bs=1M status=progress -## Building Security target images -Building images for QEMU x86-64bit machine - - ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/security.yml - -Run the generated securiy images on QEMU (x86-64bit) +or via bmap-tools - TARGET_IMAGE=cip-core-image-security ./start-qemu.sh amd64 + bmaptool copy build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img /dev/<medium-device> ## Community Resources -- 2.31.1
|
|
|
|
[isar-cip-core][PATCH 1/2] Update to kas 2.6
Jan Kiszka
From: Jan Kiszka <jan.kiszka@...>
Include paths are now repo-relative, adjust this. Signed-off-by: Jan Kiszka <jan.kiszka@...> --- .gitlab-ci.yml | 2 +- README.md | 2 +- kas/opt/ebg-secure-boot-base.yml | 2 +- kas/opt/ebg-secure-boot-snakeoil.yml | 2 +- kas/opt/ebg-snakeoil-swu.yml | 4 ++-- kas/opt/ebg-swu.yml | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 40bf7f5..b23090b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: ghcr.io/siemens/kas/kas-isar:2.5 +image: ghcr.io/siemens/kas/kas-isar:2.6 variables: GIT_STRATEGY: clone diff --git a/README.md b/README.md index 32812a2..537a615 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ from scratch. Install `kas-container` from the [kas project](https://github.com/siemens/kas): - wget https://raw.githubusercontent.com/siemens/kas/2.5/kas-container + wget https://raw.githubusercontent.com/siemens/kas/2.6/kas-container chmod a+x kas-container Furthermore, install docker and make sure you have required permissions to diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml index 8182bd8..8f769b6 100644 --- a/kas/opt/ebg-secure-boot-base.yml +++ b/kas/opt/ebg-secure-boot-base.yml @@ -12,7 +12,7 @@ header: version: 10 includes: - - efibootguard.yml + - kas/opt/efibootguard.yml local_conf_header: initramfs: | diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml index c0ed1a2..2f45bde 100644 --- a/kas/opt/ebg-secure-boot-snakeoil.yml +++ b/kas/opt/ebg-secure-boot-snakeoil.yml @@ -12,7 +12,7 @@ header: version: 10 includes: - - ebg-secure-boot-base.yml + - kas/opt/ebg-secure-boot-base.yml local_conf_header: diff --git a/kas/opt/ebg-snakeoil-swu.yml b/kas/opt/ebg-snakeoil-swu.yml index d613532..2f15c0e 100644 --- a/kas/opt/ebg-snakeoil-swu.yml +++ b/kas/opt/ebg-snakeoil-swu.yml @@ -12,5 +12,5 @@ header: version: 10 includes: - - ebg-secure-boot-snakeoil.yml - - swupdate.yml + - kas/opt/ebg-secure-boot-snakeoil.yml + - kas/opt/swupdate.yml diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml index 8c56182..e708d0a 100644 --- a/kas/opt/ebg-swu.yml +++ b/kas/opt/ebg-swu.yml @@ -12,5 +12,5 @@ header: version: 10 includes: - - efibootguard.yml - - swupdate.yml + - kas/opt/efibootguard.yml + - kas/opt/swupdate.yml -- 2.31.1
|
|
|
|
[isar-cip-core][PATCH 0/2] kas update and menu support
Jan Kiszka
With kas 2.6 being released, this now allows to adopt the new "menu"
feature and make the various image flavors and options more accessible. Quirin, please have a look if I modeled the dependencies for secure boot and SWUpdate correctly, exposed reasonable combinations and didn't forget something useful. @all: Please play a bit with the options and check if you find anything that does not work (crowd-sourced randconfig...). Thanks, Jan Jan Kiszka (2): Update to kas 2.6 Add kconfig menu .gitlab-ci.yml | 2 +- Kconfig | 146 +++++++++++++++++++++++++++ README.md | 39 ++++--- kas/opt/ebg-secure-boot-base.yml | 2 +- kas/opt/ebg-secure-boot-snakeoil.yml | 2 +- kas/opt/ebg-snakeoil-swu.yml | 4 +- kas/opt/ebg-swu.yml | 4 +- 7 files changed, 177 insertions(+), 22 deletions(-) create mode 100644 Kconfig -- 2.31.1
|
|
|
|
Re: New CVE entry this week
Masami Ichikawa
Hi !
On Thu, Oct 21, 2021 at 5:42 PM Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@...> wrote: Thanks ! Best regards,Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
Re: New CVE entry this week
Nobuhiro Iwamatsu
Hi,
toggle quoted messageShow quoted text
-----Original Message-----Thanks, I checked your patch. LGTM. Best regards, Nobuhiro
|
|
|
|
CIP IRC weekly meeting today on libera.chat
Jan Kiszka
Hi all,
Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today. Please note that we moved from Freenode to libera.chat. Our channel is the following: irc:irc.libera.chat:6667/cip Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00: https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=10&day=21&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248 USWest USEast UK DE TW JP 06:00 09:00 14:00 15:00 21:00 22:00 Last meeting minutes: https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-14-13.01.log.html * Action item 1. Combine root filesystem with kselftest binary - iwamatsu & alicef 2. Look into S3 artifact upload issues - patersonc * Kernel maintenance updates * Kernel testing * AOB Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
|
|
|
|
New CVE entry this week
Masami Ichikawa
Hi !
