[OE-core][dunfell 00/28] Patch review

[OE-core][dunfell 00/28] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1837

The following changes since commit e0cd2e1f9ae956d72b8033ce1c4403d8bd99d3d5:

  staging: Clean up files installed into the sysroot (2021-01-29 04:48:10 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  ca-certificates: correct upstream version check

Anatol Belski (1):
  glib-2.0: Rename patch file for CVE-2020-35457

Awais Belal (1):
  kernel.bbclass: fix deployment for initramfs images

Bruce Ashfield (3):
  linux-yocto/5.4: update to v5.4.90
  linux-yocto-rt/5.4: fix 5.4-stable caused build breakage
  linux-yocto/5.4: update to v5.4.94

Dorinda (1):
  sanity.bbclass: Check if PSEUDO_IGNORE_PATHS and paths under pseudo
    control overlap

Julien Massot (1):
  rng-tools: fix rngd_jitter initialization

Lee Chee Yang (4):
  cve-check: replace Looseversion with custom version class
  cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning
  openssl: set CVE_VERSION_SUFFIX
  wic/selftest: test_permissions also test bitbake image

Mark Hatle (1):
  package.bbclass: hash equivalency and pr service

Peter Bergin (1):
  buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES
    variable

Ricardo Ribalda (1):
  classes/image_types_wic: Reorder do_flush_pseudodb

Ricardo Ribalda Delgado (1):
  oeqa: wic: Add tests for permissions and change-directory

Richard Purdie (5):
  pseudo: Update to include passwd and file renaming fixes
  package: Ensure do_packagedata is cleaned correctly
  image_types: Ensure tar archives are reproducible
  qemu.inc: Should depend on qemu-system-native, not qemu-native
  opkg: Fix build reproducibility issue

Sourabh Banerjee (1):
  layer.conf: fix sanity error for PATH variable in extensible SDK
    workflow

Tomasz Dziendzielski (3):
  python3: Use addtask statement instead of task dependencies
  lib/oe/patch.py: Ignore scissors line on applying patch
  sstatesig: Add descriptive error message to getpwuid/getgrgid "uid/gid
    not found" KeyError

Vyacheslav Yurkov (1):
  npm.bbclass: use python3 for npm config

Wang Mingyu (1):
  ca-certificates: upgrade 20190110 -> 20200601

zhengruoqin (1):
  ca-certificates: upgrade 20200601 -> 20210119

 meta/classes/buildhistory.bbclass             |   2 +-
 meta/classes/cve-check.bbclass                |  14 ++-
 meta/classes/image_types.bbclass              |   2 +-
 meta/classes/image_types_wic.bbclass          |   2 +-
 meta/classes/kernel.bbclass                   |   2 +-
 meta/classes/npm.bbclass                      |   6 +-
 meta/classes/package.bbclass                  |  59 ++++++++--
 meta/classes/sanity.bbclass                   |  10 ++
 meta/conf/bitbake.conf                        |   1 +
 meta/conf/layer.conf                          |   4 +-
 meta/conf/machine/include/qemu.inc            |   2 +-
 meta/lib/oe/cve_check.py                      |  60 ++++++++++
 meta/lib/oe/patch.py                          |   2 +-
 meta/lib/oe/sstatesig.py                      |   6 +-
 meta/lib/oeqa/selftest/cases/cve_check.py     |  36 ++++++
 meta/lib/oeqa/selftest/cases/prservice.py     |   8 +-
 meta/lib/oeqa/selftest/cases/wic.py           | 106 ++++++++++++++++++
 .../openssl/openssl_1.1.1i.bb                 |   2 +
 ...onEntry-lis.patch => CVE-2020-35457.patch} |   0
 meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb |   2 +-
 .../opkg/opkg/sourcedateepoch.patch           |  25 +++++
 meta/recipes-devtools/opkg/opkg_0.4.2.bb      |   1 +
 meta/recipes-devtools/pseudo/pseudo_git.bb    |   2 +-
 meta/recipes-devtools/python/python3_3.8.2.bb |   5 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 ++--
 .../0001-certdata2pem.py-use-python3.patch    |  37 ------
 ...0190110.bb => ca-certificates_20210119.bb} |   6 +-
 ...-O_NONBLOCK-setting-for-entropy-pipe.patch |  26 +++++
 ...ialize-AES-key-before-setting-the-en.patch |  38 +++++++
 ...ys-read-from-entropy-pipe-before-set.patch |  38 +++++++
 .../rng-tools/rng-tools_6.9.bb                |   3 +
 33 files changed, 450 insertions(+), 93 deletions(-)
 create mode 100644 meta/lib/oe/cve_check.py
 create mode 100644 meta/lib/oeqa/selftest/cases/cve_check.py
 rename meta/recipes-core/glib-2.0/glib-2.0/{0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch => CVE-2020-35457.patch} (100%)
 create mode 100644 meta/recipes-devtools/opkg/opkg/sourcedateepoch.patch
 delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
 rename meta/recipes-support/ca-certificates/{ca-certificates_20190110.bb => ca-certificates_20210119.bb} (93%)
 create mode 100644 meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
 create mode 100644 meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
 create mode 100644 meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch

-- 
2.25.1

[OE-core][dunfell 01/28] pseudo: Update to include passwd and file renaming fixes

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Pulls in:
  pseudo_client: Ensure renames update open fd file paths
  pseudo_client.c: Rebuild passwd paths after chroot

which should fix issues seen in apt package index creation, new
binutils and other autobuilder race issues in pseudo amongst other
issues.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 44d11b56001f40622c055069b0901cc4ae15c76c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 29fa9152e2..0ba7b50355 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -6,7 +6,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \
            file://fallback-group \
            "
 
-SRCREV = "f9754ac14672c4af19b77bc698a1a808b0828265"
+SRCREV = "8317c0ab172db47dabcef909bae02cd77b1f1010"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.25.1

[OE-core][dunfell 02/28] sanity.bbclass: Check if PSEUDO_IGNORE_PATHS and paths under pseudo control overlap

[Steve Sakoman]

From: Dorinda <dorindabassey@gmail.com>

Added a sanity check for when PSEUDO_IGNORE_PATHS and paths under pseudo control overlap to avoid random failures generated.

[YOCTO #14193]

Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e4bd8cabcdedf4b52345ef5eb421f71d0f19b1d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/sanity.bbclass | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index b678284554..866d066288 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -710,6 +710,16 @@ def check_sanity_version_change(status, d):
         if i and workdir.startswith(i):
             status.addresult("You are building in a path included in PSEUDO_IGNORE_PATHS " + str(i) + " please locate the build outside this path.\n")
 
+    # Check if PSEUDO_IGNORE_PATHS and and paths under pseudo control overlap
+    pseudoignorepaths = d.getVar('PSEUDO_IGNORE_PATHS', expand=True).split(",")
+    pseudo_control_dir = "${D},${PKGD},${PKGDEST},${IMAGEROOTFS},${SDK_OUTPUT}"
+    pseudocontroldir = d.expand(pseudo_control_dir).split(",")
+    for i in pseudoignorepaths:
+        for j in pseudocontroldir:
+            if i and j:
+                if j.startswith(i):
+                    status.addresult("A path included in PSEUDO_IGNORE_PATHS " + str(i) + " and the path " + str(j) + " overlap and this will break pseudo permission and ownership tracking. Please set the path " + str(j) + " to a different directory which does not overlap with pseudo controlled directories. \n")
+
     # Some third-party software apparently relies on chmod etc. being suid root (!!)
     import stat
     suid_check_bins = "chown chmod mknod".split()
-- 
2.25.1

[OE-core][dunfell 03/28] ca-certificates: upgrade 20190110 -> 20200601

[Steve Sakoman]

From: Wang Mingyu <wangmy@cn.fujitsu.com>

-License-Update: format changed

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0007f38b03bcb0bd561bd9181fbffc7dec47fe9a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...a-certificates_20190110.bb => ca-certificates_20200601.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-support/ca-certificates/{ca-certificates_20190110.bb => ca-certificates_20200601.bb} (95%)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
similarity index 95%
rename from meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
rename to meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
index ce3cb217a1..37ba51ce6a 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
@@ -5,7 +5,7 @@ This derived from Debian's CA Certificates."
 HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
 SECTION = "misc"
 LICENSE = "GPL-2.0+ & MPL-2.0"
-LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e"
 
 # This is needed to ensure we can run the postinst at image creation time
 DEPENDS = ""
@@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be"
+SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b"
 
 SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://0002-update-ca-certificates-use-SYSROOT.patch \
-- 
2.25.1

[OE-core][dunfell 04/28] ca-certificates: correct upstream version check

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9bc2943a7819c7e6d1bd4c1c03b265671811784c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/ca-certificates/ca-certificates_20200601.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
index 37ba51ce6a..6f39df7985 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
@@ -25,6 +25,7 @@ SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
            file://0001-certdata2pem.py-use-python3.patch \
            "
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
 
 S = "${WORKDIR}/git"
 
-- 
2.25.1

[OE-core][dunfell 05/28] ca-certificates: upgrade 20200601 -> 20210119

[Steve Sakoman]

From: zhengruoqin <zhengrq.fnst@cn.fujitsu.com>

0001-certdata2pem.py-use-python3.patch
removed since it is included in 20210119

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit afd86357e07f69090eaff4c5db2c517867dd4ccf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../0001-certdata2pem.py-use-python3.patch    | 37 -------------------
 ...0200601.bb => ca-certificates_20210119.bb} |  3 +-
 2 files changed, 1 insertion(+), 39 deletions(-)
 delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
 rename meta/recipes-support/ca-certificates/{ca-certificates_20200601.bb => ca-certificates_20210119.bb} (96%)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
deleted file mode 100644
index aa2c85ff43..0000000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6d18ca77f131cdcaa10d0eaa9d303399767edf6 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 28 Aug 2019 19:18:14 +0200
-Subject: [PATCH] certdata2pem.py: use python3
-
-Comments in that file imply it is already py3 compatible.
-
-Upstream-Status: Pending
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- mozilla/Makefile        | 2 +-
- mozilla/certdata2pem.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/mozilla/Makefile b/mozilla/Makefile
-index 6f46118..f98877c 100644
---- a/mozilla/Makefile
-+++ b/mozilla/Makefile
-@@ -3,7 +3,7 @@
- #
- 
- all:
--	python certdata2pem.py
-+	python3 certdata2pem.py
- 
- clean:
- 	-rm -f *.crt
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index 0b02b2a..7d796f1 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
- # vim:set et sw=4:
- #
- # certdata2pem.py - splits certdata.txt into multiple files
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
similarity index 96%
rename from meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
rename to meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
index 6f39df7985..888a235c1a 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
@@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b"
+SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144"
 
 SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://0002-update-ca-certificates-use-SYSROOT.patch \
@@ -23,7 +23,6 @@ SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://default-sysroot.patch \
            file://sbindir.patch \
            file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
-           file://0001-certdata2pem.py-use-python3.patch \
            "
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
 
-- 
2.25.1

[OE-core][dunfell 06/28] cve-check: replace Looseversion with custom version class

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

The way distutils.version.LooseVersion compare version are tricky, it treat
all these ( "1.0-beta2", "1.0-rc1", "1.0A", "1.0p2" and "1.0pre1") as greater
version than "1.0". This might be right for "1.0A" and "1.0p1" but not for
the rest, also these version could be confusing, the "p" in "1.0p1" can be
"pre" or "patched" version or even other meaning.

