Date   

[isar-cip-core][PATCH 2/2] Add kconfig menu

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Use the new kas menu plugin to present available image options to the
user. This also allows to model their dependencies, specifically as not
all options are supported on all boards.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
Kconfig | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
README.md | 37 ++++++++------
2 files changed, 169 insertions(+), 14 deletions(-)
create mode 100644 Kconfig

diff --git a/Kconfig b/Kconfig
new file mode 100644
index 0000000..72c75bf
--- /dev/null
+++ b/Kconfig
@@ -0,0 +1,146 @@
+mainmenu "Isar core layer of the Civil Infrastructure Platform project"
+
+config KAS_INCLUDE_MAIN
+ string
+ default "kas-cip.yml"
+
+config KAS_BUILD_SYSTEM
+ string
+ default "isar"
+
+choice
+ prompt "Target board"
+ default TARGET_QEMU_AMD64
+
+config TARGET_QEMU_AMD64
+ bool "QEMU AMD64 (x86-64)"
+
+config TARGET_SIMATIC_IPC227E
+ bool "Siemens SIMATIC IPC227E"
+
+config TARGET_QEMU_ARM64
+ bool "QEMU ARM64 (aarch64)"
+
+config TARGET_HIHOPE_RZG2M
+ bool "HopeRun HiHope-RZ/G2M"
+
+config TARGET_QEMU_ARM
+ bool "QEMU ARM (armhf)"
+
+config TARGET_BBB
+ bool "BeagleBone Black"
+
+config TARGET_IWG20D
+ bool "iWave Systems RainboW-G20D-Qseven"
+
+endchoice
+
+config KAS_INCLUDE_BOARD
+ string
+ default "kas/board/qemu-amd64.yml" if TARGET_QEMU_AMD64
+ default "kas/board/simatic-ipc227e.yml" if TARGET_SIMATIC_IPC227E
+ default "kas/board/qemu-arm64.yml" if TARGET_QEMU_ARM64
+ default "kas/board/hihope-rzg2m.yml" if TARGET_HIHOPE_RZG2M
+ default "kas/board/qemu-arm.yml" if TARGET_QEMU_ARM
+ default "kas/board/bbb.yml" if TARGET_BBB
+ default "kas/board/iwg20m.yml" if TARGET_IWG20D
+
+comment "Kernel options"
+
+choice
+ prompt "CIP kernel version"
+ default KERNEL_4_19
+
+config KERNEL_4_4
+ bool "Kernel 4.4.x-cip"
+
+config KERNEL_4_19
+ bool "Kernel 4.19.x-cip"
+
+endchoice
+
+config KAS_INCLUDE_KERNEL
+ string
+ default "kas/opt/4.4.yml"
+ depends on KERNEL_4_4
+
+config KERNEL_RT
+ bool "Real-time CIP kernel"
+
+config KAS_INCLUDE_KERNEL_RT
+ string
+ default "kas/opt/rt.yml"
+ depends on KERNEL_RT
+
+comment "Debian distribution options"
+
+choice
+ prompt "Debian Release"
+ default DEBIAN_BUSTER
+
+config DEBIAN_STRETCH
+ bool "stretch (9)"
+
+config DEBIAN_BUSTER
+ bool "buster (10)"
+
+config DEBIAN_BULLSEYE
+ bool "bullseye (11)"
+
+endchoice
+
+config KAS_INCLUDE_DEBIAN
+ string
+ default "kas/opt/stretch.yml" if DEBIAN_STRETCH
+ default "kas/opt/bullseye.yml" if DEBIAN_BULLSEYE
+
+comment "Image features"
+
+choice
+ prompt "Image formats"
+ default IMAGE_FLASH
+
+config IMAGE_FLASH
+ bool "Flashable image"
+
+config IMAGE_ARTIFACTS
+ bool "Separate artifacts for NFS boot"
+
+endchoice
+
+config KAS_INCLUDE_IMAGE_FORMAT
+ string
+ default "kas/opt/targz.yml" if IMAGE_ARTIFACTS && (TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM)
+ default "kas/opt/wic-targz.yml" if IMAGE_ARTIFACTS && !(TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM)
+
+config IMAGE_SECURITY
+ bool "Security extensions"
+
+config KAS_INCLUDE_SECURITY
+ string
+ default "kas/opt/security.yml" if IMAGE_SECURITY
+
+config IMAGE_TESTING
+ bool "Test extensions"
+
+config KAS_INCLUDE_TESTING
+ string
+ default "kas/opt/test.yml" if IMAGE_TESTING
+
+if IMAGE_FLASH
+
+config IMAGE_SWUPDATE
+ bool "SWUpdate support for root partition"
+ depends on TARGET_QEMU_AMD64 || TARGET_SIMATIC_IPC227E
+
+config IMAGE_SECURE_BOOT
+ bool "Secure boot support"
+ depends on TARGET_QEMU_AMD64
+
+config KAS_INCLUDE_SWUPDATE_SECBOOT
+ string
+ default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT
+ default "kas/opt/ebg-secure-boot-snakeoil.yml" if !IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+ default "kas/opt/ebg-snakeoil-swu.yml" if IMAGE_SWUPDATE && IMAGE_SECURE_BOOT
+
+endif
diff --git a/README.md b/README.md
index 537a615..d245111 100644
--- a/README.md
+++ b/README.md
@@ -18,16 +18,30 @@ Install `kas-container` from the [kas project](https://github.com/siemens/kas):
Furthermore, install docker and make sure you have required permissions to
start containers.

-To build, e.g., the QEMU AMD64 target inside Docker, invoke kas-container like
-this:
+Open up the image configuration menu and select the desired target and its
+options:

- ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml
+ ./kas-container menu

-This image can be run using `start-qemu.sh x86`.
+You can direct start the build from the menu.

-The BeagleBone Black target is selected by `... kas-cip.yml:kas/board/bbb.yml`. In
-order to build the image with the PREEMPT-RT kernel, append `:kas/opt/rt.yml` to
-the above. Append `:kas/opt/4.4.yml` to use the kernel version 4.4 instead of 4.19.
+If you prefer selecting the configuration via the command line, this builds
+the BeagleBone Black target image with real-time kernel, e.g.:
+
+ ./kas-container build kas-cip.yml:kas/board/bbb.yml:kas/opt/rt.yml
+
+
+## Running Target Images
+
+When having built a virtual QEMU target image, this can be started directly.
+Run, e.g.,
+
+ ./start-qemu.sh x86
+
+when having built a QEMU AMD64 image. A security image for QEMU can be started
+like this:
+
+ TARGET_IMAGE=cip-core-image-security ./start-qemu.sh x86

Physical targets will generate ready-to-boot images under
`build/tmp/deploy/images/`. To flash, e.g., the BeagleBone Black image to an SD
@@ -36,14 +50,9 @@ card, run
dd if=build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img \
of=/dev/<medium-device> bs=1M status=progress

-## Building Security target images
-Building images for QEMU x86-64bit machine
-
- ./kas-container build kas-cip.yml:kas/board/qemu-amd64.yml:kas/opt/security.yml
-
-Run the generated securiy images on QEMU (x86-64bit)
+or via bmap-tools

- TARGET_IMAGE=cip-core-image-security ./start-qemu.sh amd64
+ bmaptool copy build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img /dev/<medium-device>


## Community Resources
--
2.31.1


[isar-cip-core][PATCH 1/2] Update to kas 2.6

Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Include paths are now repo-relative, adjust this.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
.gitlab-ci.yml | 2 +-
README.md | 2 +-
kas/opt/ebg-secure-boot-base.yml | 2 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 2 +-
kas/opt/ebg-snakeoil-swu.yml | 4 ++--
kas/opt/ebg-swu.yml | 4 ++--
6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 40bf7f5..b23090b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ghcr.io/siemens/kas/kas-isar:2.5
+image: ghcr.io/siemens/kas/kas-isar:2.6

variables:
GIT_STRATEGY: clone
diff --git a/README.md b/README.md
index 32812a2..537a615 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ from scratch.

Install `kas-container` from the [kas project](https://github.com/siemens/kas):

- wget https://raw.githubusercontent.com/siemens/kas/2.5/kas-container
+ wget https://raw.githubusercontent.com/siemens/kas/2.6/kas-container
chmod a+x kas-container

Furthermore, install docker and make sure you have required permissions to
diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
index 8182bd8..8f769b6 100644
--- a/kas/opt/ebg-secure-boot-base.yml
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -12,7 +12,7 @@
header:
version: 10
includes:
- - efibootguard.yml
+ - kas/opt/efibootguard.yml

local_conf_header:
initramfs: |
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index c0ed1a2..2f45bde 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -12,7 +12,7 @@
header:
version: 10
includes:
- - ebg-secure-boot-base.yml
+ - kas/opt/ebg-secure-boot-base.yml


local_conf_header:
diff --git a/kas/opt/ebg-snakeoil-swu.yml b/kas/opt/ebg-snakeoil-swu.yml
index d613532..2f15c0e 100644
--- a/kas/opt/ebg-snakeoil-swu.yml
+++ b/kas/opt/ebg-snakeoil-swu.yml
@@ -12,5 +12,5 @@
header:
version: 10
includes:
- - ebg-secure-boot-snakeoil.yml
- - swupdate.yml
+ - kas/opt/ebg-secure-boot-snakeoil.yml
+ - kas/opt/swupdate.yml
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index 8c56182..e708d0a 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -12,5 +12,5 @@
header:
version: 10
includes:
- - efibootguard.yml
- - swupdate.yml
+ - kas/opt/efibootguard.yml
+ - kas/opt/swupdate.yml
--
2.31.1


[isar-cip-core][PATCH 0/2] kas update and menu support

Jan Kiszka
 

With kas 2.6 being released, this now allows to adopt the new "menu"
feature and make the various image flavors and options more accessible.