It's this week's CVE report. This week reported 7 new CVEs. * New CVEs CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes. This bug is in BPF subsystem and s390 architecture specific. Patches haven't been backported to 4.4 kernel. However, according to the cip-kernel-config, it looks like no one uses s390, so can it ignore it until someone backport patches? CVSS v3 score is not provided. Fixed status mainline: [db7bee653859ef7179be933e7d1384644f795f26, 6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53, 1511df6f5e9ef32826f20db2ee81f8527154dc14] stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930] stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b, 8a09222a512bf7b32e55bb89a033e08522798299] stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6, 4320c222c2ffe778a8aff5b8bc4ac33af6d54eba, ab7cf225016159bc2c3590be6fa12965565d903b] stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e, 6a8787093b04057d855822094d63d04a2506444a, a7593244dc31ad0eea70319f6110975f9c738dca] CVE-2021-20321: kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() CVSS v3 score is not provided. A local attacker can escalate their privileges up to root via overlayfs vulnerability. Patch for 4.4 is applied failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It needs to modify the patch. I attached a patch, if it looks good, I'll send it to the stable mailing list. Fixed status mainline: [a295aef603e109a47af355477326bd41151765b6] stable/4.14: [1caaa820915d802328bc72e4de0d5b1629eab5da] stable/4.19: [9d4969d8b5073d02059bae3f1b8d9a20cf023c55] stable/4.9: [286f94453fb34f7bd6b696861c89f9a13f498721] stable/5.10: [9763ffd4da217adfcbdcd519e9f434dfa3952fc3] stable/5.14: [71b8b36187af58f9e67b25021f5debbc04a18a5d] stable/5.4: [fab338f33c25c4816ca0b2d83a04a0097c2c4aaf] CVE-2021-3847: low-privileged user privileges escalation CVSS v3 score is not provided. A Local attacker can escalate their privileges up to root by overlay fs's vulnerability (https://www.openwall.com/lists/oss-security/2021/10/14/3). Fixed status Not fixed yet. CVE-2021-42252: soc: aspeed: lpc-ctrl: Fix boundary check for mmap CVSS v3 score is not provided. This bug has been introduced since 4.12-rc1. so all stable kernels are fixed. Fixed status mainline: [b49a0e69a7b1a68c8d3f64097d06dabb770fec96] stable/4.14: [b1b55e4073d3da6119ecc41636a2994b67a2be37] stable/4.19: [9c8891b638319ddba9cfa330247922cd960c95b0] stable/5.10: [3fdf2feb6cbe76c6867224ed8527b356e805352c] stable/5.14: [865f5ba9fdfc3ac6acabcac9630056ce99db600d] stable/5.4: [2712f29c44f18db826c7e093915a727b6f3a20e4] CVE-2021-20322: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies CVSS v3 score is not provided. A flaw in the processing of the received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. This flaw is similar to the previous CVE-2020-25705 (both DNS poisoning attack based on ICMP replies for open ports scanning, but other type of ICMP packets). Commit 4785305c ("ipv6: use siphash in rt6_exception_hash()") fixes 35732d01 ("ipv6: introduce a hash table to store dst cache") which was merged in 4.15-rc1. stable/4.4 doesn't contain upstream commit 35732d01. stable/4.19 contains upstream commit 35732d01. Commit 6457378f ("ipv4: use siphash instead of Jenkins in fnhe_hashfun()") fixes d546c621 ("ipv4: harden fnhe_hashfun()") which was merged in 3.18-rc1 stable/4.4 and stable/4.19 contain upstream commit d546c621. Commit a00df2ca ("ipv6: make exception cache less predictible") fixes 35732d01 ("ipv6: introduce a hash table to store dst cache") which was merged in 4.15-rc1. stable/4.4 doesn't contain upstream commit 35732d01. stable/4.19 contains upstream commit 35732d01. Commit 67d6d681 ("ipv4: make exception cache less predictible") fixes 4895c771 ("ipv4: Add FIB nexthop exceptions.") which was merged in 3.6-rc1. stable/4.19 applied this patch at commit 3e6bd2b5. stable/4.4 applied this patch at commit bed8941f. Fixed status mainline: [4785305c05b25a242e5314cc821f54ade4c18810, 6457378fe796815c973f631a1904e147d6ee33b1, a00df2caffed3883c341d5685f830434312e4a43, 67d6d681e15b578c1725bad8ad079e05d1c48a8e] stable/4.19: [3e6bd2b583f18da9856fc9741ffa200a74a52cba] stable/4.4: [bed8941fbdb72a61f6348c4deb0db69c4de87aca] stable/4.9: [f10ce783bcc4d8ea454563a7d56ae781640e7dcb] stable/5.10: [8692f0bb29927d13a871b198adff1d336a8d2d00, 5867e20e1808acd0c832ddea2587e5ee49813874, dced8347a727528b388f04820f48166f1e651af6, beefd5f0c63a31a83bc5a99e6888af884745684b] stable/5.14: [4785305c05b25a242e5314cc821f54ade4c18810, 6457378fe796815c973f631a1904e147d6ee33b1, 55938482a1461a35087c6f3051f8447662889ea8, 4589a12dcf80af31137ef202be1ff4a321707a73] CVE-2021-42739: A buffer overflow bug is found in the firewire subsystem CVSS v3 score is not provided. Patches have been sent to Linux Media mailing list but it hasn't been merged in linux-media tree nor mainline yet. According to the cip-kernel-config repo, no CIP member uses firewire driver. Fixed status Not fixed yet. CVE-2021-34866: Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability CVSS v3 score is not provided. A type confusion bug is found in eBPF subsystem which can leads a local attacker escalates their privileges via this bug. This bug was introduced in commit 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") that has been merged since 5.8-rc1. so before 5.8 kernels aren't affected by this CVE. Fixed status mainline: [5b029a32cfe4600f5e10e36b41778506b90fd4de] stable/5.10: [9dd6f6d89693d8f09af53d2488afad22a8a44a57] * Updated CVEs CVE-2020-29374: gup: document and work around "COW can break either way" issue This bug has been fixed since 5.8-rc1. 