Replace Looseversion with custom class, it uses regex to capture common
version format like "1.1.1" or tag format using date like "2020-12-12" as
release section, check for following known string/tags ( beta, rc, pre, dev,
alpha, preview) as pre-release section, any other trailing characters
are difficult to understand/define so ignore them. Compare release
section and pre-release section saperately.

included selftest for the version class.

[YOCTO#14127]

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6ced85e9ddd3569240f1e8b82130d1ac0fffbc40)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass            | 10 ++--
 meta/lib/oe/cve_check.py                  | 58 +++++++++++++++++++++++
 meta/lib/oeqa/selftest/cases/cve_check.py | 27 +++++++++++
 3 files changed, 90 insertions(+), 5 deletions(-)
 create mode 100644 meta/lib/oe/cve_check.py
 create mode 100644 meta/lib/oeqa/selftest/cases/cve_check.py

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 669da6c8e9..93af667544 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -203,7 +203,7 @@ def check_cves(d, patched_cves):
     """
     Connect to the NVD database and find unpatched cves.
     """
-    from distutils.version import LooseVersion
+    from oe.cve_check import Version
 
     pn = d.getVar("PN")
     real_pv = d.getVar("PV")
@@ -260,8 +260,8 @@ def check_cves(d, patched_cves):
                 else:
                     if operator_start:
                         try:
-                            vulnerable_start =  (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start))
-                            vulnerable_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start))
+                            vulnerable_start =  (operator_start == '>=' and Version(pv) >= Version(version_start))
+                            vulnerable_start |= (operator_start == '>' and Version(pv) > Version(version_start))
                         except:
                             bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_start, version_start, cve))
@@ -271,8 +271,8 @@ def check_cves(d, patched_cves):
 
                     if operator_end:
                         try:
-                            vulnerable_end  = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end))
-                            vulnerable_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end))
+                            vulnerable_end  = (operator_end == '<=' and Version(pv) <= Version(version_end) )
+                            vulnerable_end |= (operator_end == '<' and Version(pv) < Version(version_end) )
                         except:
                             bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_end, version_end, cve))
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
new file mode 100644
index 0000000000..ec48a3f829
--- /dev/null
+++ b/meta/lib/oe/cve_check.py
@@ -0,0 +1,58 @@
+import collections
+import re
+import itertools
+
+_Version = collections.namedtuple(
+    "_Version", ["release", "pre_l", "pre_v"]
+)
+
+class Version():
+    _version_pattern =  r"""v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
+    _regex = re.compile(r"^\s*" + _version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE)
+    def __init__(self, version):
+        match = self._regex.search(version)
+        if not match:
+            raise Exception("Invalid version: '{0}'".format(version))
+
+        self._version = _Version(
+            release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")),
+            pre_l=match.group("pre_l"),
+            pre_v=match.group("pre_v")
+        )
+
+        self._key = _cmpkey(
+            self._version.release,
+            self._version.pre_l,
+            self._version.pre_v
+        )
+
+    def __le__(self, other):
+        if not isinstance(other, Version):
+            return NotImplemented
+        return self._key <= other._key
+
+    def __lt__(self, other):
+        if not isinstance(other, Version):
+            return NotImplemented
+        return self._key < other._key
+
+    def __ge__(self, other):
+        if not isinstance(other, Version):
+            return NotImplemented
+        return self._key >= other._key
+
+    def __gt__(self, other):
+        if not isinstance(other, Version):
+            return NotImplemented
+        return self._key > other._key
+
+def _cmpkey(release, pre_l, pre_v):
+    # remove leading 0
+    _release = tuple(
+        reversed(list(itertools.dropwhile(lambda x: x == 0, reversed(release))))
+    )
+    if pre_l is None and pre_v is None:
+        _pre = float('inf')
+    else:
+        _pre = float(pre_v) if pre_v else float('-inf')
+    return _release, _pre
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
new file mode 100644
index 0000000000..35e2b29a9a
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -0,0 +1,27 @@
+from oe.cve_check import Version
+from oeqa.selftest.case import OESelftestTestCase
+
+class CVECheck(OESelftestTestCase):
+
+    def test_version_compare(self):
+        result = Version("100") > Version("99")
+        self.assertTrue( result, msg="Failed to compare version '100' > '99'")
+        result = Version("2.3.1") > Version("2.2.3")
+        self.assertTrue( result, msg="Failed to compare version '2.3.1' > '2.2.3'")
+        result = Version("2021-01-21") > Version("2020-12-25")
+        self.assertTrue( result, msg="Failed to compare version '2021-01-21' > '2020-12-25'")
+        result = Version("1.2-20200910") < Version("1.2-20200920")
+        self.assertTrue( result, msg="Failed to compare version '1.2-20200910' < '1.2-20200920'")
+
+        result = Version("1.0") >= Version("1.0beta")
+        self.assertTrue( result, msg="Failed to compare version '1.0' >= '1.0beta'")
+        result = Version("1.0-rc2") > Version("1.0-rc1")
+        self.assertTrue( result, msg="Failed to compare version '1.0-rc2' > '1.0-rc1'")
+        result = Version("1.0.alpha1") < Version("1.0")
+        self.assertTrue( result, msg="Failed to compare version '1.0.alpha1' < '1.0'")
+        result = Version("1.0_dev") <= Version("1.0")
+        self.assertTrue( result, msg="Failed to compare version '1.0_dev' <= '1.0'")
+
+        # ignore "p1" and "p2", so these should be equal
+        result = Version("1.0p2") <= Version("1.0p1") and Version("1.0p2") >= Version("1.0p1")
+        self.assertTrue( result ,msg="Failed to compare version '1.0p2' to '1.0p1'")
-- 
2.25.1

[OE-core][dunfell 07/28] cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

add CVE_VERSION_SUFFIX to indicate the version suffix type, currently
works in two value, "alphabetical" if the version string uses single
alphabetical character suffix as incremental release, blank to not
consider the unidentified suffixes. This can be expand when more suffix
pattern identified.

refactor cve_check.Version class to use functools and add parameter to
handle suffix condition.

Also update testcases to cover new changes.

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5dfd5ad5144708b474ef31eaa89a846c57be8ac0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass            | 12 ++++---
 meta/lib/oe/cve_check.py                  | 40 ++++++++++++-----------
 meta/lib/oeqa/selftest/cases/cve_check.py | 11 ++++++-
 3 files changed, 39 insertions(+), 24 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 93af667544..dbff852e18 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -50,6 +50,9 @@ CVE_CHECK_PN_WHITELIST ?= ""
 # 
 CVE_CHECK_WHITELIST ?= ""
 
+# set to "alphabetical" for version using single alphabetical character as increament release
+CVE_VERSION_SUFFIX ??= ""
+
 python cve_save_summary_handler () {
     import shutil
     import datetime
@@ -207,6 +210,7 @@ def check_cves(d, patched_cves):
 
     pn = d.getVar("PN")
     real_pv = d.getVar("PV")
+    suffix = d.getVar("CVE_VERSION_SUFFIX")
 
     cves_unpatched = []
     # CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
@@ -260,8 +264,8 @@ def check_cves(d, patched_cves):
                 else:
                     if operator_start:
                         try:
-                            vulnerable_start =  (operator_start == '>=' and Version(pv) >= Version(version_start))
-                            vulnerable_start |= (operator_start == '>' and Version(pv) > Version(version_start))
+                            vulnerable_start =  (operator_start == '>=' and Version(pv,suffix) >= Version(version_start,suffix))
+                            vulnerable_start |= (operator_start == '>' and Version(pv,suffix) > Version(version_start,suffix))
                         except:
                             bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_start, version_start, cve))
@@ -271,8 +275,8 @@ def check_cves(d, patched_cves):
 
                     if operator_end:
                         try:
-                            vulnerable_end  = (operator_end == '<=' and Version(pv) <= Version(version_end) )
-                            vulnerable_end |= (operator_end == '<' and Version(pv) < Version(version_end) )
+                            vulnerable_end  = (operator_end == '<=' and Version(pv,suffix) <= Version(version_end,suffix) )
+                            vulnerable_end |= (operator_end == '<' and Version(pv,suffix) < Version(version_end,suffix) )
                         except:
                             bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_end, version_end, cve))
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index ec48a3f829..ce755f940a 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -1,58 +1,60 @@
 import collections
 import re
 import itertools
+import functools
 
 _Version = collections.namedtuple(
-    "_Version", ["release", "pre_l", "pre_v"]
+    "_Version", ["release", "patch_l", "pre_l", "pre_v"]
 )
 
+@functools.total_ordering
 class Version():
-    _version_pattern =  r"""v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
-    _regex = re.compile(r"^\s*" + _version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE)
-    def __init__(self, version):
-        match = self._regex.search(version)
+
+    def __init__(self, version, suffix=None):
+        if str(suffix) == "alphabetical":
+            version_pattern =  r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<patch>[-_\.]?(?P<patch_l>[a-z]))?(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
+        else:
+            version_pattern =  r"""r?v?(?:(?P<release>[0-9]+(?:[-\.][0-9]+)*)(?P<pre>[-_\.]?(?P<pre_l>(rc|alpha|beta|pre|preview|dev))[-_\.]?(?P<pre_v>[0-9]+)?)?)(.*)?"""
+        regex = re.compile(r"^\s*" + version_pattern + r"\s*$", re.VERBOSE | re.IGNORECASE)
+
+        match = regex.search(version)
         if not match:
             raise Exception("Invalid version: '{0}'".format(version))
 
         self._version = _Version(
             release=tuple(int(i) for i in match.group("release").replace("-",".").split(".")),
+            patch_l=match.group("patch_l") if str(suffix) == "alphabetical" and match.group("patch_l") else "",
             pre_l=match.group("pre_l"),
             pre_v=match.group("pre_v")
         )
 
         self._key = _cmpkey(
             self._version.release,
+            self._version.patch_l,
             self._version.pre_l,
             self._version.pre_v
         )
 
-    def __le__(self, other):
-        if not isinstance(other, Version):
-            return NotImplemented
-        return self._key <= other._key
-
-    def __lt__(self, other):
+    def __eq__(self, other):
         if not isinstance(other, Version):
             return NotImplemented
-        return self._key < other._key
-
-    def __ge__(self, other):
-        if not isinstance(other, Version):
-            return NotImplemented
-        return self._key >= other._key
+        return self._key == other._key
 
     def __gt__(self, other):
         if not isinstance(other, Version):
             return NotImplemented
         return self._key > other._key
 
-def _cmpkey(release, pre_l, pre_v):
+def _cmpkey(release, patch_l, pre_l, pre_v):
     # remove leading 0
     _release = tuple(
         reversed(list(itertools.dropwhile(lambda x: x == 0, reversed(release))))
     )
+
+    _patch = patch_l.upper()
+
     if pre_l is None and pre_v is None:
         _pre = float('inf')
     else:
         _pre = float(pre_v) if pre_v else float('-inf')
-    return _release, _pre
+    return _release, _patch, _pre
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index 35e2b29a9a..3f343a2841 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -23,5 +23,14 @@ class CVECheck(OESelftestTestCase):
         self.assertTrue( result, msg="Failed to compare version '1.0_dev' <= '1.0'")
 