Quirin, please have a look if I modeled the dependencies for secure boot
and SWUpdate correctly, exposed reasonable combinations and didn't
forget something useful.

@all: Please play a bit with the options and check if you find anything
that does not work (crowd-sourced randconfig...).

Thanks,
Jan

Jan Kiszka (2):
Update to kas 2.6
Add kconfig menu

.gitlab-ci.yml | 2 +-
Kconfig | 146 +++++++++++++++++++++++++++
README.md | 39 ++++---
kas/opt/ebg-secure-boot-base.yml | 2 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 2 +-
kas/opt/ebg-snakeoil-swu.yml | 4 +-
kas/opt/ebg-swu.yml | 4 +-
7 files changed, 177 insertions(+), 22 deletions(-)
create mode 100644 Kconfig

--
2.31.1


Re: New CVE entry this week

Masami Ichikawa
 

Hi !

On Thu, Oct 21, 2021 at 5:42 PM Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@...> wrote:

Hi,

-----Original Message-----
From: cip-dev@... [mailto:cip-dev@...] On Behalf Of Masami Ichikawa
Sent: Thursday, October 21, 2021 10:21 AM
To: cip-dev <cip-dev@...>
Subject: [cip-dev] New CVE entry this week

Hi !

It's this week's CVE report.

This week reported 7 new CVEs.

* New CVEs

CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes.

This bug is in BPF subsystem and s390 architecture specific. Patches
haven't been backported to 4.4 kernel. However, according to the
cip-kernel-config, it looks like no one uses s390, so can it ignore it
until someone backport patches?

CVSS v3 score is not provided.

Fixed status

mainline: [db7bee653859ef7179be933e7d1384644f795f26,
6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53,
1511df6f5e9ef32826f20db2ee81f8527154dc14]
stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930]
stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b,
8a09222a512bf7b32e55bb89a033e08522798299]
stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6,
4320c222c2ffe778a8aff5b8bc4ac33af6d54eba,
ab7cf225016159bc2c3590be6fa12965565d903b]
stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e,
6a8787093b04057d855822094d63d04a2506444a,
a7593244dc31ad0eea70319f6110975f9c738dca]

CVE-2021-20321: kernel: In Overlayfs missing a check for a negative
dentry before calling vfs_rename()

CVSS v3 score is not provided.

A local attacker can escalate their privileges up to root via
overlayfs vulnerability.
Patch for 4.4 is applied
failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It
needs to modify the patch. I attached a patch, if it looks good, I'll
send it to the stable mailing list.
Thanks, I checked your patch. LGTM.
Thanks !

Best regards,
Nobuhiro



Regards,

--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...


Re: New CVE entry this week

Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: cip-dev@... [mailto:cip-dev@...] On Behalf Of Masami Ichikawa
Sent: Thursday, October 21, 2021 10:21 AM
To: cip-dev <cip-dev@...>
Subject: [cip-dev] New CVE entry this week

Hi !

It's this week's CVE report.

This week reported 7 new CVEs.

* New CVEs

CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes.

This bug is in BPF subsystem and s390 architecture specific. Patches
haven't been backported to 4.4 kernel. However, according to the
cip-kernel-config, it looks like no one uses s390, so can it ignore it
until someone backport patches?

CVSS v3 score is not provided.

Fixed status

mainline: [db7bee653859ef7179be933e7d1384644f795f26,
6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53,
1511df6f5e9ef32826f20db2ee81f8527154dc14]
stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930]
stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b,
8a09222a512bf7b32e55bb89a033e08522798299]
stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6,
4320c222c2ffe778a8aff5b8bc4ac33af6d54eba,
ab7cf225016159bc2c3590be6fa12965565d903b]
stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e,
6a8787093b04057d855822094d63d04a2506444a,
a7593244dc31ad0eea70319f6110975f9c738dca]

CVE-2021-20321: kernel: In Overlayfs missing a check for a negative
dentry before calling vfs_rename()

CVSS v3 score is not provided.

A local attacker can escalate their privileges up to root via
overlayfs vulnerability.
Patch for 4.4 is applied
failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It
needs to modify the patch. I attached a patch, if it looks good, I'll
send it to the stable mailing list.
Thanks, I checked your patch. LGTM.

Best regards,
Nobuhiro


CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=10&day=21&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
06:00 09:00 14:00 15:00 21:00 22:00

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-14-13.01.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu & alicef
2. Look into S3 artifact upload issues - patersonc
* Kernel maintenance updates
* Kernel testing
* AOB

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


New CVE entry this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 7 new CVEs.

* New CVEs

CVE-2021-20320: kernel: s390 eBPF JIT miscompilation issues fixes.

This bug is in BPF subsystem and s390 architecture specific. Patches
haven't been backported to 4.4 kernel. However, according to the
cip-kernel-config, it looks like no one uses s390, so can it ignore it
until someone backport patches?

CVSS v3 score is not provided.

Fixed status

mainline: [db7bee653859ef7179be933e7d1384644f795f26,
6e61dc9da0b7a0d91d57c2e20b5ea4fd2d4e7e53,
1511df6f5e9ef32826f20db2ee81f8527154dc14]
stable/4.19: [ddf58efd05b5d16d86ea4638675e8bd397320930]
stable/4.9: [c22cf38428cb910f1996839c917e9238d2e44d4b,
8a09222a512bf7b32e55bb89a033e08522798299]
stable/5.10: [d92d3a9c2b6541f29f800fc2bd44620578b8f8a6,
4320c222c2ffe778a8aff5b8bc4ac33af6d54eba,
ab7cf225016159bc2c3590be6fa12965565d903b]
stable/5.14: [7a31ec4d215a800b504de74b248795f8be666f8e,
6a8787093b04057d855822094d63d04a2506444a,
a7593244dc31ad0eea70319f6110975f9c738dca]

CVE-2021-20321: kernel: In Overlayfs missing a check for a negative
dentry before calling vfs_rename()

CVSS v3 score is not provided.

A local attacker can escalate their privileges up to root via
overlayfs vulnerability.
Patch for 4.4 is applied
failed(https://lore.kernel.org/stable/163378772914820@kroah.com/). It
needs to modify the patch. I attached a patch, if it looks good, I'll
send it to the stable mailing list.

Fixed status

mainline: [a295aef603e109a47af355477326bd41151765b6]
stable/4.14: [1caaa820915d802328bc72e4de0d5b1629eab5da]
stable/4.19: [9d4969d8b5073d02059bae3f1b8d9a20cf023c55]
stable/4.9: [286f94453fb34f7bd6b696861c89f9a13f498721]
stable/5.10: [9763ffd4da217adfcbdcd519e9f434dfa3952fc3]
stable/5.14: [71b8b36187af58f9e67b25021f5debbc04a18a5d]
stable/5.4: [fab338f33c25c4816ca0b2d83a04a0097c2c4aaf]

CVE-2021-3847: low-privileged user privileges escalation

CVSS v3 score is not provided.

A Local attacker can escalate their privileges up to root by overlay
fs's vulnerability
(https://www.openwall.com/lists/oss-security/2021/10/14/3).

Fixed status

Not fixed yet.

CVE-2021-42252: soc: aspeed: lpc-ctrl: Fix boundary check for mmap

CVSS v3 score is not provided.

This bug has been introduced since 4.12-rc1. so all stable kernels are fixed.

Fixed status

mainline: [b49a0e69a7b1a68c8d3f64097d06dabb770fec96]
stable/4.14: [b1b55e4073d3da6119ecc41636a2994b67a2be37]
stable/4.19: [9c8891b638319ddba9cfa330247922cd960c95b0]
stable/5.10: [3fdf2feb6cbe76c6867224ed8527b356e805352c]
stable/5.14: [865f5ba9fdfc3ac6acabcac9630056ce99db600d]
stable/5.4: [2712f29c44f18db826c7e093915a727b6f3a20e4]

CVE-2021-20322: new DNS Cache Poisoning Attack based on ICMP fragment
needed packets replies

CVSS v3 score is not provided.

A flaw in the processing of the received ICMP errors (ICMP fragment
needed and ICMP redirect) in the Linux kernel functionality was found
that allows to quickly scan open UDP ports. This flaw allows an
off-path remote user to effectively bypassing source port UDP
randomization.
This flaw is similar to the previous CVE-2020-25705 (both DNS
poisoning attack based on ICMP replies for open ports scanning, but
other type of ICMP packets).

Commit 4785305c ("ipv6: use siphash in rt6_exception_hash()") fixes
35732d01 ("ipv6: introduce a hash table to store dst cache") which was
merged in 4.15-rc1.
stable/4.4 doesn't contain upstream commit 35732d01. stable/4.19
contains upstream commit 35732d01.

Commit 6457378f ("ipv4: use siphash instead of Jenkins in
fnhe_hashfun()") fixes d546c621 ("ipv4: harden fnhe_hashfun()") which
was merged in 3.18-rc1
stable/4.4 and stable/4.19 contain upstream commit d546c621.