4.4 and 4.9 have been fixed this week. All stable kernels are fixed. Fixed status mainline: [17839856fd588f4ab6b789f482ed3ffd7c403e1f] stable/4.14: [407faed92b4a4e2ad900d61ea3831dd597640f29] stable/4.19: [5e24029791e809d641e9ea46a1f99806484e53fc] stable/4.4: [58facc9c7ae307be5ecffc1697552550fedb55bd] stable/4.9: [9bbd42e79720122334226afad9ddcac1c3e6d373] stable/5.4: [1027dc04f557328eb7b7b7eea48698377a959157] CVE-2021-41864: bpf: Fix integer overflow in prealloc_elems_and_freelist() 4.9 and 4.19 have been fixed this week. This bug was introduced in 4.6-rc1 therefore 4.4 doesn't affect. All stable kernels are fixed. Fixed status mainline: [30e29a9a2bc6a4888335a6ede968b75cd329657a] stable/4.14: [f34bcd10c4832d491049905d25ea3f46a410c426] stable/4.19: [078cdd572408176a3900a6eb5a403db0da22f8e0] stable/4.9: [4fd6663eb01bc3c73143cd27fefd7b8351bc6aa6] stable/5.10: [064faa8e8a9b50f5010c5aa5740e06d477677a89] stable/5.14: [3a1ac1e368bedae2777d9a7cfdc65df4859f7e71] stable/5.4: [b14f28126c51533bb329379f65de5b0dd689b13a] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2021-3640: UAF in sco_send_frame function Fixed in bluetooth-next tree. https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/net/bluetooth/sco.c?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951 CVE-2020-26555: BR/EDR pin code pairing broken No fix information CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
Re: [isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9
Jan Kiszka
On 18.10.21 13:19, Srinuvasan A wrote:
From: Srinuvasan A <srinuvasan_a@...>Thanks, applied. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
|
|
|
|
Re: [isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9
Srinuvasan A
Hi All,
         Please merge this into cip-core to pull latest changes of efibootguard. Thanks, Srinuvasan.A
|
|
|
|
[isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9
Srinuvasan A
From: Srinuvasan A <srinuvasan_a@...>
Uprevision the latest revision and tag. Signed-off-by: Srinuvasan A <srinuvasan_a@...> --- ...fibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename recipes-bsp/efibootguard/{efibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} (95%) diff --git a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb similarity index 95% rename from recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb rename to recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb index ebd848d..2817e5b 100644 --- a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb +++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb @@ -22,7 +22,7 @@ SRC_URI = "git://github.com/siemens/efibootguard.git;branch=master;protocol=http S = "${WORKDIR}/git" -SRCREV = "ac1685aea75fb3e3d16c0c0e4f8261a2edb63536" +SRCREV = "c01324d0da202727eb0744c0f67a78f9c9b65c46" PROVIDES = "${PN}" PROVIDES += "${PN}-dev" -- 2.25.1
|
|
|
|
Re: Duplicate messages in archive
This should be fixed now. Please let me know if otherwise. Thanks! Neal Neal Caidin Program Manager, Program Management & Operations The Linux Foundation +1 (919) 238-9104 (w/h) +1 (919) 949-1861 (m)
On Mon, Oct 4, 2021 at 8:13 AM Jan Kiszka <jan.kiszka@...> wrote: Hi all,
|
|
|
|
Re: [isar-cip-dev] [PATCH] Update efibootguard to latest one
Quirin Gylstorff
On 10/14/21 11:27 AM, Srinuvasan A via lists.cip-project.org wrote:
From: Srinuvasan A <srinuvasan_a@...> Why do you need to update to a non released version of efibootguard? Until now we used only tag version in this recipe. Quirin PROVIDES = "${PN}"
|
|
|
|
Re: New CVE entry this week
Pavel Machek
Hi!
* New CVEsOthers are fixed, but this one may be worth watching. Fortunately it is not remote attack, AFAICT. Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
|
|
|
|
CIP IRC weekly meeting today on libera.chat
Jan Kiszka
Hi all,
Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today. Please note that we moved from Freenode to libera.chat. Our channel is the following: irc:irc.libera.chat:6667/cip Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00: https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=10&day=14&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248 USWest USEast UK DE TW JP 06:00 09:00 14:00 15:00 21:00 22:00 Last meeting minutes: https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-07-13.01.log.html * Action item 1. Combine root filesystem with kselftest binary - iwamatsu & alicef 2. Document new LAVA domains in wiki - patersonc 3. Look into S3 artifact upload issues - patersonc * Kernel maintenance updates * Kernel testing * AOB Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
|
|
|
|
New CVE entry this week
Masami Ichikawa
Hi !
It's this week's CVE report. This week reported 4 new CVEs. * New CVEs CVE-2021-0935: bug is in ipv6 and l2tp code. This CVE addresses two commits, one in the ipv6 stack and the other in l2tp. There is two introduced commits one is 85cb73f ("net: ipv6: reset daddr and dport in sk if connect() fails") was merged in 4.12 and the other commit 3557baa ("[L2TP]: PPP over L2TP driver core") was merged in 2.6.23-rc1. Fixed commits have been merged since 4.16-rc7 so 4.16 or later kernels don't affect this vulnerability. Commit 2f987a76("net: ipv6: keep sk status consistent after datagram connect failure") fixes 85cb73f and commit b954f940("l2tp: fix races with ipv4-mapped ipv6 addresses") fixes commit 3557baa. To apply patches to 4.4, it needs to fix conflicts. CVSS v3 score is not provided. Fixed status mainline: [2f987a76a97773beafbc615b9c4d8fe79129a7f4, b954f94023dcc61388c8384f0f14eb8e42c863c5] stable/4.14: [a8f02befc87d6f1a882c9b14a31bcfa1fbd3d430, b0850604cc5dac60754cc2fcdf7d2ca97a68a4dc] stable/4.19: [2f987a76a97773beafbc615b9c4d8fe79129a7f4, b954f94023dcc61388c8384f0f14eb8e42c863c5] stable/4.4: not fixed yet stable/4.9: [c49f30b2979bfc8701620e598558f29a48e07234, 