         # ignore "p1" and "p2", so these should be equal
-        result = Version("1.0p2") <= Version("1.0p1") and Version("1.0p2") >= Version("1.0p1")
+        result = Version("1.0p2") == Version("1.0p1")
         self.assertTrue( result ,msg="Failed to compare version '1.0p2' to '1.0p1'")
+        # ignore the "b" and "r"
+        result = Version("1.0b") == Version("1.0r")
+        self.assertTrue( result ,msg="Failed to compare version '1.0b' to '1.0r'")
+
+        # consider the trailing alphabet as patched level when comparing
+        result = Version("1.0b","alphabetical") < Version("1.0r","alphabetical")
+        self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' < '1.0r'")
+        result = Version("1.0b","alphabetical") > Version("1.0","alphabetical")
+        self.assertTrue( result ,msg="Failed to compare version with suffix '1.0b' > '1.0'")
-- 
2.25.1

[OE-core][dunfell 08/28] openssl: set CVE_VERSION_SUFFIX

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17df664a32a74f17baaef8c31ac23adec2d6255f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
index c2db596f03..5d22c511aa 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
@@ -210,6 +210,8 @@ BBCLASSEXTEND = "native nativesdk"
 
 CVE_PRODUCT = "openssl:openssl"
 
+CVE_VERSION_SUFFIX = "alphabetical"
+
 # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
 # Apache in meta-webserver is already recent enough
 CVE_CHECK_WHITELIST += "CVE-2019-0190"
-- 
2.25.1

[OE-core][dunfell 09/28] package.bbclass: hash equivalency and pr service

[Steve Sakoman]

From: Mark Hatle <mark.hatle@kernel.crashing.org>

When the PR service is enabled a number of small changes may happen
to variables.  In the do_package step a call to package_get_auto_pr
will end up setting PRAUTO and modifying PKGV (if AUTOINC is there).

PRAUTO is then used by EXTENDPRAUTO, which is then used to generate
PKGR.

Since this behavior typically happens BEFORE the BB_UNIHASH is
calculated for do_package, we need a way to defer the expansion
until after we have the unihash value.

Writing out the pkgdata files w/o AUTOPR and PKGV (AUTOINC) expanded
to placeholder values is the easiest way to deal with this.  All other
variables are expanded as expected.

In the next task, typically do_packagedata, we will then use the
UNIHASH from the do_package to get the PR (AUTOPR) as well as
generate the AUTOINC replacement value (now PRSERV_PV_AUTOINC).

The do_packagedata then translates the placeholders to the final values
when copying the data from pkgdata to pkgdata-pdata-input.

Also update the prservice test case.  With unihash, just changing the
do_package (via a _append) will not change the PR.  So write the date
to a specific file that is incorporated into the unihash to ensure it
is always different for the test.  Various assert messages were also
updated to make it easier to figure out where/why a problem occured.

Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2e32f37b0e4abc438c8f60e673cd18a5cc110768)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/package.bbclass              | 58 +++++++++++++++++++----
 meta/conf/bitbake.conf                    |  1 +
 meta/lib/oeqa/selftest/cases/prservice.py |  8 ++--
 3 files changed, 55 insertions(+), 12 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 7c252dd46b..f8074d866c 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -7,7 +7,7 @@
 #
 # There are the following default steps but PACKAGEFUNCS can be extended:
 #
-# a) package_get_auto_pr - get PRAUTO from remote PR service
+# a) package_convert_pr_autoinc - convert AUTOINC in PKGV to ${PRSERV_PV_AUTOINC}
 #
 # b) perform_packagecopy - Copy D into PKGD
 #
@@ -585,12 +585,20 @@ def runtime_mapping_rename (varname, pkg, d):
     #bb.note("%s after: %s" % (varname, d.getVar(varname)))
 
 #
-# Package functions suitable for inclusion in PACKAGEFUNCS
+# Used by do_packagedata (and possibly other routines post do_package)
 #
 
+package_get_auto_pr[vardepsexclude] = "BB_TASKDEPDATA"
 python package_get_auto_pr() {
     import oe.prservice
-    import re
+
+    def get_do_package_hash(pn):
+        if d.getVar("BB_RUNTASK") != "do_package":
+            taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+            for dep in taskdepdata:
+                if taskdepdata[dep][1] == "do_package" and taskdepdata[dep][0] == pn:
+                    return taskdepdata[dep][6]
+        return None
 
     # Support per recipe PRSERV_HOST
     pn = d.getVar('PN')
@@ -602,15 +610,22 @@ python package_get_auto_pr() {
 
     # PR Server not active, handle AUTOINC
     if not d.getVar('PRSERV_HOST'):
-        if 'AUTOINC' in pkgv:
-            d.setVar("PKGV", pkgv.replace("AUTOINC", "0"))
+        d.setVar("PRSERV_PV_AUTOINC", "0")
         return
 
     auto_pr = None
     pv = d.getVar("PV")
     version = d.getVar("PRAUTOINX")
     pkgarch = d.getVar("PACKAGE_ARCH")
-    checksum = d.getVar("BB_TASKHASH")
+    checksum = get_do_package_hash(pn)
+
+    # If do_package isn't in the dependencies, we can't get the checksum...
+    if not checksum:
+        bb.warn('Task %s requested do_package unihash, but it was not available.' % d.getVar('BB_RUNTASK'))
+        #taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+        #for dep in taskdepdata:
+        #    bb.warn('%s:%s = %s' % (taskdepdata[dep][0], taskdepdata[dep][1], taskdepdata[dep][6]))
+        return
 
     if d.getVar('PRSERV_LOCKDOWN'):
         auto_pr = d.getVar('PRAUTO_' + version + '_' + pkgarch) or d.getVar('PRAUTO_' + version) or None
@@ -628,7 +643,7 @@ python package_get_auto_pr() {
                 srcpv = bb.fetch2.get_srcrev(d)
                 base_ver = "AUTOINC-%s" % version[:version.find(srcpv)]
                 value = conn.getPR(base_ver, pkgarch, srcpv)
-                d.setVar("PKGV", pkgv.replace("AUTOINC", str(value)))
+                d.setVar("PRSERV_PV_AUTOINC", str(value))
 
             auto_pr = conn.getPR(version, pkgarch, checksum)
     except Exception as e:
@@ -638,6 +653,22 @@ python package_get_auto_pr() {
     d.setVar('PRAUTO',str(auto_pr))
 }
 
+#
+# Package functions suitable for inclusion in PACKAGEFUNCS
+#
+
+python package_convert_pr_autoinc() {
+    pkgv = d.getVar("PKGV")
+
+    # Adjust pkgv as necessary...
+    if 'AUTOINC' in pkgv:
+        d.setVar("PKGV", pkgv.replace("AUTOINC", "${PRSERV_PV_AUTOINC}"))
+
+    # Change PRSERV_PV_AUTOINC and EXTENDPRAUTO usage to special values
+    d.setVar('PRSERV_PV_AUTOINC', '@PRSERV_PV_AUTOINC@')
+    d.setVar('EXTENDPRAUTO', '@EXTENDPRAUTO@')
+}
+
 LOCALEBASEPN ??= "${PN}"
 
 python package_do_split_locales() {
@@ -2251,7 +2282,7 @@ python do_package () {
         package_qa_handle_error("var-undefined", msg, d)
         return
 
-    bb.build.exec_func("package_get_auto_pr", d)
+    bb.build.exec_func("package_convert_pr_autoinc", d)
 
     ###########################################################################
     # Optimisations
@@ -2323,9 +2354,20 @@ addtask do_package_setscene
 # Copy from PKGDESTWORK to tempdirectory as tempdirectory can be cleaned at both
 # do_package_setscene and do_packagedata_setscene leading to races
 python do_packagedata () {
+    bb.build.exec_func("package_get_auto_pr", d)
+
     src = d.expand("${PKGDESTWORK}")
     dest = d.expand("${WORKDIR}/pkgdata-pdata-input")
     oe.path.copyhardlinktree(src, dest)
+
+    bb.build.exec_func("packagedata_translate_pr_autoinc", d)
+}
+
+# Translate the EXTENDPRAUTO and AUTOINC to the final values
+packagedata_translate_pr_autoinc() {
+    find ${WORKDIR}/pkgdata-pdata-input -type f | xargs --no-run-if-empty \
+        sed -e 's,@PRSERV_PV_AUTOINC@,${PRSERV_PV_AUTOINC},g' \
+            -e 's,@EXTENDPRAUTO@,${EXTENDPRAUTO},g' -i
 }
 
 addtask packagedata before do_build after do_package
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 01020c9823..6ada0099eb 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -208,6 +208,7 @@ PF = "${PN}-${EXTENDPE}${PV}-${PR}"
 EXTENDPE = "${@['','${PE}_'][int(d.getVar('PE') or 0) > 0]}"
 P = "${PN}-${PV}"
 
+PRSERV_PV_AUTOINC = "AUTOINC"
 PRAUTO = ""
 EXTENDPRAUTO = "${@['.${PRAUTO}', ''][not d.getVar('PRAUTO')]}"
 PRAUTOINX = "${PF}"
diff --git a/meta/lib/oeqa/selftest/cases/prservice.py b/meta/lib/oeqa/selftest/cases/prservice.py
index 85b534963d..578b2b4dd9 100644
--- a/meta/lib/oeqa/selftest/cases/prservice.py
+++ b/meta/lib/oeqa/selftest/cases/prservice.py
@@ -23,7 +23,7 @@ class BitbakePrTests(OESelftestTestCase):
         package_data_file = os.path.join(self.pkgdata_dir, 'runtime', package_name)
         package_data = ftools.read_file(package_data_file)
         find_pr = re.search(r"PKGR: r[0-9]+\.([0-9]+)", package_data)
-        self.assertTrue(find_pr, "No PKG revision found in %s" % package_data_file)
+        self.assertTrue(find_pr, "No PKG revision found via regex 'PKGR: r[0-9]+\.([0-9]+)' in %s" % package_data_file)
         return int(find_pr.group(1))
 
     def get_task_stamp(self, package_name, recipe_task):
@@ -40,7 +40,7 @@ class BitbakePrTests(OESelftestTestCase):
         return str(stamps[0])
 
     def increment_package_pr(self, package_name):
-        inc_data = "do_package_append() {\n    bb.build.exec_func('do_test_prserv', d)\n}\ndo_test_prserv() {\necho \"The current date is: %s\"\n}" % datetime.datetime.now()
+        inc_data = "do_package_append() {\n    bb.build.exec_func('do_test_prserv', d)\n}\ndo_test_prserv() {\necho \"The current date is: %s\" > ${PKGDESTWORK}/${PN}.datestamp\n}" % datetime.datetime.now()
         self.write_recipeinc(package_name, inc_data)
         res = bitbake(package_name, ignore_status=True)
         self.delete_recipeinc(package_name)
@@ -63,7 +63,7 @@ class BitbakePrTests(OESelftestTestCase):
         pr_2 = self.get_pr_version(package_name)
         stamp_2 = self.get_task_stamp(package_name, track_task)
 
-        self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
+        self.assertTrue(pr_2 - pr_1 == 1, "New PR %s did not increment as expected (from %s), difference should be 1" % (pr_2, pr_1))
         self.assertTrue(stamp_1 != stamp_2, "Different pkg rev. but same stamp: %s" % stamp_1)
 
     def run_test_pr_export_import(self, package_name, replace_current_db=True):
@@ -89,7 +89,7 @@ class BitbakePrTests(OESelftestTestCase):
         self.increment_package_pr(package_name)
         pr_2 = self.get_pr_version(package_name)
 
-        self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
+        self.assertTrue(pr_2 - pr_1 == 1, "New PR %s did not increment as expected (from %s), difference should be 1" % (pr_2, pr_1))
 
     def test_import_export_replace_db(self):
         self.run_test_pr_export_import('m4')
-- 
2.25.1

[OE-core][dunfell 10/28] package: Ensure do_packagedata is cleaned correctly

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

In an earlier commit, libprocps was split into a separate package leaving
no shlibs in the main package. A bug was seen where igt-gpu-tools wouldn't
build correctly in some cases as it thought the librbary was still in the
main package, throwing qa errors as a result.