Commit a00df2ca ("ipv6: make exception cache less predictible") fixes
35732d01 ("ipv6: introduce a hash table to store dst cache") which was
merged in 4.15-rc1.
stable/4.4 doesn't contain upstream commit 35732d01. stable/4.19
contains upstream commit 35732d01.

Commit 67d6d681 ("ipv4: make exception cache less predictible") fixes
4895c771 ("ipv4: Add FIB nexthop exceptions.") which was merged in
3.6-rc1.
stable/4.19 applied this patch at commit 3e6bd2b5. stable/4.4 applied
this patch at commit bed8941f.

Fixed status

mainline: [4785305c05b25a242e5314cc821f54ade4c18810,
6457378fe796815c973f631a1904e147d6ee33b1,
a00df2caffed3883c341d5685f830434312e4a43,
67d6d681e15b578c1725bad8ad079e05d1c48a8e]
stable/4.19: [3e6bd2b583f18da9856fc9741ffa200a74a52cba]
stable/4.4: [bed8941fbdb72a61f6348c4deb0db69c4de87aca]
stable/4.9: [f10ce783bcc4d8ea454563a7d56ae781640e7dcb]
stable/5.10: [8692f0bb29927d13a871b198adff1d336a8d2d00,
5867e20e1808acd0c832ddea2587e5ee49813874,
dced8347a727528b388f04820f48166f1e651af6,
beefd5f0c63a31a83bc5a99e6888af884745684b]
stable/5.14: [4785305c05b25a242e5314cc821f54ade4c18810,
6457378fe796815c973f631a1904e147d6ee33b1,
55938482a1461a35087c6f3051f8447662889ea8,
4589a12dcf80af31137ef202be1ff4a321707a73]

CVE-2021-42739: A buffer overflow bug is found in the firewire subsystem

CVSS v3 score is not provided.

Patches have been sent to Linux Media mailing list but it hasn't been
merged in linux-media tree nor mainline yet. According to the
cip-kernel-config repo, no CIP member uses firewire driver.

Fixed status

Not fixed yet.

CVE-2021-34866: Linux Kernel eBPF Type Confusion Privilege Escalation
Vulnerability

CVSS v3 score is not provided.

A type confusion bug is found in eBPF subsystem which can leads a
local attacker escalates their privileges via this bug.
This bug was introduced in commit 457f44363a88 ("bpf: Implement BPF
ring buffer and verifier support for it") that has been merged since
5.8-rc1. so before 5.8 kernels aren't affected by this CVE.

Fixed status

mainline: [5b029a32cfe4600f5e10e36b41778506b90fd4de]
stable/5.10: [9dd6f6d89693d8f09af53d2488afad22a8a44a57]

* Updated CVEs

CVE-2020-29374: gup: document and work around "COW can break either way" issue

This bug has been fixed since 5.8-rc1. 4.4 and 4.9 have been fixed this week.
All stable kernels are fixed.

Fixed status

mainline: [17839856fd588f4ab6b789f482ed3ffd7c403e1f]
stable/4.14: [407faed92b4a4e2ad900d61ea3831dd597640f29]
stable/4.19: [5e24029791e809d641e9ea46a1f99806484e53fc]
stable/4.4: [58facc9c7ae307be5ecffc1697552550fedb55bd]
stable/4.9: [9bbd42e79720122334226afad9ddcac1c3e6d373]
stable/5.4: [1027dc04f557328eb7b7b7eea48698377a959157]

CVE-2021-41864: bpf: Fix integer overflow in prealloc_elems_and_freelist()

4.9 and 4.19 have been fixed this week. This bug was introduced in
4.6-rc1 therefore 4.4 doesn't affect.
All stable kernels are fixed.

Fixed status

mainline: [30e29a9a2bc6a4888335a6ede968b75cd329657a]
stable/4.14: [f34bcd10c4832d491049905d25ea3f46a410c426]
stable/4.19: [078cdd572408176a3900a6eb5a403db0da22f8e0]
stable/4.9: [4fd6663eb01bc3c73143cd27fefd7b8351bc6aa6]
stable/5.10: [064faa8e8a9b50f5010c5aa5740e06d477677a89]
stable/5.14: [3a1ac1e368bedae2777d9a7cfdc65df4859f7e71]
stable/5.4: [b14f28126c51533bb329379f65de5b0dd689b13a]


Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

Fixed in bluetooth-next tree.

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/net/bluetooth/sco.c?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...


Re: [isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9

Jan Kiszka
 

On 18.10.21 13:19, Srinuvasan A wrote:
From: Srinuvasan A <srinuvasan_a@...>

Uprevision the latest revision and tag.

Signed-off-by: Srinuvasan A <srinuvasan_a@...>
---
...fibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-bsp/efibootguard/{efibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} (95%)

diff --git a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
similarity index 95%
rename from recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
rename to recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
index ebd848d..2817e5b 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
@@ -22,7 +22,7 @@ SRC_URI = "git://github.com/siemens/efibootguard.git;branch=master;protocol=http

S = "${WORKDIR}/git"

-SRCREV = "ac1685aea75fb3e3d16c0c0e4f8261a2edb63536"
+SRCREV = "c01324d0da202727eb0744c0f67a78f9c9b65c46"

PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"
Thanks, applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9

Srinuvasan A
 

Hi All,

                 Please merge this into cip-core to pull latest changes of efibootguard.

Thanks,
Srinuvasan.A


[isar-cip-dev] [PATCH] Update efibootguard to latest release 0.9

Srinuvasan A
 

From: Srinuvasan A <srinuvasan_a@...>

Uprevision the latest revision and tag.

Signed-off-by: Srinuvasan A <srinuvasan_a@...>
---
...fibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-bsp/efibootguard/{efibootguard_0.8-git+isar.bb => efibootguard_0.9-git+isar.bb} (95%)

diff --git a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
similarity index 95%
rename from recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
rename to recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
index ebd848d..2817e5b 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.9-git+isar.bb
@@ -22,7 +22,7 @@ SRC_URI = "git://github.com/siemens/efibootguard.git;branch=master;protocol=http

S = "${WORKDIR}/git"

-SRCREV = "ac1685aea75fb3e3d16c0c0e4f8261a2edb63536"
+SRCREV = "c01324d0da202727eb0744c0f67a78f9c9b65c46"

PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"
--
2.25.1


Re: Duplicate messages in archive

Neal Caidin
 

This should be fixed now. Please let me know if otherwise.

Thanks!

Neal

Neal Caidin
Program Manager, Program Management & Operations
The Linux Foundation
+1 (919) 238-9104 (w/h)
+1 (919) 949-1861 (m)




On Mon, Oct 4, 2021 at 8:13 AM Jan Kiszka <jan.kiszka@...> wrote:
Hi all,

did anyone already examined or reported that all messages to cip-dev now
seem to get archived twice on lore.kernel.org? See e.g.
https://lore.kernel.org/cip-dev/TYAPR01MB6252C6286EDCA87D7DB8B10892AE9@.../T/#t

They also appear twice via nntp, that's how I noticed, but are likely
not sent twice to subscribers.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux




Re: [isar-cip-dev] [PATCH] Update efibootguard to latest one

Quirin Gylstorff
 

On 10/14/21 11:27 AM, Srinuvasan A via lists.cip-project.org wrote:
From: Srinuvasan A <srinuvasan_a@...>
Update efibootguard to latest one.
Signed-off-by: Srinuvasan A <srinuvasan_a@...>
---
recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb b/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
index ebd848d..4e7b9b2 100644
--- a/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
+++ b/recipes-bsp/efibootguard/efibootguard_0.8-git+isar.bb
@@ -22,7 +22,7 @@ SRC_URI = "git://github.com/siemens/efibootguard.git;branch=master;protocol=http
S = "${WORKDIR}/git"
-SRCREV = "ac1685aea75fb3e3d16c0c0e4f8261a2edb63536"
+SRCREV = "66d78b8d96e80caaf20007f08b5ca720de628d49"

Why do you need to update to a non released version of efibootguard?

Until now we used only tag version in this recipe.

Quirin
PROVIDES = "${PN}"
PROVIDES += "${PN}-dev"


Re: New CVE entry this week

Pavel Machek
 

Hi!

* New CVEs

CVE-2021-0935: bug is in ipv6 and l2tp code.

This CVE addresses two commits, one in the ipv6 stack and the other in l2tp.
There is two introduced commits one is 85cb73f ("net: ipv6: reset
daddr and dport in sk if connect() fails") was merged in 4.12 and the
other commit 3557baa ("[L2TP]: PPP over L2TP driver core") was merged
in 2.6.23-rc1.

Fixed commits have been merged since 4.16-rc7 so 4.16 or later kernels
don't affect this vulnerability.

Commit 2f987a76("net: ipv6: keep sk status consistent after datagram
connect failure") fixes 85cb73f and commit b954f940("l2tp: fix races
with ipv4-mapped ipv6 addresses") fixes commit 3557baa.

To apply patches to 4.4, it needs to fix conflicts.

CVSS v3 score is not provided.

Fixed status

mainline: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/4.4: not fixed yet
Others are fixed, but this one may be worth watching. Fortunately it
is not remote attack, AFAICT.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


CIP IRC weekly meeting today on libera.chat

Jan Kiszka
 

Hi all,

Kindly be reminded to attend the weekly meeting through IRC to discuss
technical topics with CIP kernel today.