535ef684ec6079bccc2037c76bc607d29dca05dc] stable/5.10: [2f987a76a97773beafbc615b9c4d8fe79129a7f4, b954f94023dcc61388c8384f0f14eb8e42c863c5] stable/5.4: [2f987a76a97773beafbc615b9c4d8fe79129a7f4, b954f94023dcc61388c8384f0f14eb8e42c863c5] CVE-2021-0937: netfilter: x_tables: fix compat match/target pad out-of-bound write This vulnerability was introduced since 4.6.19-rc1 and fixed in 5.12-rc8. All stable kernels are already fixed. CVSS v3 score is not provided. Fixed status mainline: [b29c457a6511435960115c0f548c4360d5f4801d] stable/4.14: [522a0191944e3db9c30ade5fa6b6ec0d7c42f40d] stable/4.19: [12ec80252edefff00809d473a47e5f89c7485499] stable/4.4: [b0d98b2193a38ef93c92e5e1953d134d0f426531] stable/4.9: [0c58c9f9c5c5326320bbe0429a0f45fc1b92024b] stable/5.10: [1f3b9000cb44318b0de40a0f495a5a708cd9be6e] stable/5.4: [cc59b872f2e1995b8cc819b9445c1198bfe83b2d] CVE-2021-0938: compiler.h: fix barrier_data() on clang This bug was introduced in 4.19-rc1 and fixed in 5.10-rc4. so all stable kernels are fixed. If kernel was built from clang, this bug will be affected. CVSS v3 score is not provided. Fixed status mainline: [3347acc6fcd4ee71ad18a9ff9d9dac176b517329] stable/4.14: not affect stable/4.19: [b207caff4176e3a6ba273243da2db2e595e4aad2] stable/4.4: not affect stable/4.9: not affect stable/5.10: not affect stable/5.4: [c2c5dc84ac51da90cadcb12554c69bdd5ac7aeeb] CVE-2021-0941: bpf: Remove MTU check in __bpf_skb_max_len CVSS v3 score is not provided. This bug is fixed in v5.12-rc1-dontuse. The kernel 4.4 doesn't contain __bpf_skb_max_len() so 4.4 may not affect this vulnerability. The __bpf_skb_max_len() was introduced since 4.13-rc1 commit 2be7e212("bpf: add bpf_skb_adjust_room helper "). Fixed status. mainline: [6306c1189e77a513bf02720450bb43bd4ba5d8ae] stable/4.14: [64cf6c3156a5cbd9c29f54370b801b336d2f7894] stable/4.19: [8c1a77ae15ce70a72f26f4bb83c50f769011220c] stable/4.4: not affect stable/4.9: [1636af9e8a8840f5696ad2c01130832411986af4] stable/5.10: [fd38d4e6757b6b99f60314f67f44a286f0ab7fc0] stable/5.4: [42c83e3bca434d9f63c58f9cbf2881e635679fee] * Updated CVEs CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() CVE-2021-3764: DoS in ccp_run_aes_gcm_cmd() function CVE-2021-3744 and CVE-2021-3764 are fixed by commit 505d9dcb("crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() "). Both vulnerabilities were in ccp_run_aes_gcm_cmd() which has been introduced since 4.12-rc1. Therefore before 4.12 kernels aren't affected this vulnerability. Fixed status mainline: [505d9dcb0f7ddf9d075e729523a33d38642ae680] stable/4.14: [3707e37b3fcef4d5e9a81b9c2c48ba7248051c2a] stable/4.19: [710be7c42d2f724869e5b18b21998ceddaffc4a9] stable/4.4: not affect stable/4.9: not affect stable/5.10: [17ccc64e4fa5d3673528474bfeda814d95dc600a] stable/5.14: [e450c422aa233e9f80515f2ee9164e33f158a472] stable/5.4: [24f3d2609114f1e1f6b487b511ce5fa36f21e0ae] CVE-2021-41864: bpf: Fix integer overflow in prealloc_elems_and_freelist() This bug was introduced in 4.6-rc1 so that 4.4 isn't affected this bug. 4.19, 5.10, 5.14, and 5.4 have been fixed this week. Patch to 4.14 can be applied by git am without any modification. Patch to 4.9 can be applied by 3-way merge. Fixed status mainline: [30e29a9a2bc6a4888335a6ede968b75cd329657a] stable/4.14: not fixed yet stable/4.19: [078cdd572408176a3900a6eb5a403db0da22f8e0] stable/4.4: not affect stable/4.14: not fixed yet stable/5.10: [064faa8e8a9b50f5010c5aa5740e06d477677a89] stable/5.14: [3a1ac1e368bedae2777d9a7cfdc65df4859f7e71] stable/5.4: [b14f28126c51533bb329379f65de5b0dd689b13a] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2021-3640: UAF in sco_send_frame function Fixed in bluetooth-next tree. https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/net/bluetooth/sco.c?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951 CVE-2020-26555: BR/EDR pin code pairing broken No fix information CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
|
|
|
|
Re: [isar-cip-core][PATCH v2 0/4] Use SWUpdate from salsa.debian.org
Jan Kiszka
On 13.10.21 15:40, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>Thanks, applied. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
|
|
|
|
Re: [isar-cip-core][PATCH v2 1/4] swupdate: Move handler to own recipe
Jan Kiszka
On 13.10.21 16:01, Gylstorff Quirin wrote:
Ok, thanks for clarifying. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
|
|
|
|
Re: [isar-cip-core][PATCH v2 1/4] swupdate: Move handler to own recipe
Quirin Gylstorff
On 10/13/21 3:47 PM, Jan Kiszka wrote:
Plural or singular? Can a generic swupdate-handler package containerAn handler package could contain multiple handlers. Currently we have only swupdate-handler-roundrobin. Quirin
|
|
|
|
Re: [isar-cip-core][PATCH v2 1/4] swupdate: Move handler to own recipe
Jan Kiszka
On 13.10.21 15:40, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>Plural or singular? Can a generic swupdate-handler package container multiple handlers? Or will it only ever provide a single handler? In the latter case, make this "swupdate-handler" as well. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux
|
|
|
|
[isar-cip-core][PATCH v2 4/4] swupdate: remove version 2021.04+isar-git
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