The issue was due to an extra file being left in the sstate output of
the do_packagedata task in the shlibs2/ folder which contained the bad
shlibs information.

The reason for this was that the temporary directory used in this
task wasn't being cleaned so files which were deleted were not handled
correctly. Add a missing cleandirs entry to fix this.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50f17d0a655a3a2556f9fcad67259101c2814a36)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/package.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index f8074d866c..15bff9c778 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -2362,6 +2362,7 @@ python do_packagedata () {
 
     bb.build.exec_func("packagedata_translate_pr_autoinc", d)
 }
+do_packagedata[cleandirs] += "${WORKDIR}/pkgdata-pdata-input"
 
 # Translate the EXTENDPRAUTO and AUTOINC to the final values
 packagedata_translate_pr_autoinc() {
-- 
2.25.1

[OE-core][dunfell 11/28] kernel.bbclass: fix deployment for initramfs images

[Steve Sakoman]

From: Awais Belal <Awais_Belal@mentor.com>

The do_bundle_initramfs() only processes kernel image
types that are found in KERNEL_IMAGETYPE_FOR_MAKE whereas
the build system can generate other types that are not
directly supported by the kernel build system. In which
case when we come to the deploy phase not all the images
mentioned in KERNEL_IMAGETYPES would have a respective
initramfs bundled image. An example is using vmlinux.gz
in KERNEL_IMAGETYPES and enabling initramfs and then we
see

install: cannot stat 'arch/arm64/boot/vmlinux.gz.initramfs': No such file or directory

So we align the deploy phase with bundle initramfs phase
and pick up relevant initramfs bundled images using
KERNEL_IMAGETYPE_FOR_MAKE instead of KERNEL_IMAGETYPES.

Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 526bdd88ccd758204452579333ba188e29270bde)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 2a65c001d9..83a574efcd 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -718,7 +718,7 @@ kernel_do_deploy() {
 	fi
 
 	if [ ! -z "${INITRAMFS_IMAGE}" -a x"${INITRAMFS_IMAGE_BUNDLE}" = x1 ]; then
-		for imageType in ${KERNEL_IMAGETYPES} ; do
+		for imageType in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do
 			if [ "$imageType" = "fitImage" ] ; then
 				continue
 			fi
-- 
2.25.1

[OE-core][dunfell 12/28] linux-yocto/5.4: update to v5.4.90

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    ceed81a883dc Linux 5.4.90
    6f484096196b regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init()
    bbb2fee395e9 net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
    bd0051a5cb05 block: fix use-after-free in disk_part_iter_next
    c5fe50e18fcb KVM: arm64: Don't access PMCR_EL0 when no PMU is available
    f595e44b161a net: mvpp2: disable force link UP during port init procedure
    5b8d3c3a9fcb regulator: qcom-rpmh-regulator: correct hfsmps515 definition
    3582406b9c04 wan: ds26522: select CONFIG_BITREVERSE
    480c5e9c7e4c regmap: debugfs: Fix a memory leak when calling regmap_attach_dev
    c3c774886790 net/mlx5e: Fix two double free cases
    ce74b5a0689d net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
    a2b2ae3812e5 bpftool: Fix compilation failure for net.o with older glibc
    2992e3371a3a iommu/intel: Fix memleak in intel_irq_remapping_alloc
    006319327d21 lightnvm: select CONFIG_CRC32
    46c15eeb0a8a block: rsxx: select CONFIG_CRC32
    4834a984e456 wil6210: select CONFIG_CRC32
    b28378bc91d0 qed: select CONFIG_CRC32
    cc196d4604c9 dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
    d0eaf8a8eff8 dmaengine: xilinx_dma: fix incompatible param warning in _child_probe()
    e6f247a5f927 dmaengine: xilinx_dma: check dma_async_device_register return value
    c15556cb344a dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function
    55503711adff i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated
    12e8bcaef61a spi: stm32: FIFO threshold level - fix align packet size
    9ff4796e6fd9 cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    4dd15f9bc881 can: kvaser_pciefd: select CONFIG_CRC32
    82adac5ad13b can: m_can: m_can_class_unregister(): remove erroneous m_can_clk_stop()
    3b68980596fb can: tcan4x5x: fix bittiming const, use common bittiming from m_can driver
    b77e0283efdc dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk()
    f6dd8c259ab8 i2c: sprd: use a specific timeout to avoid system hang up issue
    8d0cadc2ea64 ARM: OMAP2+: omap_device: fix idling of devices during probe
    003280bd8845 HID: wacom: Fix memory leakage caused by kfifo_alloc
    6f367fb1b7ee iio: imu: st_lsm6dsx: fix edge-trigger interrupts
    87ea51c90280 vmlinux.lds.h: Add PGO and AutoFDO input sections
    099340d3e758 exfat: Month timestamp metadata accidentally incremented
    bb039d45ebc5 x86/resctrl: Don't move a task to the same resource group
    628af07fc5cd x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    96fb3d28c885 chtls: Fix chtls resources release sequence
    fac9b53cfacb chtls: Added a check to avoid NULL pointer dereference
    38768ea1127d chtls: Replace skb_dequeue with skb_peek
    dcce456b2843 chtls: Fix panic when route to peer not configured
    44bed66b2be9 chtls: Remove invalid set_tcb call
    266ee00f402b chtls: Fix hardware tid leak
    ed62af62da41 net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    cf59803ce4b3 net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    3008c639c081 net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    fc1c907da5a1 s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    e6931e3eb084 nexthop: Unlink nexthop group entry in error path
    3cecab93f271 nexthop: Fix off-by-one error in error path
    f03b81e61ef5 octeontx2-af: fix memory leak of lmac and lmac->name
    12e10b12124c net: ip: always refragment ip defragmented packets
    41bfd4111257 net: fix pmtu check in nopmtudisc mode
    98fc9692ac3d tools: selftests: add test for changing routes with PTMU exceptions
    7694654168bb net: ipv6: fib: flush exceptions when purging route
    1cba7e270b16 net/sonic: Fix some resource leaks in error handling paths
    37e6368a8de6 net: vlan: avoid leaks on register_vlan_dev() failures
    4ff0737ebc76 net: stmmac: dwmac-sun8i: Balance internal PHY power
    5698f0921c9b net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    fa020a28896c net: hns3: fix a phy loopback fail issue
    bddaf51d116c net: hns3: fix the number of queues actually used by ARQ
    d73f7e757526 net: cdc_ncm: correct overhead in delayed_ndp_size
    5597557244d4 vfio iommu: Add dma available capability
    335104082c21 x86/asm/32: Add ENDs to some functions and relabel with SYM_CODE_*
    a829146c3fdc Linux 5.4.89
    485e21729b1e scsi: target: Fix XCOPY NAA identifier lookup
    7795afa0d7a9 KVM: x86: fix shift out of bounds reported by UBSAN
    a9d49da7edf8 x86/mtrr: Correct the range check before performing MTRR type lookups
    a798b367a066 netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
    5e401ea71676 netfilter: xt_RATEEST: reject non-null terminated string from userspace
    1dd6a790c220 netfilter: ipset: fix shift-out-of-bounds in htable_bits()
    e0281bb5a82d netfilter: x_tables: Update remaining dereference to RCU
    828f2a20f946 drm/i915: clear the gpu reloc batch
    ef8133b1b47e dmabuf: fix use-after-free of dmabuf's file->f_inode
    284be2b993ca Revert "device property: Keep secondary firmware node secondary by type"
    64d06c7f2fa2 btrfs: send: fix wrong file path when there is an inode with a pending rmdir
    0cb0b876f17f ALSA: hda/realtek: Add two "Intel Reference board" SSID in the ALC256.
    02e59692a6b1 ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7
    d63a96f45c4f ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
    30fd9778cf8f ALSA: hda/conexant: add a new hda codec CX11970
    121944484cc4 ALSA: hda/via: Fix runtime PM for Clevo W35xSS
    a5c7a456680f kvm: check tlbs_dirty directly
    10dcb79ec79e x86/mm: Fix leak of pmd ptlock
    d3e5db486fd8 USB: serial: keyspan_pda: remove unused variable
    bcffe2de9dde usb: gadget: configfs: Fix use-after-free issue with udc_name
    276828221852 usb: gadget: configfs: Preserve function ordering after bind failure
    b2bd36f54495 usb: gadget: Fix spinlock lockup on usb_function_deactivate
    ce507b55db29 USB: gadget: legacy: fix return error code in acm_ms_bind()
    7f875ea9883c usb: gadget: u_ether: Fix MTU size mismatch with RX packet size
    b89a5f39c2b5 usb: gadget: function: printer: Fix a memory leak for interface descriptor
    692ab0726460 usb: gadget: f_uac2: reset wMaxPacketSize
    7ac84fa85ba2 usb: gadget: select CONFIG_CRC32
    77a804dd6b46 ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
    5c263f16822f USB: usblp: fix DMA to stack
    41f15da2abd9 USB: yurex: fix control-URB timeout handling
    175f7a5fa7e6 USB: serial: option: add Quectel EM160R-GL
    1a59feb52dc4 USB: serial: option: add LongSung M5710 module support
    ac48b1dacb07 USB: serial: iuu_phoenix: fix DMA from stack
    8a051eaae708 usb: uas: Add PNY USB Portable SSD to unusual_uas
    a7b81d0d2e07 usb: usbip: vhci_hcd: protect shift size
    f7cc27eb358d USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
    ea472d839133 usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data()
    a37a0667e1e0 usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
    5b8e1be9e0c1 USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
    5445502a344b USB: cdc-acm: blacklist another IR Droid device
    eeae1d95ce4e usb: gadget: enable super speed plus
    70cf59b8ffb4 staging: mt7621-dma: Fix a resource leak in an error handling path
    c511f27e130e powerpc: Handle .text.{hot,unlikely}.* in linker script
    867c10a03f84 crypto: asym_tpm: correct zero out potential secrets
    ff7397add935 crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
    9e60056b1f53 video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
    84d488719b27 Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close
    3417067b3111 kbuild: don't hardcode depmod path
    3f2a28930a7e net/sched: sch_taprio: ensure to reset/destroy all child qdiscs
    c41ea30c3839 ionic: account for vlan tag len in rx buffer len
    5c6eb887e192 vhost_net: fix ubuf refcount incorrectly when sendmsg fails
    8f64957fda12 net: usb: qmi_wwan: add Quectel EM160R-GL
    12ab7b627d43 CDC-NCM: remove "connected" log message
    171a2bce9d6c net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access
    c0883010d3b3 net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs
    07f26fc52b45 r8169: work around power-saving bug on some chip versions
    106ca9ca9acc net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
    2b8aa896b151 erspan: fix version 1 check in gre_parse_header()
    606f5412ad86 net: hns: fix return value check in __lb_other_process()
    e40b5fc79110 net: sched: prevent invalid Scell_log shift count
    b16f883e71f3 ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
    a018c071de14 net: mvpp2: fix pkt coalescing int-threshold configuration
    443a71031e49 tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS
    c076e1198554 net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
    8602c20a9160 net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc
    1f6b04a2b282 net-sysfs: take the rtnl lock when storing xps_rxqs
    67ed54a63f43 net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
    fb14db9508c0 net-sysfs: take the rtnl lock when storing xps_cpus
    e43ec45d45af net: ethernet: Fix memleak in ethoc_probe
    56dc7908ed85 net/ncsi: Use real net-device for response handler
    dffef999e484 virtio_net: Fix recursive call to cpus_read_lock()
    5404192a8721 qede: fix offload for IPIP tunnel packets
    8009f6bb13a3 net: ethernet: mvneta: Fix error handling in mvneta_probe
    6d003fe7fe87 ibmvnic: continue fatal error reset after passive init
    3d16088a9668 net: mvpp2: Fix GoP port 3 Networking Complex Control configurations
    8548c9679939 atm: idt77252: call pci_disable_device() on error path
    2a006b4fa5cc ethernet: ucc_geth: set dev->max_mtu to 1518
    c2ca14cc6f55 ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
    af99cae96fdc net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE
    8dd98d5d2ba4 net: mvpp2: prs: fix PPPoE with ipv6 packet parse
    73445f29575a net: mvpp2: Add TCAM entry to drop flow control pause frames
    a5a6dc4dc293 iavf: fix double-release of rtnl_lock
    6aba31a7c72e i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs
    9ea03f6890ce proc: fix lookup in /proc/net subdirectories after setns(2)
    d2942e958f26 proc: change ->nlink under proc_subdir_lock
    59b10c8a59a1 depmod: handle the case of /sbin/depmod without /sbin in PATH
    663a0bcb3fa5 lib/genalloc: fix the overflow when size is too big
    19e0cf8fc481 scsi: scsi_transport_spi: Set RQF_PM for domain validation commands
    eb3e975ac2a3 scsi: ide: Do not set the RQF_PREEMPT flag for sense requests
    4ae3573c571e scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff()
    5f9c3d640505 scsi: ufs: Fix wrong print message in dev_err()
    515dc635eb76 workqueue: Kick a worker based on the actual activation of delayed works
    f3a4c8d50145 Linux 5.4.88
    0a49aaf4df29 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
    117433236ae2 exec: Transform exec_update_mutex into a rw_semaphore
    d390fc97df62 rwsem: Implement down_read_interruptible
    1b75a263fbd9 rwsem: Implement down_read_killable_nested
    71b8355ba667 perf: Break deadlock involving exec_update_mutex
    732251cabeb3 fuse: fix bad inode
    06c672dd61b5 iio:imu:bmi160: Fix alignment and data leak issues
    7a736f41013e kdev_t: always inline major/minor helper functions
    61a0d8e437bb dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate()
    20d5ee563bfd dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()
    f2a0b7677444 dmaengine: at_hdmac: Substitute kzalloc with kmalloc
    4d3ba541bede Revert "mtd: spinand: Fix OOB read"
    da5b4cf021b9 Revert "drm/amd/display: Fix memory leaks in S3 resume"