Please note that we moved from Freenode to libera.chat. Our channel is
the following:

irc:irc.libera.chat:6667/cip

Furthermore note that the IRC meeting is now scheduled to UTC (GMT) 13:00:

https://www.timeanddate.com/worldclock/meetingdetails.html?year=2021&month=10&day=14&hour=13&min=0&sec=0&p1=224&p2=179&p3=136&p4=37&p5=241&p6=248

USWest USEast UK DE TW JP
06:00 09:00 14:00 15:00 21:00 22:00

Last meeting minutes:

https://irclogs.baserock.org/meetings/cip/2021/10/cip.2021-10-07-13.01.log.html

* Action item
1. Combine root filesystem with kselftest binary - iwamatsu & alicef
2. Document new LAVA domains in wiki - patersonc
3. Look into S3 artifact upload issues - patersonc
* Kernel maintenance updates
* Kernel testing
* AOB

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


New CVE entry this week

Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 4 new CVEs.

* New CVEs

CVE-2021-0935: bug is in ipv6 and l2tp code.

This CVE addresses two commits, one in the ipv6 stack and the other in l2tp.
There is two introduced commits one is 85cb73f ("net: ipv6: reset
daddr and dport in sk if connect() fails") was merged in 4.12 and the
other commit 3557baa ("[L2TP]: PPP over L2TP driver core") was merged
in 2.6.23-rc1.

Fixed commits have been merged since 4.16-rc7 so 4.16 or later kernels
don't affect this vulnerability.

Commit 2f987a76("net: ipv6: keep sk status consistent after datagram
connect failure") fixes 85cb73f and commit b954f940("l2tp: fix races
with ipv4-mapped ipv6 addresses") fixes commit 3557baa.

To apply patches to 4.4, it needs to fix conflicts.

CVSS v3 score is not provided.

Fixed status

mainline: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/4.14: [a8f02befc87d6f1a882c9b14a31bcfa1fbd3d430,
b0850604cc5dac60754cc2fcdf7d2ca97a68a4dc]
stable/4.19: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/4.4: not fixed yet
stable/4.9: [c49f30b2979bfc8701620e598558f29a48e07234,
535ef684ec6079bccc2037c76bc607d29dca05dc]
stable/5.10: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]
stable/5.4: [2f987a76a97773beafbc615b9c4d8fe79129a7f4,
b954f94023dcc61388c8384f0f14eb8e42c863c5]

CVE-2021-0937: netfilter: x_tables: fix compat match/target pad
out-of-bound write

This vulnerability was introduced since 4.6.19-rc1 and fixed in
5.12-rc8. All stable kernels are already fixed.

CVSS v3 score is not provided.

Fixed status

mainline: [b29c457a6511435960115c0f548c4360d5f4801d]
stable/4.14: [522a0191944e3db9c30ade5fa6b6ec0d7c42f40d]
stable/4.19: [12ec80252edefff00809d473a47e5f89c7485499]
stable/4.4: [b0d98b2193a38ef93c92e5e1953d134d0f426531]
stable/4.9: [0c58c9f9c5c5326320bbe0429a0f45fc1b92024b]
stable/5.10: [1f3b9000cb44318b0de40a0f495a5a708cd9be6e]
stable/5.4: [cc59b872f2e1995b8cc819b9445c1198bfe83b2d]


CVE-2021-0938: compiler.h: fix barrier_data() on clang

This bug was introduced in 4.19-rc1 and fixed in 5.10-rc4. so all
stable kernels are fixed.
If kernel was built from clang, this bug will be affected.

CVSS v3 score is not provided.

Fixed status

mainline: [3347acc6fcd4ee71ad18a9ff9d9dac176b517329]
stable/4.14: not affect
stable/4.19: [b207caff4176e3a6ba273243da2db2e595e4aad2]
stable/4.4: not affect
stable/4.9: not affect
stable/5.10: not affect
stable/5.4: [c2c5dc84ac51da90cadcb12554c69bdd5ac7aeeb]

CVE-2021-0941: bpf: Remove MTU check in __bpf_skb_max_len

CVSS v3 score is not provided.

This bug is fixed in v5.12-rc1-dontuse. The kernel 4.4 doesn't contain
__bpf_skb_max_len() so 4.4 may not affect this vulnerability. The
__bpf_skb_max_len() was introduced since 4.13-rc1 commit
2be7e212("bpf: add bpf_skb_adjust_room helper
").

Fixed status.

mainline: [6306c1189e77a513bf02720450bb43bd4ba5d8ae]
stable/4.14: [64cf6c3156a5cbd9c29f54370b801b336d2f7894]
stable/4.19: [8c1a77ae15ce70a72f26f4bb83c50f769011220c]
stable/4.4: not affect
stable/4.9: [1636af9e8a8840f5696ad2c01130832411986af4]
stable/5.10: [fd38d4e6757b6b99f60314f67f44a286f0ab7fc0]
stable/5.4: [42c83e3bca434d9f63c58f9cbf2881e635679fee]

* Updated CVEs

CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3764: DoS in ccp_run_aes_gcm_cmd() function

CVE-2021-3744 and CVE-2021-3764 are fixed by commit 505d9dcb("crypto:
ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
"). Both vulnerabilities were in ccp_run_aes_gcm_cmd() which has been
introduced since 4.12-rc1. Therefore before 4.12 kernels aren't
affected this vulnerability.

Fixed status

mainline: [505d9dcb0f7ddf9d075e729523a33d38642ae680]
stable/4.14: [3707e37b3fcef4d5e9a81b9c2c48ba7248051c2a]
stable/4.19: [710be7c42d2f724869e5b18b21998ceddaffc4a9]
stable/4.4: not affect
stable/4.9: not affect
stable/5.10: [17ccc64e4fa5d3673528474bfeda814d95dc600a]
stable/5.14: [e450c422aa233e9f80515f2ee9164e33f158a472]
stable/5.4: [24f3d2609114f1e1f6b487b511ce5fa36f21e0ae]

CVE-2021-41864: bpf: Fix integer overflow in prealloc_elems_and_freelist()

This bug was introduced in 4.6-rc1 so that 4.4 isn't affected this bug.
4.19, 5.10, 5.14, and 5.4 have been fixed this week.
Patch to 4.14 can be applied by git am without any modification. Patch
to 4.9 can be applied by 3-way merge.

Fixed status

mainline: [30e29a9a2bc6a4888335a6ede968b75cd329657a]
stable/4.14: not fixed yet
stable/4.19: [078cdd572408176a3900a6eb5a403db0da22f8e0]
stable/4.4: not affect
stable/4.14: not fixed yet
stable/5.10: [064faa8e8a9b50f5010c5aa5740e06d477677a89]
stable/5.14: [3a1ac1e368bedae2777d9a7cfdc65df4859f7e71]
stable/5.4: [b14f28126c51533bb329379f65de5b0dd689b13a]

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2021-3640: UAF in sco_send_frame function

Fixed in bluetooth-next tree.

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/net/bluetooth/sco.c?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951

CVE-2020-26555: BR/EDR pin code pairing broken

No fix information

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.


Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...


Re: [isar-cip-core][PATCH v2 0/4] Use SWUpdate from salsa.debian.org

Jan Kiszka
 

On 13.10.21 15:40, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This patch series uses the source from sala.debian.org for the build of SWUpdate.

The build is patched to contain most of the previous build option from swupdate-config.bbclass.

The recipes support Debian Buster and Debian Bullseye.

Changes V2:
- Correct spacing and end of file
- rename recipe swupdate-handlers to swupdate-handler-roundrobin
- extend comment in recipe swupdate

Quirin Gylstorff (4):
swupdate: Move handler to own recipe
swupdate: Use dpkg-gbp build with salsa
swupdate-handler: Use same lua version as swupdate-debian-gbp
swupdate: remove version 2021.04+isar-git