This version is replace by 2021.04-1+debian-gbp. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- classes/kconfig-snippets.bbclass | 90 ------------------- classes/swupdate-config.bbclass | 81 ----------------- conf/distro/cip-core-bullseye.conf | 1 - conf/distro/cip-core-buster.conf | 1 - .../swupdate/files/debian/changelog.tmpl | 6 -- recipes-core/swupdate/files/debian/compat | 1 - .../swupdate/files/debian/control.tmpl | 15 ---- recipes-core/swupdate/files/debian/copyright | 36 -------- recipes-core/swupdate/files/debian/rules.tmpl | 31 ------- .../swupdate/files/debian/swupdate.examples | 2 - .../swupdate/files/debian/swupdate.install | 2 - .../swupdate/files/debian/swupdate.manpages | 5 -- .../swupdate/files/debian/swupdate.tmpfile | 2 - recipes-core/swupdate/files/debian/watch | 12 --- recipes-core/swupdate/files/postinst | 2 - recipes-core/swupdate/files/swupdate.cfg | 6 -- .../swupdate/files/swupdate.service.example | 11 --- .../swupdate/files/swupdate.socket.example | 11 --- .../swupdate/files/swupdate.socket.tmpl | 13 --- .../swupdate/files/swupdate_defconfig | 83 ----------------- .../swupdate_defconfig_efibootguard.snippet | 3 - .../files/swupdate_defconfig_lua.snippet | 2 - .../swupdate_defconfig_luahandler.snippet | 4 - .../files/swupdate_defconfig_mtd.snippet | 1 - .../files/swupdate_defconfig_u-boot.snippet | 3 - .../files/swupdate_defconfig_ubi.snippet | 6 -- recipes-core/swupdate/swupdate.bb | 48 ---------- 27 files changed, 478 deletions(-) delete mode 100644 classes/kconfig-snippets.bbclass delete mode 100644 classes/swupdate-config.bbclass delete mode 100644 recipes-core/swupdate/files/debian/changelog.tmpl delete mode 100644 recipes-core/swupdate/files/debian/compat delete mode 100644 recipes-core/swupdate/files/debian/control.tmpl delete mode 100644 recipes-core/swupdate/files/debian/copyright delete mode 100755 recipes-core/swupdate/files/debian/rules.tmpl delete mode 100644 recipes-core/swupdate/files/debian/swupdate.examples delete mode 100644 recipes-core/swupdate/files/debian/swupdate.install delete mode 100644 recipes-core/swupdate/files/debian/swupdate.manpages delete mode 100644 recipes-core/swupdate/files/debian/swupdate.tmpfile delete mode 100644 recipes-core/swupdate/files/debian/watch delete mode 100644 recipes-core/swupdate/files/postinst delete mode 100644 recipes-core/swupdate/files/swupdate.cfg delete mode 100644 recipes-core/swupdate/files/swupdate.service.example delete mode 100644 recipes-core/swupdate/files/swupdate.socket.example delete mode 100644 recipes-core/swupdate/files/swupdate.socket.tmpl delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_lua.snippet delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet delete mode 100644 recipes-core/swupdate/swupdate.bb diff --git a/classes/kconfig-snippets.bbclass b/classes/kconfig-snippets.bbclass deleted file mode 100644 index d754654..0000000 --- a/classes/kconfig-snippets.bbclass +++ /dev/null @@ -1,90 +0,0 @@ -# -# CIP Core, generic profile -# -# Copyright (c) Siemens AG, 2020 -# -# Authors: -# Christian Storm <christian.storm@...> -# -# SPDX-License-Identifier: MIT - -KCONFIG_SNIPPETS = "" - -# The following function defines the kconfig snippet system -# with automatich debian dependency injection -# -# To define a feature set, the user has to define the following -# variable to an empty string: -# -# KFEATURE_featurename = "" -# -# Then, required additions to the variables can be defined: -# -# KFEATURE_featurename[KCONFIG_SNIPPETS] = "file://snippet-file-name.snippet" -# KFEATURE_featurename[SRC_URI] = "file://required-file.txt" -# KFEATURE_featurename[DEPENDS] = "deb-pkg1 deb-pkg2 deb-pkg3" -# KFEATURE_featurename[DEBIAN_DEPENDS] = "deb-pkg1" -# KFEATURE_featurename[BUILD_DEB_DEPENDS] = "deb-pkg1,deb-pkg2,deb-pkg3" - -# The 'KCONFIG_SNIPPETS' flag gives a list of URI entries, where only -# file:// is supported. These snippets are appended to the DEFCONFIG file. -# -# Features can depend on other features via the following mechanism: -# -# KFEATURE_DEPS[feature1] = "feature2" - -python () { - requested_features = d.getVar("KFEATURES", True) or "" - - features = set(requested_features.split()) - old_features = set() - feature_deps = d.getVarFlags("KFEATURE_DEPS") or {} - while old_features != features: - diff_features = old_features.symmetric_difference(features) - old_features = features.copy() - for i in diff_features: - features.update(feature_deps.get(i, "").split()) - - for f in sorted(features): - bb.debug(2, "Feature: " + f) - varname = "KFEATURE_" + f - dummyvar = d.getVar(varname, False) - if dummyvar == None: - bb.error("Feature var " + f + " must be defined with needed flags.") - else: - feature_flags = d.getVarFlags(varname) - for feature_varname in sorted(feature_flags): - if feature_flags.get(feature_varname, "") != "": - sep = " " - - # Required to add KCONFIG_SNIPPETS to SRC_URI here, - # because 'SRC_URI += "${KCONFIG_SNIPPETS}"' would - # conflict with SRC_APT feature. - if feature_varname == "KCONFIG_SNIPPETS": - d.appendVar('SRC_URI', - " " + feature_flags[feature_varname].strip()) - - # BUILD_DEP_DEPENDS and DEBIAN_DEPENDS is ',' separated - # Only add ',' if there is already something there - if feature_varname in ["BUILD_DEB_DEPENDS", - "DEBIAN_DEPENDS"]: - sep = "," if d.getVar(feature_varname) else "" - - d.appendVar(feature_varname, - sep + feature_flags[feature_varname].strip()) -} - -# DEFCONFIG must be a predefined bitbake variable and the corresponding file -# must exist in the WORKDIR. -# The resulting generated config is the same file suffixed with ".gen" - -do_prepare_build_prepend() { - sh -x - GENCONFIG="${WORKDIR}/${DEFCONFIG}".gen - rm -f "$GENCONFIG" - cp "${WORKDIR}/${DEFCONFIG}" "$GENCONFIG" - for CONFIG_SNIPPET in $(echo "${KCONFIG_SNIPPETS}" | sed 's#file://##g') - do - cat ${WORKDIR}/$CONFIG_SNIPPET >> "$GENCONFIG" - done -} diff --git a/classes/swupdate-config.bbclass b/classes/swupdate-config.bbclass deleted file mode 100644 index 1d57ce1..0000000 --- a/classes/swupdate-config.bbclass +++ /dev/null @@ -1,81 +0,0 @@ -# -# CIP Core, generic profile -# -# Copyright (c) Siemens AG, 2020 -# -# Authors: -# Christian Storm <christian.storm@...