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5dcc8a5977725a9fe11ac13ebd16a7acc1eef37d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 5fc444bfc9..027e1a15c7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "b82b3d52ee94caf6165eda89d3294a561bfb4f0b"
-SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132"
+SRCREV_machine ?= "06c752971a7cb66123ab2b3731044103fc5662e0"
+SRCREV_meta ?= "70cec8c033a6f5c48f0a93374f0bfc25240f14fd"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.87"
+LINUX_VERSION ?= "5.4.90"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 05edcfa63d..8dfa5357bd 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.87"
+LINUX_VERSION ?= "5.4.90"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "18b82a8554b25c86cbf31af312765832edca3498"
-SRCREV_machine ?= "292d752af8e4015e40e7c523641983bac543e2b4"
-SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132"
+SRCREV_machine_qemuarm ?= "c65142e64f3d705d0b978b44394d274165d872b2"
+SRCREV_machine ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
+SRCREV_meta ?= "70cec8c033a6f5c48f0a93374f0bfc25240f14fd"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 6a2d96e8a0..3ddff222af 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "03f94e8a96d027da980f2cc2ad6e95bbb45e22c5"
-SRCREV_machine_qemuarm64 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
-SRCREV_machine_qemumips ?= "0b055d3e2e8d41743b00cd84975ff383e35f1ae9"
-SRCREV_machine_qemuppc ?= "292d752af8e4015e40e7c523641983bac543e2b4"
-SRCREV_machine_qemuriscv64 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
-SRCREV_machine_qemux86 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
-SRCREV_machine_qemux86-64 ?= "292d752af8e4015e40e7c523641983bac543e2b4"
-SRCREV_machine_qemumips64 ?= "126e385b2dd8580a266fe15907c3725d2da12458"
-SRCREV_machine ?= "292d752af8e4015e40e7c523641983bac543e2b4"
-SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132"
+SRCREV_machine_qemuarm ?= "17c98abae21d7d1bf43b58edc3d4aa2992436385"
+SRCREV_machine_qemuarm64 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
+SRCREV_machine_qemumips ?= "47a679ac3ca38116beaeb071888c01ef050f1424"
+SRCREV_machine_qemuppc ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
+SRCREV_machine_qemuriscv64 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
+SRCREV_machine_qemux86 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
+SRCREV_machine_qemux86-64 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
+SRCREV_machine_qemumips64 ?= "e4714b9bb683cf08909e6dc2e91fd508e56bfbc2"
+SRCREV_machine ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
+SRCREV_meta ?= "70cec8c033a6f5c48f0a93374f0bfc25240f14fd"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.87"
+LINUX_VERSION ?= "5.4.90"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 13/28] linux-yocto-rt/5.4: fix 5.4-stable caused build breakage

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

5.4-stable included a backport of:

   Author: Eric W. Biederman <ebiederm@xmission.com>
   Date:   Thu Dec 3 14:11:13 2020 -0600

     rwsem: Implement down_read_interruptible

     [ Upstream commit 31784cff7ee073b34d6eddabb95e3be2880a425c ]

     In preparation for converting exec_update_mutex to a rwsem so that
     multiple readers can execute in parallel and not deadlock, add
     down_read_interruptible.  This is needed for perf_event_open to be
     converted (with no semantic changes) from working on a mutex to
     wroking on a rwsem.

     Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
     Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
     Link: https://lkml.kernel.org/r/87k0tybqfy.fsf@x220.int.ebiederm.org
     Signed-off-by: Sasha Levin <sashal@kernel.org>

We implement a -rt variant to fix the build issues.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e610fb7cc22447441f18a9b1bffe58aadb6aaab6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb   | 4 ++--
 meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb      | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 027e1a15c7..4ca458ee8f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,8 +11,8 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "06c752971a7cb66123ab2b3731044103fc5662e0"
-SRCREV_meta ?= "70cec8c033a6f5c48f0a93374f0bfc25240f14fd"
+SRCREV_machine ?= "6b0893e9fddb5473b181b29059fe64980f353c83"
+SRCREV_meta ?= "d676bf5ff7b7071e14f44498d2482c0a596f14cd"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 8dfa5357bd..32fbf9dc55 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "c65142e64f3d705d0b978b44394d274165d872b2"
 SRCREV_machine ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_meta ?= "70cec8c033a6f5c48f0a93374f0bfc25240f14fd"
+SRCREV_meta ?= "d676bf5ff7b7071e14f44498d2482c0a596f14cd"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 3ddff222af..89412fddda 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -21,7 +21,7 @@ SRCREV_machine_qemux86 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
 SRCREV_machine_qemux86-64 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
 SRCREV_machine_qemumips64 ?= "e4714b9bb683cf08909e6dc2e91fd508e56bfbc2"
 SRCREV_machine ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_meta ?= "70cec8c033a6f5c48f0a93374f0bfc25240f14fd"
+SRCREV_meta ?= "d676bf5ff7b7071e14f44498d2482c0a596f14cd"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.25.1