classes/kconfig-snippets.bbclass | 90 -------------------
classes/swupdate-config.bbclass | 89 ------------------
kas/opt/swupdate.yml | 1 +
.../swupdate.handler.efibootguard.ini | 0
.../files/swupdate.handler.efibootguard.ini | 0
.../swupdate-handler-roundrobin_0.1.bb | 33 +++++++
...dd-option-to-build-with-efibootguard.patch | 39 ++++++++
.../0002-debian-rules-Add-CONFIG_MTD.patch | 27 ++++++
...-debian-config-Make-signing-optional.patch | 40 +++++++++
...onfig-Make-image-encryption-optional.patch | 40 +++++++++
...ules-Add-Embedded-Lua-handler-option.patch | 30 +++++++
...es-Add-option-to-disable-fs-creation.patch | 47 ++++++++++
...ules-Add-option-to-disable-webserver.patch | 42 +++++++++
...Make-CONFIG_HW_COMPATIBILTY-optional.patch | 40 +++++++++
...ules-Add-Embedded-Lua-handler-option.patch | 30 +++++++
...prepare-build-for-isar-debian-buster.patch | 72 +++++++++++++++
.../swupdate/files/debian/changelog.tmpl | 6 --
recipes-core/swupdate/files/debian/compat | 1 -
.../swupdate/files/debian/control.tmpl | 15 ----
recipes-core/swupdate/files/debian/copyright | 36 --------
recipes-core/swupdate/files/debian/rules.tmpl | 31 -------
.../swupdate/files/debian/swupdate.examples | 2 -
.../swupdate/files/debian/swupdate.install | 2 -
.../swupdate/files/debian/swupdate.manpages | 5 --
.../swupdate/files/debian/swupdate.tmpfile | 2 -
recipes-core/swupdate/files/debian/watch | 12 ---
recipes-core/swupdate/files/postinst | 2 -
recipes-core/swupdate/files/swupdate.cfg | 6 --
.../swupdate/files/swupdate.service.example | 11 ---
.../swupdate/files/swupdate.socket.example | 11 ---
.../swupdate/files/swupdate.socket.tmpl | 13 ---
.../swupdate/files/swupdate_defconfig | 83 -----------------
.../swupdate_defconfig_efibootguard.snippet | 3 -
.../files/swupdate_defconfig_lua.snippet | 2 -
.../swupdate_defconfig_luahandler.snippet | 4 -
.../files/swupdate_defconfig_mtd.snippet | 1 -
.../files/swupdate_defconfig_u-boot.snippet | 3 -
.../files/swupdate_defconfig_ubi.snippet | 6 --
recipes-core/swupdate/swupdate.bb | 61 -------------
recipes-core/swupdate/swupdate.inc | 53 +++++++++++
.../swupdate/swupdate_2021.04-1+debian-gbp.bb | 48 ++++++++++
41 files changed, 542 insertions(+), 497 deletions(-)
delete mode 100644 classes/kconfig-snippets.bbclass
delete mode 100644 classes/swupdate-config.bbclass
rename recipes-core/{swupdate => swupdate-handler-roundrobin}/files/secureboot/swupdate.handler.efibootguard.ini (100%)
rename recipes-core/{swupdate => swupdate-handler-roundrobin}/files/swupdate.handler.efibootguard.ini (100%)
create mode 100644 recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
create mode 100644 recipes-core/swupdate/files/0001-debian-Add-option-to-build-with-efibootguard.patch
create mode 100644 recipes-core/swupdate/files/0002-debian-rules-Add-CONFIG_MTD.patch
create mode 100644 recipes-core/swupdate/files/0003-debian-config-Make-signing-optional.patch
create mode 100644 recipes-core/swupdate/files/0004-debian-config-Make-image-encryption-optional.patch
create mode 100644 recipes-core/swupdate/files/0005-debian-rules-Add-Embedded-Lua-handler-option.patch
create mode 100644 recipes-core/swupdate/files/0005-debian-rules-Add-option-to-disable-fs-creation.patch
create mode 100644 recipes-core/swupdate/files/0006-debian-rules-Add-option-to-disable-webserver.patch
create mode 100644 recipes-core/swupdate/files/0007-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch
create mode 100644 recipes-core/swupdate/files/0008-debian-rules-Add-Embedded-Lua-handler-option.patch
create mode 100644 recipes-core/swupdate/files/0009-debian-prepare-build-for-isar-debian-buster.patch
delete mode 100644 recipes-core/swupdate/files/debian/changelog.tmpl
delete mode 100644 recipes-core/swupdate/files/debian/compat
delete mode 100644 recipes-core/swupdate/files/debian/control.tmpl
delete mode 100644 recipes-core/swupdate/files/debian/copyright
delete mode 100755 recipes-core/swupdate/files/debian/rules.tmpl
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.examples
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.install
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.manpages
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.tmpfile
delete mode 100644 recipes-core/swupdate/files/debian/watch
delete mode 100644 recipes-core/swupdate/files/postinst
delete mode 100644 recipes-core/swupdate/files/swupdate.cfg
delete mode 100644 recipes-core/swupdate/files/swupdate.service.example
delete mode 100644 recipes-core/swupdate/files/swupdate.socket.example
delete mode 100644 recipes-core/swupdate/files/swupdate.socket.tmpl
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_lua.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet
delete mode 100644 recipes-core/swupdate/swupdate.bb
create mode 100644 recipes-core/swupdate/swupdate.inc
create mode 100644 recipes-core/swupdate/swupdate_2021.04-1+debian-gbp.bb
Thanks, applied.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][PATCH v2 1/4] swupdate: Move handler to own recipe

Jan Kiszka
 

On 13.10.21 16:01, Gylstorff Quirin wrote:


On 10/13/21 3:47 PM, Jan Kiszka wrote:
Plural or singular? Can a generic swupdate-handler package container
multiple handlers? Or will it only ever provide a single handler? In the
latter case, make this "swupdate-handler" as well.
An handler package could contain multiple handlers. Currently we have
only swupdate-handler-roundrobin.
Ok, thanks for clarifying.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


Re: [isar-cip-core][PATCH v2 1/4] swupdate: Move handler to own recipe

Quirin Gylstorff
 

On 10/13/21 3:47 PM, Jan Kiszka wrote:
Plural or singular? Can a generic swupdate-handler package container
multiple handlers? Or will it only ever provide a single handler? In the
latter case, make this "swupdate-handler" as well.
An handler package could contain multiple handlers. Currently we have only swupdate-handler-roundrobin.

Quirin


Re: [isar-cip-core][PATCH v2 1/4] swupdate: Move handler to own recipe

Jan Kiszka
 

On 13.10.21 15:40, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

Split the SWUpdate lua handler into a seperate recipe in
preparation for using the Debian provided SWUpdate package.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
classes/swupdate-config.bbclass | 8 -----
kas/opt/swupdate.yml | 1 +
.../swupdate.handler.efibootguard.ini | 0
.../files/swupdate.handler.efibootguard.ini | 0
.../swupdate-handler-roundrobin_0.1.bb | 32 +++++++++++++++++++
recipes-core/swupdate/swupdate.bb | 13 --------
6 files changed, 33 insertions(+), 21 deletions(-)
rename recipes-core/{swupdate => swupdate-handler-roundrobin}/files/secureboot/swupdate.handler.efibootguard.ini (100%)
rename recipes-core/{swupdate => swupdate-handler-roundrobin}/files/swupdate.handler.efibootguard.ini (100%)
create mode 100644 recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb

diff --git a/classes/swupdate-config.bbclass b/classes/swupdate-config.bbclass
index e4879c7..1d57ce1 100644
--- a/classes/swupdate-config.bbclass
+++ b/classes/swupdate-config.bbclass
@@ -17,14 +17,6 @@ BUILD_DEB_DEPENDS = " \
zlib1g-dev, debhelper, libconfig-dev, libarchive-dev, \
python-sphinx:native, dh-systemd, libsystemd-dev, libssl-dev, pkg-config"

-SRC_URI += " ${@ 'git://gitlab.com/cip-project/cip-sw-updates/swupdate-handler-roundrobin.git;protocol=https;destsuffix=swupdate-handler-roundrobin;name=swupdate-handler-roundrobin;nobranch=1' \
- if d.getVar('SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO') == '1' else '' \
- }"
-SRCREV_swupdate-handler-roundrobin ?= "6f561f136fdbe51d2e9066b934dfcb06b94c6624"
-
-SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO ?= "1"
-SWUPDATE_LUASCRIPT ?= "swupdate-handler-roundrobin/swupdate_handlers_roundrobin.lua"
-
KFEATURE_lua = ""
KFEATURE_lua[BUILD_DEB_DEPENDS] = "liblua5.3-dev"
KFEATURE_lua[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_lua.snippet"
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index bd0f6e4..974eacb 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -17,6 +17,7 @@ header:
local_conf_header:
swupdate: |
IMAGE_INSTALL_append = " swupdate"
+ IMAGE_INSTALL_append = " swupdate-handler-roundrobin"

wic-swu: |
IMAGE_TYPE = "wic-swu-img"
diff --git a/recipes-core/swupdate/files/secureboot/swupdate.handler.efibootguard.ini b/recipes-core/swupdate-handler-roundrobin/files/secureboot/swupdate.handler.efibootguard.ini
similarity index 100%
rename from recipes-core/swupdate/files/secureboot/swupdate.handler.efibootguard.ini
rename to recipes-core/swupdate-handler-roundrobin/files/secureboot/swupdate.handler.efibootguard.ini
diff --git a/recipes-core/swupdate/files/swupdate.handler.efibootguard.ini b/recipes-core/swupdate-handler-roundrobin/files/swupdate.handler.efibootguard.ini
similarity index 100%
rename from recipes-core/swupdate/files/swupdate.handler.efibootguard.ini
rename to recipes-core/swupdate-handler-roundrobin/files/swupdate.handler.efibootguard.ini
diff --git a/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
new file mode 100644
index 0000000..b9ccec2
--- /dev/null
+++ b/recipes-core/swupdate-handler-roundrobin/swupdate-handler-roundrobin_0.1.bb
@@ -0,0 +1,32 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@...>
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg-raw
+
+PROVIDES = "swupdate-handlers"
Plural or singular? Can a generic swupdate-handler package container
multiple handlers? Or will it only ever provide a single handler? In the
latter case, make this "swupdate-handler" as well.

Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


[isar-cip-core][PATCH v2 4/4] swupdate: remove version 2021.04+isar-git

Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

This version is replace by 2021.04-1+debian-gbp.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
classes/kconfig-snippets.bbclass | 90 -------------------
classes/swupdate-config.bbclass | 81 -----------------
conf/distro/cip-core-bullseye.conf | 1 -
conf/distro/cip-core-buster.conf | 1 -
.../swupdate/files/debian/changelog.tmpl | 6 --
recipes-core/swupdate/files/debian/compat | 1 -
.../swupdate/files/debian/control.tmpl | 15 ----
recipes-core/swupdate/files/debian/copyright | 36 --------
recipes-core/swupdate/files/debian/rules.tmpl | 31 -------
.../swupdate/files/debian/swupdate.examples | 2 -
.../swupdate/files/debian/swupdate.install | 2 -
.../swupdate/files/debian/swupdate.manpages | 5 --
.../swupdate/files/debian/swupdate.tmpfile | 2 -
recipes-core/swupdate/files/debian/watch | 12 ---
recipes-core/swupdate/files/postinst | 2 -
recipes-core/swupdate/files/swupdate.cfg | 6 --
.../swupdate/files/swupdate.service.example | 11 ---
.../swupdate/files/swupdate.socket.example | 11 ---
.../swupdate/files/swupdate.socket.tmpl | 13 ---
.../swupdate/files/swupdate_defconfig | 83 -----------------
.../swupdate_defconfig_efibootguard.snippet | 3 -
.../files/swupdate_defconfig_lua.snippet | 2 -
.../swupdate_defconfig_luahandler.snippet | 4 -
.../files/swupdate_defconfig_mtd.snippet | 1 -
.../files/swupdate_defconfig_u-boot.snippet | 3 -
.../files/swupdate_defconfig_ubi.snippet | 6 --
recipes-core/swupdate/swupdate.bb | 48 ----------
27 files changed, 478 deletions(-)
delete mode 100644 classes/kconfig-snippets.bbclass
delete mode 100644 classes/swupdate-config.bbclass
delete mode 100644 recipes-core/swupdate/files/debian/changelog.tmpl
delete mode 100644 recipes-core/swupdate/files/debian/compat
delete mode 100644 recipes-core/swupdate/files/debian/control.tmpl
delete mode 100644 recipes-core/swupdate/files/debian/copyright
delete mode 100755 recipes-core/swupdate/files/debian/rules.tmpl
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.examples
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.install
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.manpages
delete mode 100644 recipes-core/swupdate/files/debian/swupdate.tmpfile
delete mode 100644 recipes-core/swupdate/files/debian/watch
delete mode 100644 recipes-core/swupdate/files/postinst
delete mode 100644 recipes-core/swupdate/files/swupdate.cfg
delete mode 100644 recipes-core/swupdate/files/swupdate.service.example
delete mode 100644 recipes-core/swupdate/files/swupdate.socket.example
delete mode 100644 recipes-core/swupdate/files/swupdate.socket.tmpl
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_lua.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet
delete mode 100644 recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet
delete mode 100644 recipes-core/swupdate/swupdate.bb

diff --git a/classes/kconfig-snippets.bbclass b/classes/kconfig-snippets.bbclass
deleted file mode 100644
index d754654..0000000
--- a/classes/kconfig-snippets.bbclass
+++ /dev/null
@@ -1,90 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2020
-#
-# Authors:
-# Christian Storm <christian.storm@...>
-#
-# SPDX-License-Identifier: MIT
-
-KCONFIG_SNIPPETS = ""
-
-# The following function defines the kconfig snippet system
-# with automatich debian dependency injection
-#
-# To define a feature set, the user has to define the following
-# variable to an empty string:
-#
-# KFEATURE_featurename = ""
-#
-# Then, required additions to the variables can be defined:
-#
-# KFEATURE_featurename[KCONFIG_SNIPPETS] = "file://snippet-file-name.snippet"
-# KFEATURE_featurename[SRC_URI] = "file://required-file.txt"
-# KFEATURE_featurename[DEPENDS] = "deb-pkg1 deb-pkg2 deb-pkg3"
-# KFEATURE_featurename[DEBIAN_DEPENDS] = "deb-pkg1"
-# KFEATURE_featurename[BUILD_DEB_DEPENDS] = "deb-pkg1,deb-pkg2,deb-pkg3"
-
-# The 'KCONFIG_SNIPPETS' flag gives a list of URI entries, where only
-# file:// is supported. These snippets are appended to the DEFCONFIG file.
-#
-# Features can depend on other features via the following mechanism:
-#
-# KFEATURE_DEPS[feature1] = "feature2"
-
-python () {
- requested_features = d.getVar("KFEATURES", True) or ""
-
- features = set(requested_features.split())
- old_features = set()
- feature_deps = d.getVarFlags("KFEATURE_DEPS") or {}
- while old_features != features:
- diff_features = old_features.symmetric_difference(features)
- old_features = features.copy()
- for i in diff_features:
- features.update(feature_deps.get(i, "").split())
-
- for f in sorted(features):
- bb.debug(2, "Feature: " + f)
- varname = "KFEATURE_" + f
- dummyvar = d.getVar(varname, False)
- if dummyvar == None:
- bb.error("Feature var " + f + " must be defined with needed flags.")
- else:
- feature_flags = d.getVarFlags(varname)
- for feature_varname in sorted(feature_flags):
- if feature_flags.get(feature_varname, "") != "":
- sep = " "
-
- # Required to add KCONFIG_SNIPPETS to SRC_URI here,
- # because 'SRC_URI += "${KCONFIG_SNIPPETS}"' would
- # conflict with SRC_APT feature.
- if feature_varname == "KCONFIG_SNIPPETS":
- d.appendVar('SRC_URI',
- " " + feature_flags[feature_varname].strip())
-
- # BUILD_DEP_DEPENDS and DEBIAN_DEPENDS is ',' separated
- # Only add ',' if there is already something there
- if feature_varname in ["BUILD_DEB_DEPENDS",
- "DEBIAN_DEPENDS"]:
- sep = "," if d.getVar(feature_varname) else ""
-
- d.appendVar(feature_varname,
- sep + feature_flags[feature_varname].strip())
-}
-
-# DEFCONFIG must be a predefined bitbake variable and the corresponding file
-# must exist in the WORKDIR.
-# The resulting generated config is the same file suffixed with ".gen"
-
-do_prepare_build_prepend() {
- sh -x
- GENCONFIG="${WORKDIR}/${DEFCONFIG}".gen
- rm -f "$GENCONFIG"
- cp "${WORKDIR}/${DEFCONFIG}" "$GENCONFIG"
- for CONFIG_SNIPPET in $(echo "${KCONFIG_SNIPPETS}" | sed 's#file://##g')
- do
- cat ${WORKDIR}/$CONFIG_SNIPPET >> "$GENCONFIG"
- done
-}
diff --git a/classes/swupdate-config.bbclass b/classes/swupdate-config.bbclass
deleted file mode 100644
index 1d57ce1..0000000
--- a/classes/swupdate-config.bbclass
+++ /dev/null
@@ -1,81 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2020
-#
-# Authors:
-# Christian Storm <christian.storm@...>
-#
-# SPDX-License-Identifier: MIT
-
-# This class manages the config snippets together with their dependencies
-# to build SWUpdate
-
-inherit kconfig-snippets
-
-BUILD_DEB_DEPENDS = " \
- zlib1g-dev, debhelper, libconfig-dev, libarchive-dev, \
- python-sphinx:native, dh-systemd, libsystemd-dev, libssl-dev, pkg-config"
-
-KFEATURE_lua = ""
-KFEATURE_lua[BUILD_DEB_DEPENDS] = "liblua5.3-dev"
-KFEATURE_lua[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_lua.snippet"
-
-KFEATURE_luahandler = ""
-KFEATURE_luahandler[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_luahandler.snippet"
-KFEATURE_luahandler[SRC_URI] = "${@ 'file://${SWUPDATE_LUASCRIPT}' \
- if d.getVar('SWUPDATE_USE_ROUND_ROBIN_HANDLER_REPO') == '0' else '' }"
-KFEATURE_DEPS = ""
-KFEATURE_DEPS[luahandler] = "lua"
-
-KFEATURE_efibootguard = ""
-KFEATURE_efibootguard[BUILD_DEB_DEPENDS] = "efibootguard-dev"
-KFEATURE_efibootguard[DEBIAN_DEPENDS] = ""
-KFEATURE_efibootguard[DEPENDS] = "efibootguard-dev"
-KFEATURE_efibootguard[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_efibootguard.snippet"
-
-KFEATURE_mtd = ""
-KFEATURE_mtd[BUILD_DEB_DEPENDS] = "libmtd-dev"
-KFEATURE_mtd[DEPENDS] = "mtd-utils"
-KFEATURE_mtd[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_mtd.snippet"
-
-KFEATURE_ubi = ""
-KFEATURE_ubi[BUILD_DEB_DEPENDS] = "libubi-dev"
-KFEATURE_ubi[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_ubi.snippet"
-
-KFEATURE_DEPS[ubi] = "mtd"
-
-KFEATURE_u-boot = ""
-KFEATURE_u-boot[BUILD_DEB_DEPENDS] = "libubootenv-dev"
-# we need u-boot-${MACHINE}-config for fw_env.config
-# only custom build u-boot provides this package
-# for u-boot provided by debian u-boot-tools provides
-# example configurations at /usr/share/doc/u-boot-tools/examples
-KFEATURE_u-boot[DEBIAN_DEPENDS] = "${@ 'libubootenv0.1, u-boot-${MACHINE}-config' \
- if d.getVar("U_BOOT_CONFIG_PACKAGE", True) == "1" \
- else 'libubootenv0.1'}"
-KFEATURE_u-boot[DEPENDS] = "${@ 'libubootenv u-boot-${MACHINE}-config' \
- if d.getVar("U_BOOT_CONFIG_PACKAGE", True) == "1" \
- else 'libubootenv'}"
-KFEATURE_u-boot[KCONFIG_SNIPPETS] = "file://swupdate_defconfig_u-boot.snippet"
-
-def get_bootloader_featureset(d):
- bootloader = d.getVar("SWUPDATE_BOOTLOADER", True) or ""
- if bootloader == "efibootguard":
- return "efibootguard"
- if bootloader == "u-boot":
- return "u-boot"
- return ""
-
-SWUPDATE_KFEATURES ??= ""
-KFEATURES = "${SWUPDATE_KFEATURES}"
-KFEATURES += "${@get_bootloader_featureset(d)}"
-
-# Astonishingly, as an anonymous python function, SWUPDATE_BOOTLOADER is always None
-# one time before it gets set. So the following must be a task.
-python do_check_bootloader () {
- bootloader = d.getVar("SWUPDATE_BOOTLOADER", True) or "None"
- if not bootloader in ["efibootguard", "u-boot"]:
- bb.warn("swupdate: SWUPDATE_BOOTLOADER set to incompatible value: " + bootloader)
-}
-addtask check_bootloader before do_fetch
diff --git a/conf/distro/cip-core-bullseye.conf b/conf/distro/cip-core-bullseye.conf
index 9357b6c..38014b4 100644
--- a/conf/distro/cip-core-bullseye.conf
+++ b/conf/distro/cip-core-bullseye.conf
@@ -14,4 +14,3 @@ require cip-core-common.inc