> -# -# SPDX-License-Identifier: MIT - -# This class manages the config snippets together with their dependencies -# to build SWUpdate - -inherit kconfig-snippets - -BUILD_DEB_DEPENDS = " \ - zlib1g-dev, debhelper, libconfig-dev, libarchive-dev, \ - python-sphinx:native, dh-systemd, libsystemd-dev, libssl-dev, pkg-config" - -KFEATURE_lua = "" -KFEATURE_lua[BUILD_DEB_DEPENDS] = "liblua5.3-dev" -KFEATURE_lua[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_lua.snippet" - -KFEATURE_luahandler = "" -KFEATURE_luahandler[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_luahandler.snippet" -KFEATURE_luahandler[SRC_URI] = "${@ 'file://${SWUPDATE_LUASCRIPT}' \ - if d.getVar('SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO') == '0' else '' }" -KFEATURE_DEPS = "" -KFEATURE_DEPS[luahandler] = "lua" - -KFEATURE_efibootguard = "" -KFEATURE_efibootguard[BUILD_DEB_DEPENDS] = "efibootguard-dev" -KFEATURE_efibootguard[DEBIAN_DEPENDS] = "" -KFEATURE_efibootguard[DEPENDS] = "efibootguard-dev" -KFEATURE_efibootguard[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_efibootguard.snippet" - -KFEATURE_mtd = "" -KFEATURE_mtd[BUILD_DEB_DEPENDS] = "libmtd-dev" -KFEATURE_mtd[DEPENDS] = "mtd-utils" -KFEATURE_mtd[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_mtd.snippet" - -KFEATURE_ubi = "" -KFEATURE_ubi[BUILD_DEB_DEPENDS] = "libubi-dev" -KFEATURE_ubi[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_ubi.snippet" - -KFEATURE_DEPS[ubi] = "mtd" - -KFEATURE_u-boot = "" -KFEATURE_u-boot[BUILD_DEB_DEPENDS] = "libubootenv-dev" -# we need u-boot-${MACHINE}-config for fw_env.config -# only custom build u-boot provides this package -# for u-boot provided by debian u-boot-tools provides -# example configurations at /usr/share/doc/u-boot-tools/examples -KFEATURE_u-boot[DEBIAN_DEPENDS] = "${@ 'libubootenv0.1, u-boot-${MACHINE}-config' \ - if d.getVar("U_BOOT_CONFIG_PACKAGE", True) == "1" \ - else 'libubootenv0.1'}" -KFEATURE_u-boot[DEPENDS] = "${@ 'libubootenv u-boot-${MACHINE}-config' \ - if d.getVar("U_BOOT_CONFIG_PACKAGE", True) == "1" \ - else 'libubootenv'}" -KFEATURE_u-boot[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_u-boot.snippet" - -def get_bootloader_featureset(d): - bootloader = d.getVar("SWUPDATE_BOOTLOADER", True) or "" - if bootloader == "efibootguard": - return "efibootguard" - if bootloader == "u-boot": - return "u-boot" - return "" - -SWUPDATE_KFEATURES ??= "" -KFEATURES = "${SWUPDATE_KFEATURES}" -KFEATURES += "${@get_bootloader_featureset(d)}" - -# Astonishingly, as an anonymous python function, SWUPDATE_BOOTLOADER is always None -# one time before it gets set. So the following must be a task. -python do_check_bootloader () { - bootloader = d.getVar("SWUPDATE_BOOTLOADER", True) or "None" - if not bootloader in ["efibootguard", "u-boot"]: - bb.warn("swupdate: SWUPDATE_BOOTLOADER set to incompatible value: " + bootloader) -} -addtask check_bootloader before do_fetch diff --git a/conf/distro/cip-core-bullseye.conf b/conf/distro/cip-core-bullseye.conf index 9357b6c..38014b4 100644 --- a/conf/distro/cip-core-bullseye.conf +++ b/conf/distro/cip-core-bullseye.conf @@ -14,4 +14,3 @@ require cip-core-common.inc PREFERRED_VERSION_linux-cip ?= "4.19.%" PREFERRED_VERSION_linux-cip-rt ?= "4.19.%" -PREFERRED_VERSION_swupdate ?= "2021.04-1+debian-gbp" diff --git a/conf/distro/cip-core-buster.conf b/conf/distro/cip-core-buster.conf index 61fcb41..c5cb39c 100644 --- a/conf/distro/cip-core-buster.conf +++ b/conf/distro/cip-core-buster.conf @@ -14,4 +14,3 @@ require cip-core-common.inc PREFERRED_VERSION_linux-cip ?= "4.19.%" PREFERRED_VERSION_linux-cip-rt ?= "4.19.%" -PREFERRED_VERSION_swupdate ?= "2021.4-git+isar" diff --git a/recipes-core/swupdate/files/debian/changelog.tmpl b/recipes-core/swupdate/files/debian/changelog.tmpl deleted file mode 100644 index 81087d3..0000000 --- a/recipes-core/swupdate/files/debian/changelog.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -swupdate (${PV}) unstable; urgency=medium - - * SWUpdate - - -- Christian Storm <christian.storm@...> Thu, 31 Jan 2019 15:23:56 +0100 - diff --git a/recipes-core/swupdate/files/debian/compat b/recipes-core/swupdate/files/debian/compat deleted file mode 100644 index b4de394..0000000 --- a/recipes-core/swupdate/files/debian/compat +++ /dev/null @@ -1 +0,0 @@ -11 diff --git a/recipes-core/swupdate/files/debian/control.tmpl b/recipes-core/swupdate/files/debian/control.tmpl deleted file mode 100644 index 2b92850..0000000 --- a/recipes-core/swupdate/files/debian/control.tmpl +++ /dev/null @@ -1,15 +0,0 @@ -Source: swupdate -Section: embedded -Priority: optional -Maintainer: Stefano Babic <sbabic@...> -Build-Depends: ${BUILD_DEB_DEPENDS} -Standards-Version: 4.2.1 -Homepage: http://sbabic.github.io/swupdate - -Package: swupdate -Architecture: any -Depends: ${DEBIAN_DEPENDS} -Description: reliable way to update an embedded system - This project is thought to help to update an embedded system from a storage media or from network. - However, it should be mainly considered as a framework, where further protocols or installers - (in SWUpdate they are called handlers) can be easily added to the application. diff --git a/recipes-core/swupdate/files/debian/copyright b/recipes-core/swupdate/files/debian/copyright deleted file mode 100644 index f920942..0000000 --- a/recipes-core/swupdate/files/debian/copyright +++ /dev/null @@ -1,36 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: swupdate -Maintainer: Stefano Babic <sbabic@...> -Source: http://github.com/sbabic/swupdate - -Files: * -Copyright: 2014-2017 Stefano Babic <sbabic@...