[OE-core][dunfell 14/28] linux-yocto/5.4: update to v5.4.94

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    0fbca6ce4174 Linux 5.4.94
    315cd8fc2ad2 fs: fix lazytime expiration handling in __writeback_single_inode()
    5f8b8fccdfbc writeback: Drop I_DIRTY_TIME_EXPIRE
    2d8848edc96b dm integrity: conditionally disable "recalculate" feature
    43546b74ce6c tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    ab85b382dcf7 SMB3.1.1: do not log warning message if server doesn't populate salt
    0edc78af73d0 arm64: mm: use single quantity to represent the PA to VA translation
    b899d5b2a42a tracing: Fix race in trace_open and buffer resize call
    c4a23c852e80 io_uring: Fix current->fs handling in io_sq_wq_submit_work()
    336bb7dc5a1c HID: wacom: Correct NULL dereference on AES pen proximity
    ecd62d2e9ab4 futex: Handle faults correctly for PI futexes
    55ea172ce3eb futex: Simplify fixup_pi_state_owner()
    a3155c362ca0 futex: Use pi_state_update_owner() in put_pi_state()
    ceb83cf9ed67 rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    015b6a4c2564 futex: Provide and use pi_state_update_owner()
    65aad57cac8d futex: Replace pointless printk in fixup_owner()
    0dae88a92596 futex: Ensure the correct return value from futex_lock_pi()
    c27a2a1ecf69 Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
    4afd772371d9 gpio: mvebu: fix pwm .get_state period calculation
    131f8d8a889a Linux 5.4.93
    f7020c437e13 tcp: fix TCP_USER_TIMEOUT with zero window
    945d182a046f tcp: do not mess with cloned skbs in tcp_add_backlog()
    ccc248b6444a net: dsa: b53: fix an off by one in checking "vlan->vid"
    ff64094dc718 net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled
    3e5b335a55e9 net: mscc: ocelot: allow offloading of bridge on top of LAG
    b47a3c32c4c2 ipv6: set multicast flag on the multicast route
    b778940f2ab9 net_sched: reject silly cell_log in qdisc_get_rtab()
    4ed347901f08 net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
    bc757ba6dc75 ipv6: create multicast route with RTPROT_KERNEL
    60fb547a3d5d udp: mask TOS bits in udp_v4_early_demux()
    da3711f42c68 kasan: fix incorrect arguments passing in kasan_add_zero_shadow
    0d190f53fa2f kasan: fix unaligned address is unhandled in kasan_remove_zero_shadow
    5a3890bad3a4 skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
    49aaf012c478 lightnvm: fix memory leak when submit fails
    0ff55fc4d6a1 sh_eth: Fix power down vs. is_opened flag ordering
    fd2f5130ae98 net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext
    4e1d17a1f73b sh: dma: fix kconfig dependency for G2_DMA
    8a0b8e26f79f netfilter: rpfilter: mask ecn bits before fib lookup
    99328b4b4408 x86/cpu/amd: Set __max_die_per_package on AMD
    6f8ba0ada139 pinctrl: ingenic: Fix JZ4760 support
    382ffe786647 driver core: Extend device_is_dependent()
    4e749a28c909 xhci: tegra: Delay for disabling LFPS detector
    a6a5d08170c2 xhci: make sure TRB is fully written before giving it to the controller
    7f3cfc7e378d usb: bdc: Make bdc pci driver depend on BROKEN
    f764f90b0c77 usb: udc: core: Use lock when write to soft_connect
    564f3c532642 usb: gadget: aspeed: fix stop dma register setting.
    f89a193fd9d3 USB: ehci: fix an interrupt calltrace error
    9a660760299b ehci: fix EHCI host controller initialization sequence
    5eda5db39e28 serial: mvebu-uart: fix tx lost characters at power off
    a8fade59466c stm class: Fix module init return on allocation failure
    5e4bacea58ca intel_th: pci: Add Alder Lake-P support
    c5885886c72c x86/mmx: Use KFPU_387 for MMX string operations
    d1a9cd1dc53c x86/topology: Make __max_die_per_package available unconditionally
    cdb4ce96fdd2 x86/fpu: Add kernel_fpu_begin_mask() to selectively initialize state
    cd1c4882ab43 irqchip/mips-cpu: Set IPI domain parent chip
    9a2f6007a228 cifs: do not fail __smb_send_rqst if non-fatal signals are pending
    745229c90301 iio: ad5504: Fix setting power-down state
    ddd1416f4413 can: peak_usb: fix use after free bugs
    a24476b37167 can: vxcan: vxcan_xmit: fix use after free bug
    ac48ef15826e can: dev: can_restart: fix use after free bug
    391187744436 selftests: net: fib_tests: remove duplicate log test
    237375005739 platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list
    57f0f0ddf9e4 i2c: octeon: check correct size of maximum RECV_LEN packet
    485e0255c19e powerpc: Fix alignment bug within the init sections
    cfea5cddeb71 scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
    da3324ec5497 pinctrl: aspeed: g6: Fix PWMG0 pinctrl setting
    5625c3da7167 powerpc: Use the common INIT_DATA_SECTION macro in vmlinux.lds.S
    73a229119983 drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0
    af91a2e7fb5e drm/nouveau/mmu: fix vram heap sizing
    ee2c9e58f430 drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
    38f35023fd30 drm/nouveau/privring: ack interrupts the same way as RM
    8c3d3b385ed8 drm/nouveau/bios: fix issue shadowing expansion ROMs
    f5dc9627ac04 drm/amd/display: Fix to be able to stop crc calculation
    9f6d85e20125 drm/amdgpu/psp: fix psp gfx ctrl cmds
    5b2266d62b54 riscv: defconfig: enable gpio support for HiFive Unleashed
    7eef73685871 dts: phy: fix missing mdio device and probe failure of vsc8541-01 device
    5fa6987258a7 x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery
    a09d4e7acdbf xen: Fix event channel callback via INTX/GSI
    acc402fa5bf5 arm64: make atomic helpers __always_inline
    8ab3478335ad clk: tegra30: Add hda clock default rates to clock driver
    c074680653e2 HID: Ignore battery for Elan touchscreen on ASUS UX550
    9cec63a3aacb HID: logitech-dj: add the G602 receiver
    b1b943f5b65e riscv: Fix sifive serial driver
    cd0c46821aa5 riscv: Fix kernel time_init()
    5a1d7bb7d333 scsi: sd: Suppress spurious errors when WRITE SAME is being disabled
    68f99105752d scsi: qedi: Correct max length of CHAP secret
    97853a7eae80 scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
    b477f4371045 dm integrity: select CRYPTO_SKCIPHER
    8ebe26a1e236 HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device
    6af49167440a ASoC: Intel: haswell: Add missing pm_ops
    ad1df24b37d9 drm/i915/gt: Prevent use of engine->wa_ctx after error
    6b59bd9eea08 drm/syncobj: Fix use-after-free
    559c0ffedbe0 drm/atomic: put state on error path
    42d855f06d12 dm integrity: fix a crash if "recalculate" used without "internal_hash"
    a03ce9cc4bb8 dm: avoid filesystem lookup in dm_get_dev_t()
    cd3aa1495d8a mmc: sdhci-xenon: fix 1.8v regulator stabilization
    6acdefd0bd34 mmc: core: don't initialize block size from ext_csd if not present
    d8a487e673ab btrfs: send: fix invalid clone operations when cloning from the same file and root
    4d1cf8eeda5b btrfs: don't clear ret in btrfs_start_dirty_block_groups
    e1065331b730 btrfs: fix lockdep splat in btrfs_recover_relocation
    68718453159e btrfs: don't get an EINTR during drop_snapshot for reloc
    a826af1dea4a ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    08fa4ae93e95 ALSA: hda/via: Add minimum mute flag
    1607adf1ac41 ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    9c301133beda platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
    ea8d3c71313f platform/x86: i2c-multi-instantiate: Don't create platform device for INT3515 ACPI nodes
    60066d5181be i2c: bpmp-tegra: Ignore unknown I2C_M flags
    09f983f0c7fc Linux 5.4.92
    e2d69319b713 spi: cadence: cache reference clock rate during probe
    d04c7938d0f8 mac80211: check if atf has been disabled in __ieee80211_schedule_txq
    d46996cb4b16 mac80211: do not drop tx nulldata packets on encrypted links
    56e8947bcf81 tipc: fix NULL deref in tipc_link_xmit()
    55bac51762c3 net, sctp, filter: remap copy_from_user failure error
    52e0b20c8c57 rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    5c466480d7d4 net: avoid 32 x truesize under-estimation for tiny skbs
    f6499a78e581 net: sit: unregister_netdevice on newlink's error path
    a3870cf8a7a2 net: stmmac: Fixed mtu channged by cache aligned
    c213d85cae39 rxrpc: Call state should be read with READ_ONCE() under some circumstances
    6d57b582fb35 net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
    d52f5929d997 net: dcb: Validate netlink message in DCB handler
    814e04776211 esp: avoid unneeded kmap_atomic call
    0ff06dd1b949 rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
    c897c10e4334 net: mvpp2: Remove Pause and Asym_Pause support
    18c29e175e30 mlxsw: core: Increase critical threshold for ASIC thermal zone
    7680783452ce mlxsw: core: Add validation of transceiver temperature thresholds
    ff6d4e8da7c6 net: ipv6: Validate GSO SKB before finish IPv6 processing
    b41352a93c16 net: skbuff: disambiguate argument and member for skb_list_walk_safe helper
    aa350dbe3a1e net: introduce skb_list_walk_safe for skb segment walking
    760e9fd4f7ab netxen_nic: fix MSI/MSI-x interrupts
    982e763ea3c3 udp: Prevent reuseport_select_sock from reading uninitialized socks
    bd4793843c85 bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback
    79ce12cfa56a bpf: Don't leak memory in bpf getsockopt when optlen == 0
    4aef760c28e8 nfsd4: readdirplus shouldn't return parent of export
    9b72d5ba50f1 spi: npcm-fiu: Disable clock in probe error path
    6ef67f59263e spi: npcm-fiu: simplify the return expression of npcm_fiu_probe()
    fa6de8d82d9c scsi: lpfc: Make lpfc_defer_acc_rsp static
    e82b58aa6471 scsi: lpfc: Make function lpfc_defer_pt2pt_acc static
    5e6b88828526 elfcore: fix building with clang
    ac29c052654f xen/privcmd: allow fetching resource sizes
    dd113b79ee7e compiler.h: Raise minimum version of GCC to 5.1 for arm64
    24cea7d70516 usb: ohci: Make distrust_firmware param default to false
    d26b3110041a Linux 5.4.91
    516bd00e5ac1 netfilter: nft_compat: remove flush counter optimization
    935114863364 netfilter: nf_nat: Fix memleak in nf_nat_init
    49fc6d92b484 netfilter: conntrack: fix reading nf_conntrack_buckets
    548e4168e68d ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
    68e67535e26b ALSA: fireface: Fix integer overflow in transmit_midi_msg()
    2c3d03cdbd39 dm: eliminate potential source of excessive kernel log noise
    a34294774a32 net: sunrpc: interpret the return value of kstrtou32 correctly
    8b5107a74db3 iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev()
    c2226680343d mm, slub: consider rest of partial list if acquire_slab() fails
    cd9e901fe2fc drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence
    9269296721b5 IB/mlx5: Fix error unwinding when set_has_smi_cap fails
    40a782293545 RDMA/mlx5: Fix wrong free of blue flame register on error
    e8c8d2319bd7 bnxt_en: Improve stats context resource accounting with RDMA driver loaded.
    3bcf35a7c05f RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
    da834a9bdc23 RDMA/restrack: Don't treat as an error allocation ID wrapping
    986fdc7685fa ext4: fix superblock checksum failure when setting password salt
    38992092b54e NFS: nfs_igrab_and_active must first reference the superblock
    6b3ae2030db9 NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter
    aa2399f55eff pNFS: Stricter ordering of layoutget and layoutreturn
    78c2ab7f5265 pNFS: Mark layout for return if return-on-close was not sent
    7d1241ae1dce pNFS: We want return-on-close to complete when evicting the inode
    69d121ca892c NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    c70f6e0ac9f9 nvme-tcp: fix possible data corruption with bio merges
    55a102004376 ASoC: Intel: fix error code cnl_set_dsp_D0()
    2392a54de8ba ASoC: meson: axg-tdmin: fix axg skew offset
    973900cd4614 ASoC: meson: axg-tdm-interface: fix loopback
    08eb8a735c11 dump_common_audit_data(): fix racy accesses to ->d_name
    d443cefd9f73 perf intel-pt: Fix 'CPU too large' error
    221dee1d0d4e ARM: picoxcell: fix missing interrupt-parent properties
    ba74e0f222c7 drm/msm: Call msm_init_vram before binding the gpu
    0251d3eb4480 ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    bfdd0a3b86c3 usb: typec: Fix copy paste error for NVIDIA alt-mode description
    644baa95db2b drm/amdgpu: fix a GPU hang issue when remove device
    596b3423fddc nvmet-rdma: Fix list_del corruption on queue establishment failure
    4cb77b877fcc nvme-pci: mark Samsung PM1725a as IGNORE_DEV_SUBNQN
    242793c7ef2f selftests: fix the return value for UDP GRO test
    5fc06b706432 net: ethernet: fs_enet: Add missing MODULE_LICENSE
    15a8491cdcd4 misdn: dsp: select CONFIG_BITREVERSE
    635a658de303 arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
    bc68af1fdcac bfq: Fix computation of shallow depth
    2abc54579d1b lib/raid6: Let $(UNROLL) rules work with macOS userland
    1d05b91ab72e hwmon: (pwm-fan) Ensure that calculation doesn't discard big period values
    1229d433960c habanalabs: Fix memleak in hl_device_reset
    93aef8e6cc08 habanalabs: register to pci shutdown callback
    79df21218d63 ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
    331a6438ebfd regulator: bd718x7: Add enable times
    d5f996bea464 btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan
    c8dd8af4b35f netfilter: ipset: fixes possible oops in mtype_resize
    ca2fc0dc1cec ARC: build: move symlink creation to arch/arc/Makefile to avoid race
    6265a0f2410f ARC: build: add boot_targets to PHONY
    217d8ba22bce ARC: build: add uImage.lzma to the top-level target
    b9128252b9ee ARC: build: remove non-existing bootpImage from KBUILD_IMAGE
    5349b17c3df5 dm integrity: fix flush with external metadata device
    c553300f1453 cifs: fix interrupted close commands
    d17a9571e392 smb3: remove unused flag passed into close functions
    55a4dff288af ext4: don't leak old mountpoint samples
    2003c669df4c ext4: fix bug for rename with RENAME_WHITEOUT
    425faacff213 drm/i915/backlight: fix CPU mode backlight takeover on LPT
    72eb9fc82aea btrfs: tree-checker: check if chunk item end overflows
    82a948fc67ea r8152: Add Lenovo Powered USB-C Travel Hub
    ad5f19c7e9ce dm integrity: fix the maximum number of arguments
    5caac6317daf dm snapshot: flush merged data before committing metadata
    2017b99ec205 dm raid: fix discard limits for raid1
    4335af6c62fc mm/hugetlb: fix potential missing huge page size info
    c64366620d91 ACPI: scan: Harden acpi_device_add() against device ID overflows
    bc0b70f1d28c RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd()
    f7a97dc302be MIPS: relocatable: fix possible boot hangup with KASLR enabled
    f5c2f7970683 MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
    a650107de374 mips: lib: uncached: fix non-standard usage of variable 'sp'
    bda45bbc8e03 mips: fix Section mismatch in reference
    aeb64ef1f429 tracing/kprobes: Do the notrace functions check without kprobes on ftrace
    984f57e4258c x86/hyperv: check cpu mask after interrupt has been disabled
    1a202b9b9d23 ASoC: dapm: remove widget from dirty list on free
    82d1a5f6f2e5 btrfs: prevent NULL pointer dereference in extent_io_tree_panic
    bb562e6e0358 kbuild: enforce -Werror=return-type