PREFERRED_VERSION_linux-cip ?= "4.19.%"
PREFERRED_VERSION_linux-cip-rt ?= "4.19.%"
-PREFERRED_VERSION_swupdate ?= "2021.04-1+debian-gbp"
diff --git a/conf/distro/cip-core-buster.conf b/conf/distro/cip-core-buster.conf
index 61fcb41..c5cb39c 100644
--- a/conf/distro/cip-core-buster.conf
+++ b/conf/distro/cip-core-buster.conf
@@ -14,4 +14,3 @@ require cip-core-common.inc

PREFERRED_VERSION_linux-cip ?= "4.19.%"
PREFERRED_VERSION_linux-cip-rt ?= "4.19.%"
-PREFERRED_VERSION_swupdate ?= "2021.4-git+isar"
diff --git a/recipes-core/swupdate/files/debian/changelog.tmpl b/recipes-core/swupdate/files/debian/changelog.tmpl
deleted file mode 100644
index 81087d3..0000000
--- a/recipes-core/swupdate/files/debian/changelog.tmpl
+++ /dev/null
@@ -1,6 +0,0 @@
-swupdate (${PV}) unstable; urgency=medium
-
- * SWUpdate
-
- -- Christian Storm <christian.storm@...> Thu, 31 Jan 2019 15:23:56 +0100
-
diff --git a/recipes-core/swupdate/files/debian/compat b/recipes-core/swupdate/files/debian/compat
deleted file mode 100644
index b4de394..0000000
--- a/recipes-core/swupdate/files/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-11
diff --git a/recipes-core/swupdate/files/debian/control.tmpl b/recipes-core/swupdate/files/debian/control.tmpl
deleted file mode 100644
index 2b92850..0000000
--- a/recipes-core/swupdate/files/debian/control.tmpl
+++ /dev/null
@@ -1,15 +0,0 @@
-Source: swupdate
-Section: embedded
-Priority: optional
-Maintainer: Stefano Babic <sbabic@...>
-Build-Depends: ${BUILD_DEB_DEPENDS}
-Standards-Version: 4.2.1
-Homepage: http://sbabic.github.io/swupdate
-
-Package: swupdate
-Architecture: any
-Depends: ${DEBIAN_DEPENDS}
-Description: reliable way to update an embedded system
- This project is thought to help to update an embedded system from a storage media or from network.
- However, it should be mainly considered as a framework, where further protocols or installers
- (in SWUpdate they are called handlers) can be easily added to the application.
diff --git a/recipes-core/swupdate/files/debian/copyright b/recipes-core/swupdate/files/debian/copyright
deleted file mode 100644
index f920942..0000000
--- a/recipes-core/swupdate/files/debian/copyright
+++ /dev/null
@@ -1,36 +0,0 @@
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: swupdate
-Maintainer: Stefano Babic <sbabic@...>
-Source: http://github.com/sbabic/swupdate
-
-Files: *
-Copyright: 2014-2017 Stefano Babic <sbabic@...>
-
-License: GPL-2 with OpenSSL exception
- This package is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
- .
- In addition, as a special exception, the author of this
- program gives permission to link the code of its
- release with the OpenSSL project's "OpenSSL" library (or
- with modified versions of it that use the same license as
- the "OpenSSL" library), and distribute the linked
- executables. You must obey the GNU General Public
- License in all respects for all of the code used other
- than "OpenSSL". If you modify this file, you may extend
- this exception to your version of the file, but you are
- not obligated to do so. If you do not wish to do so,
- delete this exception statement from your version.
- .
- This package is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- .
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <https://www.gnu.org/licenses/>
- .
- On Debian systems, the complete text of the GNU General
- Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
diff --git a/recipes-core/swupdate/files/debian/rules.tmpl b/recipes-core/swupdate/files/debian/rules.tmpl
deleted file mode 100755
index ec83a88..0000000
--- a/recipes-core/swupdate/files/debian/rules.tmpl
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/make -f
-
-ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
-export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
-export PKG_CONFIG_PATH=/usr/lib/$(DEB_HOST_GNU_TYPE)/pkgconfig
-export CC=$(DEB_HOST_GNU_TYPE)-gcc
-export LD=$(DEB_HOST_GNU_TYPE)-gcc
-endif
-
-export DH_VERBOSE = 1
-
-export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
-
-documentation: configure
- make man
-
-configure:
- make ${DEFCONFIG}
-
-build: documentation configure
- dh $@
-
-%:
- echo $@
- dh $@
-
-override_dh_installchangelogs:
- true
-
-override_dh_installdocs:
- true
diff --git a/recipes-core/swupdate/files/debian/swupdate.examples b/recipes-core/swupdate/files/debian/swupdate.examples
deleted file mode 100644
index c257b75..0000000
--- a/recipes-core/swupdate/files/debian/swupdate.examples
+++ /dev/null
@@ -1,2 +0,0 @@
-examples/configuration
-examples/description
diff --git a/recipes-core/swupdate/files/debian/swupdate.install b/recipes-core/swupdate/files/debian/swupdate.install
deleted file mode 100644
index 8957cc6..0000000
--- a/recipes-core/swupdate/files/debian/swupdate.install
+++ /dev/null
@@ -1,2 +0,0 @@
-swupdate usr/bin
-swupdate.cfg /etc
diff --git a/recipes-core/swupdate/files/debian/swupdate.manpages b/recipes-core/swupdate/files/debian/swupdate.manpages
deleted file mode 100644
index c3438e0..0000000
--- a/recipes-core/swupdate/files/debian/swupdate.manpages
+++ /dev/null
@@ -1,5 +0,0 @@
-doc/build/man/swupdate.1
-doc/build/man/client.1
-doc/build/man/sendtohawkbit.1
-doc/build/man/hawkbitcfg.1
-doc/build/man/progress.1
diff --git a/recipes-core/swupdate/files/debian/swupdate.tmpfile b/recipes-core/swupdate/files/debian/swupdate.tmpfile
deleted file mode 100644
index 4743672..0000000
--- a/recipes-core/swupdate/files/debian/swupdate.tmpfile
+++ /dev/null
@@ -1,2 +0,0 @@
-X /tmp/datadst
-X /tmp/scripts
diff --git a/recipes-core/swupdate/files/debian/watch b/recipes-core/swupdate/files/debian/watch
deleted file mode 100644
index bc4c53e..0000000
--- a/recipes-core/swupdate/files/debian/watch
+++ /dev/null
@@ -1,12 +0,0 @@
-# Example watch control file for uscan
-# Rename this file to "watch" and then you can run the "uscan" command
-# to check for upstream updates and more.
-# See uscan(1) for format
-
-# Compulsory line, this is a version 4 file
-version=4
-
-# GitHub hosted projects
-opts="filenamemangle="s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \
- https://github.com/<user>/swupdate/tags \
- (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
diff --git a/recipes-core/swupdate/files/postinst b/recipes-core/swupdate/files/postinst
deleted file mode 100644
index f15ac10..0000000
--- a/recipes-core/swupdate/files/postinst
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-deb-systemd-helper enable swupdate.socket || true
diff --git a/recipes-core/swupdate/files/swupdate.cfg b/recipes-core/swupdate/files/swupdate.cfg
deleted file mode 100644
index e0222f1..0000000
--- a/recipes-core/swupdate/files/swupdate.cfg
+++ /dev/null
@@ -1,6 +0,0 @@
-globals :
-{
- verbose = true;
- loglevel = 10;
- syslog = false;
-};
diff --git a/recipes-core/swupdate/files/swupdate.service.example b/recipes-core/swupdate/files/swupdate.service.example
deleted file mode 100644
index d0b821e..0000000
--- a/recipes-core/swupdate/files/swupdate.service.example
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=SWUpdate daemon