> - -License: GPL-2 with OpenSSL exception - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - In addition, as a special exception, the author of this - program gives permission to link the code of its - release with the OpenSSL project's "OpenSSL" library (or - with modified versions of it that use the same license as - the "OpenSSL" library), and distribute the linked - executables. You must obey the GNU General Public - License in all respects for all of the code used other - than "OpenSSL". If you modify this file, you may extend - this exception to your version of the file, but you are - not obligated to do so. If you do not wish to do so, - delete this exception statement from your version. - . - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program. If not, see <https://www.gnu.org/licenses/> - . - On Debian systems, the complete text of the GNU General - Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". diff --git a/recipes-core/swupdate/files/debian/rules.tmpl b/recipes-core/swupdate/files/debian/rules.tmpl deleted file mode 100755 index ec83a88..0000000 --- a/recipes-core/swupdate/files/debian/rules.tmpl +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/make -f - -ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) -export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- -export PKG_CONFIG_PATH=/usr/lib/$(DEB_HOST_GNU_TYPE)/pkgconfig -export CC=$(DEB_HOST_GNU_TYPE)-gcc -export LD=$(DEB_HOST_GNU_TYPE)-gcc -endif - -export DH_VERBOSE = 1 - -export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow - -documentation: configure - make man - -configure: - make ${DEFCONFIG} - -build: documentation configure - dh $@ - -%: - echo $@ - dh $@ - -override_dh_installchangelogs: - true - -override_dh_installdocs: - true diff --git a/recipes-core/swupdate/files/debian/swupdate.examples b/recipes-core/swupdate/files/debian/swupdate.examples deleted file mode 100644 index c257b75..0000000 --- a/recipes-core/swupdate/files/debian/swupdate.examples +++ /dev/null @@ -1,2 +0,0 @@ -examples/configuration -examples/description diff --git a/recipes-core/swupdate/files/debian/swupdate.install b/recipes-core/swupdate/files/debian/swupdate.install deleted file mode 100644 index 8957cc6..0000000 --- a/recipes-core/swupdate/files/debian/swupdate.install +++ /dev/null @@ -1,2 +0,0 @@ -swupdate usr/bin -swupdate.cfg /etc diff --git a/recipes-core/swupdate/files/debian/swupdate.manpages b/recipes-core/swupdate/files/debian/swupdate.manpages deleted file mode 100644 index c3438e0..0000000 --- a/recipes-core/swupdate/files/debian/swupdate.manpages +++ /dev/null @@ -1,5 +0,0 @@ -doc/build/man/swupdate.1 -doc/build/man/client.1 -doc/build/man/sendtohawkbit.1 -doc/build/man/hawkbitcfg.1 -doc/build/man/progress.1 diff --git a/recipes-core/swupdate/files/debian/swupdate.tmpfile b/recipes-core/swupdate/files/debian/swupdate.tmpfile deleted file mode 100644 index 4743672..0000000 --- a/recipes-core/swupdate/files/debian/swupdate.tmpfile +++ /dev/null @@ -1,2 +0,0 @@ -X /tmp/datadst -X /tmp/scripts diff --git a/recipes-core/swupdate/files/debian/watch b/recipes-core/swupdate/files/debian/watch deleted file mode 100644 index bc4c53e..0000000 --- a/recipes-core/swupdate/files/debian/watch +++ /dev/null @@ -1,12 +0,0 @@ -# Example watch control file for uscan -# Rename this file to "watch" and then you can run the "uscan" command -# to check for upstream updates and more. -# See uscan(1) for format - -# Compulsory line, this is a version 4 file -version=4 - -# GitHub hosted projects -opts="filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \ - https://github.com/<user>/swupdate/tags \ - (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate diff --git a/recipes-core/swupdate/files/postinst b/recipes-core/swupdate/files/postinst deleted file mode 100644 index f15ac10..0000000 --- a/recipes-core/swupdate/files/postinst +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -deb-systemd-helper enable swupdate.socket || true diff --git a/recipes-core/swupdate/files/swupdate.cfg b/recipes-core/swupdate/files/swupdate.cfg deleted file mode 100644 index e0222f1..0000000 --- a/recipes-core/swupdate/files/swupdate.cfg +++ /dev/null @@ -1,6 +0,0 @@ -globals : -{ - verbose = true; - loglevel = 10; - syslog = false; -}; diff --git a/recipes-core/swupdate/files/swupdate.service.example b/recipes-core/swupdate/files/swupdate.service.example deleted file mode 100644 index d0b821e..0000000 --- a/recipes-core/swupdate/files/swupdate.service.example +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=SWUpdate daemon -Documentation=https://github.com/sbabic/swupdate - -[Service] -Type=simple -ExecStart=/usr/bin/swupdate -f /etc/swupdate.cfg -KillMode=mixed - -[Install] -WantedBy=multi-user.target diff --git a/recipes-core/swupdate/files/swupdate.socket.example b/recipes-core/swupdate/files/swupdate.socket.example deleted file mode 100644 index 2b75671..0000000 --- a/recipes-core/swupdate/files/swupdate.socket.example +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=SWUpdate socket listener -Documentation=https://github.com/sbabic/swupdate -Documentation=https://sbabic.github.io/swupdate - -[Socket] -ListenStream=/tmp/sockinstctrl -ListenStream=/tmp/swupdateprog - -[Install] -WantedBy=sockets.target diff --git a/recipes-core/swupdate/files/swupdate.socket.tmpl b/recipes-core/swupdate/files/swupdate.socket.tmpl deleted file mode 100644 index 8e7fc1d..0000000 --- a/recipes-core/swupdate/files/swupdate.socket.tmpl +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=SWUpdate socket listener -Documentation=https://github.com/sbabic/swupdate -Documentation=https://sbabic.github.io/swupdate - -[Socket] -SocketUser=${SWUPDATE_SOCKET_OWNER} -SocketGroup=root -ListenStream=/tmp/sockinstctrl -ListenStream=/tmp/swupdateprog - -[Install] -WantedBy=sockets.target diff --git