-Documentation=https://github.com/sbabic/swupdate
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/swupdate -f /etc/swupdate.cfg
-KillMode=mixed
-
-[Install]
-WantedBy=multi-user.target
diff --git a/recipes-core/swupdate/files/swupdate.socket.example b/recipes-core/swupdate/files/swupdate.socket.example
deleted file mode 100644
index 2b75671..0000000
--- a/recipes-core/swupdate/files/swupdate.socket.example
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=SWUpdate socket listener
-Documentation=https://github.com/sbabic/swupdate
-Documentation=https://sbabic.github.io/swupdate
-
-[Socket]
-ListenStream=/tmp/sockinstctrl
-ListenStream=/tmp/swupdateprog
-
-[Install]
-WantedBy=sockets.target
diff --git a/recipes-core/swupdate/files/swupdate.socket.tmpl b/recipes-core/swupdate/files/swupdate.socket.tmpl
deleted file mode 100644
index 8e7fc1d..0000000
--- a/recipes-core/swupdate/files/swupdate.socket.tmpl
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=SWUpdate socket listener
-Documentation=https://github.com/sbabic/swupdate
-Documentation=https://sbabic.github.io/swupdate
-
-[Socket]
-SocketUser=${SWUPDATE_SOCKET_OWNER}
-SocketGroup=root
-ListenStream=/tmp/sockinstctrl
-ListenStream=/tmp/swupdateprog
-
-[Install]
-WantedBy=sockets.target
diff --git a/recipes-core/swupdate/files/swupdate_defconfig b/recipes-core/swupdate/files/swupdate_defconfig
deleted file mode 100644
index 9ae7cb5..0000000
--- a/recipes-core/swupdate/files/swupdate_defconfig
+++ /dev/null
@@ -1,83 +0,0 @@
-#
-# Automatically generated file; DO NOT EDIT.
-# Swupdate Configuration
-#
-CONFIG_HAVE_DOT_CONFIG=y
-
-#
-# Swupdate Settings
-#
-
-#
-# General Configuration
-#
-# CONFIG_CURL is not set
-# CONFIG_CURL_SSL is not set
-CONFIG_SYSTEMD=y
-CONFIG_SCRIPTS=y
-# CONFIG_HW_COMPATIBILITY is not set
-CONFIG_SW_VERSIONS_FILE="/etc/sw-versions"
-
-#
-# Socket Paths
-#
-CONFIG_SOCKET_CTRL_PATH="/tmp/sockinstctrl"
-CONFIG_SOCKET_PROGRESS_PATH="/tmp/swupdateprog"
-CONFIG_SOCKET_REMOTE_HANDLER_DIRECTORY="/tmp/"
-# CONFIG_MTD is not set
-# CONFIG_LUA is not set
-# CONFIG_LUAPKG is not set
-# CONFIG_FEATURE_SYSLOG is not set
-
-#
-# Build Options
-#
-CONFIG_CROSS_COMPILE=""
-CONFIG_SYSROOT=""
-CONFIG_EXTRA_CFLAGS=""
-CONFIG_EXTRA_LDFLAGS=""
-CONFIG_EXTRA_LDLIBS=""
-
-#
-# Debugging Options
-#
-# CONFIG_DEBUG is not set
-# CONFIG_WERROR is not set
-# CONFIG_NOCLEANUP is not set
-# CONFIG_BOOTLOADER_EBG is not set
-# CONFIG_UBOOT is not set
-# CONFIG_BOOTLOADER_NONE is not set
-# CONFIG_BOOTLOADER_GRUB is not set
-# CONFIG_DOWNLOAD is not set
-# CONFIG_DOWNLOAD_SSL is not set
-# CONFIG_CHANNEL_CURL is not set
-# CONFIG_HASH_VERIFY=y
-# CONFIG_SIGNED_IMAGES is not set
-# CONFIG_ENCRYPTED_IMAGES is not set
-# CONFIG_SURICATTA is not set
-# CONFIG_WEBSERVER is not set
-CONFIG_GUNZIP=y
-
-#
-# Parser Features
-#
-CONFIG_LIBCONFIG=y
-CONFIG_PARSERROOT=""
-# CONFIG_JSON is not set
-# CONFIG_LUAEXTERNAL is not set
-# CONFIG_SETEXTPARSERNAME is not set
-# CONFIG_SETSWDESCRIPTION is not set
-
-#
-# Image Handlers
-#
-CONFIG_RAW=y
-# CONFIG_LUASCRIPTHANDLER is not set
-# CONFIG_SHELLSCRIPTHANDLER is not set
-# CONFIG_HANDLER_IN_LUA is not set
-# CONFIG_EMBEDDED_LUA_HANDLER is not set
-# CONFIG_EMBEDDED_LUA_HANDLER_SOURCE is not set
-CONFIG_ARCHIVE=y
-# CONFIG_REMOTE_HANDLER is not set
-# CONFIG_SWUFORWARDER_HANDLER is not set
-# CONFIG_BOOTLOADERHANDLER is not set
diff --git a/recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet b/recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet
deleted file mode 100644
index 8e3688c..0000000
--- a/recipes-core/swupdate/files/swupdate_defconfig_efibootguard.snippet
+++ /dev/null
@@ -1,3 +0,0 @@
-CONFIG_BOOTLOADER_NONE=n
-CONFIG_BOOTLOADER_EBG=y
-CONFIG_BOOTLOADERHANDLER=y
diff --git a/recipes-core/swupdate/files/swupdate_defconfig_lua.snippet b/recipes-core/swupdate/files/swupdate_defconfig_lua.snippet
deleted file mode 100644
index b39f9df..0000000
--- a/recipes-core/swupdate/files/swupdate_defconfig_lua.snippet
+++ /dev/null
@@ -1,2 +0,0 @@
-CONFIG_LUA=y
-CONFIG_LUAPKG="lua53"
diff --git a/recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet b/recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet
deleted file mode 100644
index b4a2de8..0000000
--- a/recipes-core/swupdate/files/swupdate_defconfig_luahandler.snippet
+++ /dev/null
@@ -1,4 +0,0 @@
-CONFIG_LUASCRIPTHANDLER=y
-CONFIG_HANDLER_IN_LUA=y
-CONFIG_EMBEDDED_LUA_HANDLER=y
-CONFIG_EMBEDDED_LUA_HANDLER_SOURCE="swupdate_handlers.lua"
diff --git a/recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet b/recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet
deleted file mode 100644
index eab98dd..0000000
--- a/recipes-core/swupdate/files/swupdate_defconfig_mtd.snippet
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_MTD=y
diff --git a/recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet b/recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet
deleted file mode 100644
index 6b5832a..0000000
--- a/recipes-core/swupdate/files/swupdate_defconfig_u-boot.snippet
+++ /dev/null
@@ -1,3 +0,0 @@
-CONFIG_UBOOT=y
-CONFIG_UBOOT_FWENV="/etc/fw_env.config"
-CONFIG_BOOTLOADERHANDLER=y
diff --git a/recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet b/recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet
deleted file mode 100644
index d1c7732..0000000
--- a/recipes-core/swupdate/files/swupdate_defconfig_ubi.snippet
+++ /dev/null
@@ -1,6 +0,0 @@
-CONFIG_UBIVOL=y
-CONFIG_UBIATTACH=y
-CONFIG_UBIBLACKLIST=""
-CONFIG_UBIWHITELIST=""
-CONFIG_UBIVIDOFFSET=0
-CONFIG_CFI=y
diff --git a/recipes-core/swupdate/swupdate.bb b/recipes-core/swupdate/swupdate.bb
deleted file mode 100644
index a29a797..0000000
--- a/recipes-core/swupdate/swupdate.bb
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2020
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@...>
-#
-# SPDX-License-Identifier: MIT
-
-DESCRIPTION = "swupdate utility for software updates"
-HOMEPAGE= "https://github.com/sbabic/swupdate"
-LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://${LAYERDIR_isar}/licenses/COPYING.GPLv2;md5=751419260aa954499f7abaabaa882bbe"
-
-SRC_URI = "git://github.com/sbabic/swupdate.git;branch=master;protocol=https"
-
-SRCREV = "47a1246435fdb78fba15cc969596994130412956"
-PV = "2021.4-git+isar"
-
-DEFCONFIG := "swupdate_defconfig"
-
-SRC_URI += "file://debian \
- file://${DEFCONFIG} \
- file://${PN}.cfg"
-
-DEBIAN_DEPENDS = "${shlibs:Depends}, ${misc:Depends}"
-
-inherit dpkg
-inherit swupdate-config
-
-KFEATURES += "luahandler"
-
-S = "${WORKDIR}/git"
-
-TEMPLATE_FILES = "debian/changelog.tmpl debian/control.tmpl debian/rules.tmpl"
-TEMPLATE_VARS += "BUILD_DEB_DEPENDS DEFCONFIG DEBIAN_DEPENDS"
-
-do_prepare_build() {
- cp -R ${WORKDIR}/debian ${S}
-
- install -m 0644 ${WORKDIR}/${PN}.cfg ${S}/swupdate.cfg
- install -m 0644 ${WORKDIR}/${DEFCONFIG}.gen ${S}/configs/${DEFCONFIG}
-
- if ! grep -q "configs/${DEFCONFIG}" ${S}/.gitignore; then
- echo "configs/${DEFCONFIG}" >> ${S}/.gitignore
- fi
-}
--
2.30.2

1761 - 1780 of 8596