a/recipes-core/swupdate/files/swupdate_defconfig b/recipes-core/swupdate/files/swupdate_defconfig deleted file mode 100644 index 9ae7cb5..0000000 --- a/recipes-core/swupdate/files/swupdate_defconfig +++ /dev/null @@ -1,83 +0,0 @@ -# -# Automatically generated file; DO NOT EDIT. -# Swupdate Configuration -# -CONFIG_HAVE_DOT_CONFIG=y - -# -# Swupdate Settings -# - -# -# General Configuration -# -# CONFIG_CURL is not set -# CONFIG_CURL_SSL is not set -CONFIG_SYSTEMD=y -CONFIG_SCRIPTS=y -# CONFIG_HW_COMPATIBILITY is not set -CONFIG_SW_VERSIONS_FILE="/etc/sw-versions" - -# -# Socket Paths -# -CONFIG_SOCKET_CTRL_PATH="/tmp/sockinstctrl" -CONFIG_SOCKET_PROGRESS_PATH="/tmp/swupdateprog" -CONFIG_SOCKET_REMOTE_HANDLER_DIRECTORY="/tmp/" -# CONFIG_MTD is not set -# CONFIG_LUA is not set -# CONFIG_LUAPKG is not set -# CONFIG_FEATURE_SYSLOG is not set - -# -# Build Options -# -CONFIG_CROSS_COMPILE="" -CONFIG_SYSROOT="" -CONFIG_EXTRA_CFLAGS="" -CONFIG_EXTRA_LDFLAGS="" -CONFIG_EXTRA_LDLIBS="" - -# -# Debugging Options -# -# CONFIG_DEBUG is not set -# CONFIG_WERROR is not set -# CONFIG_NOCLEANUP is not set -# CONFIG_BOOTLOADER_EBG is not set -# CONFIG_UBOOT is not set -# CONFIG_BOOTLOADER_NONE is not set -# CONFIG_BOOTLOADER_GRUB is not set -# CONFIG_DOWNLOAD is not set -# CONFIG_DOWNLOAD_SSL is not set -# CONFIG_CHANNEL_CURL is not set -# CONFIG_HASH_VERIFY=y -# CONFIG_SIGNED_IMAGES is not set -# CONFIG_ENCRYPTED_IMAGES is not set -# CONFIG_SURICATTA is not set -# CONFIG_WEBSERVER is not set -CONFIG_GUNZIP=y - -# -# Parser Features -# -CONFIG_LIBCONFIG=y -CONFIG_PARSERROOT="" -# CONFIG_JSON is not set -# CONFIG_LUAEXTERNAL is not set -# CONFIG_SETEXTPARSERNAME is not set -# CONFIG_SETSWDESCRIPTION is not set - -# -# Image Handlers -# -CONFIG_RAW=y -# CONFIG_LUASCRIPTHANDLER is not set -# CONFIG_SHELLSCRIPTHANDLER is not set -# CONFIG_HANDLER_IN_LUA is not set -# CONFIG_EMBEDDED_LUA_HANDLER is not set -# CONFIG_EMBEDDED_LUA_HANDLER_SOURCE is not set -CONFIG_ARCHIVE=y -# CONFIG_REMOTE_HANDLER is not set -# CONFIG_SWUFORWARDER_HANDLER is not set -# CONFIG_BOOTLOADERHANDLER is not set diff --git a/recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet b/recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet deleted file mode 100644 index 8e3688c..0000000 --- a/recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet +++ /dev/null @@ -1,3 +0,0 @@ -CONFIG_BOOTLOADER_NONE=n -CONFIG_BOOTLOADER_EBG=y -CONFIG_BOOTLOADERHANDLER=y diff --git a/recipes-core/swupdate/files/swupdate_defconfig_lua.snippet b/recipes-core/swupdate/files/swupdate_defconfig_lua.snippet deleted file mode 100644 index b39f9df..0000000 --- a/recipes-core/swupdate/files/swupdate_defconfig_lua.snippet +++ /dev/null @@ -1,2 +0,0 @@ -CONFIG_LUA=y -CONFIG_LUAPKG="lua53" diff --git a/recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet b/recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet deleted file mode 100644 index b4a2de8..0000000 --- a/recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet +++ /dev/null @@ -1,4 +0,0 @@ -CONFIG_LUASCRIPTHANDLER=y -CONFIG_HANDLER_IN_LUA=y -CONFIG_EMBEDDED_LUA_HANDLER=y -CONFIG_EMBEDDED_LUA_HANDLER_SOURCE="swupdate_handlers.lua" diff --git a/recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet b/recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet deleted file mode 100644 index eab98dd..0000000 --- a/recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet +++ /dev/null @@ -1 +0,0 @@ -CONFIG_MTD=y diff --git a/recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet b/recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet deleted file mode 100644 index 6b5832a..0000000 --- a/recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet +++ /dev/null @@ -1,3 +0,0 @@ -CONFIG_UBOOT=y -CONFIG_UBOOT_FWENV="/etc/fw_env.config" -CONFIG_BOOTLOADERHANDLER=y diff --git a/recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet b/recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet deleted file mode 100644 index d1c7732..0000000 --- a/recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet +++ /dev/null @@ -1,6 +0,0 @@ -CONFIG_UBIVOL=y -CONFIG_UBIATTACH=y -CONFIG_UBIBLACKLIST="" -CONFIG_UBIWHITELIST="" -CONFIG_UBIVIDOFFSET=0 -CONFIG_CFI=y diff --git a/recipes-core/swupdate/swupdate.bb b/recipes-core/swupdate/swupdate.bb deleted file mode 100644 index a29a797..0000000 --- a/recipes-core/swupdate/swupdate.bb +++ /dev/null @@ -1,48 +0,0 @@ -# -# CIP Core, generic profile -# -# Copyright (c) Siemens AG, 2020 -# -# Authors: -# Quirin Gylstorff <quirin.gylstorff@...> -# -# SPDX-License-Identifier: MIT - -DESCRIPTION = "swupdate utility for software updates" -HOMEPAGE= "https://github.com/sbabic/swupdate" -LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://${LAYERDIR_isar}/licenses/COPYING.GPLv2;md5=751419260aa954499f7abaabaa882bbe" - -SRC_URI = "git://github.com/sbabic/swupdate.git;branch=master;protocol=https" - -SRCREV = "47a1246435fdb78fba15cc969596994130412956" -PV = "2021.4-git+isar" - -DEFCONFIG := "swupdate_defconfig" - -SRC_URI += "file://debian \ - file://${DEFCONFIG} \ - file://${PN}.cfg" - -DEBIAN_DEPENDS = "${shlibs:Depends}, ${misc:Depends}" - -inherit dpkg -inherit swupdate-config - -KFEATURES += "luahandler" - -S = "${WORKDIR}/git" - -TEMPLATE_FILES = "debian/changelog.tmpl debian/control.tmpl debian/rules.tmpl" -TEMPLATE_VARS += "BUILD_DEB_DEPENDS DEFCONFIG DEBIAN_DEPENDS" - -do_prepare_build() { - cp -R ${WORKDIR}/debian ${S} - - install -m 0644 ${WORKDIR}/${PN}.cfg ${S}/swupdate.cfg - install -m 0644 ${WORKDIR}/${DEFCONFIG}.gen ${S}/configs/${DEFCONFIG} - - if ! grep -q "configs/${DEFCONFIG}" ${S}/.gitignore; then - echo "configs/${DEFCONFIG}" >> ${S}/.gitignore - fi -} -- 2.30.2
|
|
|