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 80d066f627225e9eefba84c799e9b27bc17526fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 4ca458ee8f..a9634c330a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "6b0893e9fddb5473b181b29059fe64980f353c83"
-SRCREV_meta ?= "d676bf5ff7b7071e14f44498d2482c0a596f14cd"
+SRCREV_machine ?= "84a6ec1f97d6b6afebe3514e772536342a4189fc"
+SRCREV_meta ?= "e120076c07e69166ebeac0eee011c085bbde2139"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.90"
+LINUX_VERSION ?= "5.4.94"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 32fbf9dc55..bd21c619c9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.90"
+LINUX_VERSION ?= "5.4.94"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "c65142e64f3d705d0b978b44394d274165d872b2"
-SRCREV_machine ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_meta ?= "d676bf5ff7b7071e14f44498d2482c0a596f14cd"
+SRCREV_machine_qemuarm ?= "768311f24c5d817e7cb9ee0803790ee284e9ff30"
+SRCREV_machine ?= "31db2b47ac7d8508080fbb7344399b501216de66"
+SRCREV_meta ?= "e120076c07e69166ebeac0eee011c085bbde2139"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 89412fddda..9c044dc06c 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "17c98abae21d7d1bf43b58edc3d4aa2992436385"
-SRCREV_machine_qemuarm64 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_machine_qemumips ?= "47a679ac3ca38116beaeb071888c01ef050f1424"
-SRCREV_machine_qemuppc ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_machine_qemuriscv64 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_machine_qemux86 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_machine_qemux86-64 ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_machine_qemumips64 ?= "e4714b9bb683cf08909e6dc2e91fd508e56bfbc2"
-SRCREV_machine ?= "d4bbfa0e2416ced1a3b4d05fa853e3171f034c57"
-SRCREV_meta ?= "d676bf5ff7b7071e14f44498d2482c0a596f14cd"
+SRCREV_machine_qemuarm ?= "17b04c3b496d6a89d5de8ef97ce8c2675ac19814"
+SRCREV_machine_qemuarm64 ?= "31db2b47ac7d8508080fbb7344399b501216de66"
+SRCREV_machine_qemumips ?= "4b4534a5bb1e765574349baf31dddceb521e6bec"
+SRCREV_machine_qemuppc ?= "31db2b47ac7d8508080fbb7344399b501216de66"
+SRCREV_machine_qemuriscv64 ?= "31db2b47ac7d8508080fbb7344399b501216de66"
+SRCREV_machine_qemux86 ?= "31db2b47ac7d8508080fbb7344399b501216de66"
+SRCREV_machine_qemux86-64 ?= "31db2b47ac7d8508080fbb7344399b501216de66"
+SRCREV_machine_qemumips64 ?= "a3b16f0dc7b90e68e5a7d38e0ab70cbe290ec9a6"
+SRCREV_machine ?= "31db2b47ac7d8508080fbb7344399b501216de66"
+SRCREV_meta ?= "e120076c07e69166ebeac0eee011c085bbde2139"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.90"
+LINUX_VERSION ?= "5.4.94"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 15/28] buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES variable

[Steve Sakoman]

From: Peter Bergin <peter@berginkonsult.se>

An exception is fired when a BuildStarted event is sent to buildhistory bbclass
and the variable BUILDHISTORY_FEATURES is not set.

    ERROR: Execution of event handler 'buildhistory_eventhandler' failed
    Traceback (most recent call last):
      File "<...>/meta/classes/buildhistory.bbclass", line 862, in buildhistory_eventhandler(e=<bb.event.BuildStarted object at 0x7f94c3810250>):
         python buildhistory_eventhandler() {
        >    if e.data.getVar('BUILDHISTORY_FEATURES').strip():
                 reset = e.data.getVar("BUILDHISTORY_RESET")
    AttributeError: 'NoneType' object has no attribute 'strip'

This can happen in a multiconfig build where the default configuration use the
buildhistory class but not the configuration in mc. It should be a rare case that
this happens and it was found in a missconfigured build.

Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a74e30a4de02c8efd3e7102ba7a4fe06df53cc34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/buildhistory.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass
index 156324d339..8a1359acbe 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -852,7 +852,7 @@ END
 }
 
 python buildhistory_eventhandler() {
-    if e.data.getVar('BUILDHISTORY_FEATURES').strip():
+    if (e.data.getVar('BUILDHISTORY_FEATURES') or "").strip():
         reset = e.data.getVar("BUILDHISTORY_RESET")
         olddir = e.data.getVar("BUILDHISTORY_OLD_DIR")
         if isinstance(e, bb.event.BuildStarted):
-- 
2.25.1

[OE-core][dunfell 16/28] npm.bbclass: use python3 for npm config

[Steve Sakoman]

From: Vyacheslav Yurkov <uvv.mail@gmail.com>

python2-native executable is not available in sysroot anymore, which
causes compilation of some nodejs modules to fail. Switch to python3 as a
default python version.

Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d21f50ecf8e8683a92b7d234fa8225c2c1470595)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/npm.bbclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 068032a1e5..f83c6e496e 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -17,6 +17,8 @@
 #  NPM_INSTALL_DEV:
 #       Set to 1 to also install devDependencies.
 
+inherit python3native
+
 DEPENDS_prepend = "nodejs-native "
 RDEPENDS_${PN}_prepend = "nodejs "
 
@@ -237,9 +239,7 @@ python npm_do_compile() {
         sysroot = d.getVar("RECIPE_SYSROOT_NATIVE")
         nodedir = os.path.join(sysroot, d.getVar("prefix_native").strip("/"))
         configs.append(("nodedir", nodedir))
-        bindir = os.path.join(sysroot, d.getVar("bindir_native").strip("/"))
-        pythondir = os.path.join(bindir, "python-native", "python")
-        configs.append(("python", pythondir))
+        configs.append(("python", d.getVar("PYTHON")))
 
         # Add node-pre-gyp configuration
         args.append(("target_arch", d.getVar("NPM_ARCH")))
-- 
2.25.1

[OE-core][dunfell 17/28] python3: Use addtask statement instead of task dependencies

[Steve Sakoman]

From: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>

The externalsrc class deletes do_patch task which results with:
| ERROR: Task do_create_manifest in <PATH>/python3_3.8.2.bb depends upon
| non-existent task do_patch in <PATH>/python3_3.8.2.bb

Use addtask to define correct order to prevent this error, since addtask
mechanism accepts deleted tasks.

[YOCTO #14151]

Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a746d034fa7eaad4f4876fa61c5a8c3c15e211c8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3_3.8.2.bb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.2.bb
index a86542e547..a448b3ed97 100644
--- a/meta/recipes-devtools/python/python3_3.8.2.bb
+++ b/meta/recipes-devtools/python/python3_3.8.2.bb
@@ -312,11 +312,8 @@ do_create_manifest() {
 }
 
 # bitbake python -c create_manifest
-addtask do_create_manifest
-
 # Make sure we have native python ready when we create a new manifest
-do_create_manifest[depends] += "${PN}:do_prepare_recipe_sysroot"
-do_create_manifest[depends] += "${PN}:do_patch"
+addtask do_create_manifest after do_patch do_prepare_recipe_sysroot
 
 # manual dependency additions
 RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules"
-- 
2.25.1

[OE-core][dunfell 18/28] image_types: Ensure tar archives are reproducible

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The tar output seems to vary depending on the version of tar used and distro
configuration. Be explict about the output format to avoid this and be
determinstic.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c56f3c9febc1732aa1302524c6c4da36f16bd1f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/image_types.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
index d81747527b..6de16d42b9 100644
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -126,7 +126,7 @@ IMAGE_CMD_squashfs-lz4 = "mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAM
 # required when extracting, but it seems prudent to use it in both cases.
 IMAGE_CMD_TAR ?= "tar"
 # ignore return code 1 "file changed as we read it" as other tasks(e.g. do_image_wic) may be hardlinking rootfs
-IMAGE_CMD_tar = "${IMAGE_CMD_TAR} --sort=name --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
+IMAGE_CMD_tar = "${IMAGE_CMD_TAR} --sort=name --format=gnu --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
 
 do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append"
 IMAGE_CMD_cpio () {
-- 
2.25.1

[OE-core][dunfell 19/28] qemu.inc: Should depend on qemu-system-native, not qemu-native

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

This looks like it was from before the recipe was split, we'd expect
the system qemu mode for running the images so the dependency should be
updated.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3a4fed4ae0e8a0d1bd62ea5fa1ef12925e1f20f5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/machine/include/qemu.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/machine/include/qemu.inc b/meta/conf/machine/include/qemu.inc
index 8dedb1a42d..7d0a6fe458 100644
--- a/meta/conf/machine/include/qemu.inc
+++ b/meta/conf/machine/include/qemu.inc
@@ -21,7 +21,7 @@ RDEPENDS_${KERNEL_PACKAGE_NAME}-base = ""
 # Use a common kernel recipe for all QEMU machines
 PREFERRED_PROVIDER_virtual/kernel ??= "linux-yocto"
 
-EXTRA_IMAGEDEPENDS += "qemu-native qemu-helper-native"
+EXTRA_IMAGEDEPENDS += "qemu-system-native qemu-helper-native"
 
 # Provide the nfs server kernel module for all qemu images
 KERNEL_FEATURES_append_pn-linux-yocto = " features/nfsd/nfsd-enable.scc"
-- 
2.25.1

[OE-core][dunfell 20/28] glib-2.0: Rename patch file for CVE-2020-35457

[Steve Sakoman]

From: Anatol Belski <anbelski@linux.microsoft.com>

The naming convention needs to be help so the CVE is recognized as
fixed by the tooling.

Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ion-to-avoid-GOptionEntry-lis.patch => CVE-2020-35457.patch} | 0
 meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb                   | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/glib-2.0/glib-2.0/{0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch => CVE-2020-35457.patch} (100%)

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch
similarity index 100%
rename from meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch
rename to meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
index 0ad14a0878..1a006b9f38 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
@@ -17,7 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
            file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
            file://tzdata-update.patch \
-           file://0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch \
+           file://CVE-2020-35457.patch \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"
-- 
2.25.1

[OE-core][dunfell 21/28] layer.conf: fix sanity error for PATH variable in extensible SDK workflow

[Steve Sakoman]

From: Sourabh Banerjee <sbanerje@codeaurora.org>

Sanity checker reports following error for the PATH variable,
when bitbake -e <recipe> command is run in an extensible SDK workspace.
   PATH contains '.', './' or '' (empty element), which will break the build

In case of extensible SDK, PATH variable is formed with two consecutive ':'
as bb.utils.which(d.getVar('PATH'),'bitbake') call returns an empty string.

This change adds ':' if BITBAKEPATH is a non empty string.

Signed-off-by: Sourabh Banerjee <sbanerje@codeaurora.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 05a87be51b44608ce4f77ac332df90a3cd2445ef)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/layer.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf
index 0249f21d07..1c432275be 100644
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -100,4 +100,6 @@ SSTATE_EXCLUDEDEPS_SYSROOT += "\
 SSTATE_EXCLUDEDEPS_SYSROOT += ".*->autoconf-archive-native"
 
 # We need to keep bitbake tools in PATH
-PATH := "${@os.path.dirname(bb.utils.which(d.getVar('PATH'),'bitbake'))}:${HOSTTOOLS_DIR}"
+# Avoid empty path entries
+BITBAKEPATH := "${@os.path.dirname(bb.utils.which(d.getVar('PATH'),'bitbake'))}"
+PATH := "${@'${BITBAKEPATH}:' if '${BITBAKEPATH}' is not '' else ''}${HOSTTOOLS_DIR}"
-- 
2.25.1

[OE-core][dunfell 22/28] lib/oe/patch.py: Ignore scissors line on applying patch

[Steve Sakoman]

From: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>

The "devtool modify" could remove message body before scissors line, so
patches re-generated from git tree were incorrectly modified.
Adding --no-scissors to "git am" invocation to prevent this behaviour.

[YOCTO #12674]

Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13ea33fbd197b9ee3cf913d9995617115f22798f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/patch.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 7ca2e28b1f..7cd8436da5 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -512,7 +512,7 @@ class GitApplyTree(PatchTree):
             try:
                 shellcmd = [patchfilevar, "git", "--work-tree=%s" % reporoot]
                 self.gitCommandUserOptions(shellcmd, self.commituser, self.commitemail)
-                shellcmd += ["am", "-3", "--keep-cr", "-p%s" % patch['strippath']]
+                shellcmd += ["am", "-3", "--keep-cr", "--no-scissors", "-p%s" % patch['strippath']]
                 return _applypatchhelper(shellcmd, patch, force, reverse, run)
             except CmdError:
                 # Need to abort the git am, or we'll still be within it at the end
-- 
2.25.1

[OE-core][dunfell 23/28] opkg: Fix build reproducibility issue

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

A build date was leaking into the generated docs and makefile used for
ptests leading to reproducibility issues each time the month changed.

Add a patch to use SOURCE_DATE_EPOCH to derive it if available.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6a9ca7aec4991eabd425e32fdf85f51bb1686b8b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../opkg/opkg/sourcedateepoch.patch           | 25 +++++++++++++++++++
 meta/recipes-devtools/opkg/opkg_0.4.2.bb      |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 meta/recipes-devtools/opkg/opkg/sourcedateepoch.patch

diff --git a/meta/recipes-devtools/opkg/opkg/sourcedateepoch.patch b/meta/recipes-devtools/opkg/opkg/sourcedateepoch.patch
new file mode 100644
index 0000000000..285d258c63
--- /dev/null
+++ b/meta/recipes-devtools/opkg/opkg/sourcedateepoch.patch
@@ -0,0 +1,25 @@
+Having CLEAN_DATE come from the current date doesn't allow for build
+reproducibility. Add the option of using SOURCE_DATE_EPOCH if set
+which for OE, it will be.
+
+Upstream-Status: Pending
+RP 2021/2/2
+
+Index: opkg-0.4.4/configure.ac
+===================================================================
+--- opkg-0.4.4.orig/configure.ac
++++ opkg-0.4.4/configure.ac
+@@ -281,7 +281,12 @@ AC_FUNC_UTIME_NULL
+ AC_FUNC_VPRINTF
+ AC_CHECK_FUNCS([memmove memset mkdir regcomp strchr strcspn strdup strerror strndup strrchr strstr strtol strtoul sysinfo utime])
+ 
+-CLEAN_DATE=`date +"%B %Y" | tr -d '\n'`
++1607446883
++if [ ! -z "$SOURCE_DATE_EPOCH" ]; then
++    CLEAN_DATE=`LC_ALL=C date -d @$SOURCE_DATE_EPOCH +"%B %Y" | tr -d '\n'`
++else
++    CLEAN_DATE=`date +"%B %Y" | tr -d '\n'`
++fi
+ 
+ AC_SUBST([CLEAN_DATE])
+ 
diff --git a/meta/recipes-devtools/opkg/opkg_0.4.2.bb b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
index 66a74dc5ed..516982c6f5 100644
--- a/meta/recipes-devtools/opkg/opkg_0.4.2.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
@@ -14,6 +14,7 @@ PE = "1"
 SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \
            file://opkg.conf \
            file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
+           file://sourcedateepoch.patch \
            file://run-ptest \
 "
 
-- 
2.25.1

[OE-core][dunfell 24/28] sstatesig: Add descriptive error message to getpwuid/getgrgid "uid/gid not found" KeyError

[Steve Sakoman]

From: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>

If path is not owned by any user installed on target it gives
insufficient error "getpwuid(): uid not found" which may be misleading.
This exception occurs if uid/gid of path was not found in PSEUDO_PASSWD
files, which simply means the path is owned by host user and there is
host user contamination.

Add more information to the exception message to make it easier for user
to debug.

[YOCTO #14031]

Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 38540b59ed4ec8632e30a5fd6364b010d9da8470)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/sstatesig.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index f98543cc46..aeceb100d7 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -552,9 +552,11 @@ def OEOuthashBasic(path, sigfile, task, d):
                     try:
                         update_hash(" %10s" % pwd.getpwuid(s.st_uid).pw_name)
                         update_hash(" %10s" % grp.getgrgid(s.st_gid).gr_name)
-                    except KeyError:
+                    except KeyError as e:
                         bb.warn("KeyError in %s" % path)
-                        raise
+                        msg = ("KeyError: %s\nPath %s is owned by uid %d, gid %d, which doesn't match "
+                            "any user/group on target. This may be due to host contamination." % (e, path, s.st_uid, s.st_gid))
+                        raise Exception(msg).with_traceback(e.__traceback__)
 
                 if include_timestamps:
                     update_hash(" %10d" % s.st_mtime)
-- 
2.25.1

[OE-core][dunfell 25/28] rng-tools: fix rngd_jitter initialization

[Steve Sakoman]

From: Julien Massot <julien.massot@iot.bzh>

rngd daemon may spam the console when using an older version
than 6.11.

Backport patches from https://github.com/nhorman/rng-tools/pull/99/commits

Signed-off-by: Julien Massot <julien.massot@iot.bzh>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-O_NONBLOCK-setting-for-entropy-pipe.patch | 26 +++++++++++++
 ...ialize-AES-key-before-setting-the-en.patch | 38 +++++++++++++++++++
 ...ys-read-from-entropy-pipe-before-set.patch | 38 +++++++++++++++++++
 .../rng-tools/rng-tools_6.9.bb                |  3 ++
 4 files changed, 105 insertions(+)
 create mode 100644 meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
 create mode 100644 meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
 create mode 100644 meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch

diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
new file mode 100644
index 0000000000..3b44095cf5
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch
@@ -0,0 +1,26 @@
+From 6ce86cb5cf06541cd5aad70fe8494b07b22c247e Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schiffer@tq-group.com>
+Date: Wed, 27 Jan 2021 16:10:32 +0100
+Subject: [PATCH] rngd_jitter: fix O_NONBLOCK setting for entropy pipe
+
+A pointer was passed to fcntl instead of the flags variable, setting
+random flags.
+
+Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
+---
+ rngd_jitter.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 32bac53..25b3543 100644
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -465,7 +465,7 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ 
+ 	flags = fcntl(pipefds[0], F_GETFL, 0);
+ 	flags |= O_NONBLOCK;
+-	fcntl(pipefds[0], F_SETFL, &flags);
++	fcntl(pipefds[0], F_SETFL, flags);
+ 
+ 	if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ #ifdef HAVE_LIBGCRYPT
diff --git a/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
new file mode 100644
index 0000000000..34f8227543
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch
@@ -0,0 +1,38 @@
+From 330c2ba14510c8103b30d5021adb18f1534031a1 Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schiffer@tq-group.com>
+Date: Wed, 27 Jan 2021 16:18:09 +0100
+Subject: [PATCH] rngd_jitter: initialize AES key before setting the entropy
+ pipe to O_NONBLOCK
+
+Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
+---
+ rngd_jitter.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 25b3543..48f344c 100644
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -463,10 +463,6 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ 		pthread_mutex_unlock(&tdata[i].statemtx);
+ 	}
+ 
+-	flags = fcntl(pipefds[0], F_GETFL, 0);
+-	flags |= O_NONBLOCK;
+-	fcntl(pipefds[0], F_SETFL, flags);
+-
+ 	if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ #ifdef HAVE_LIBGCRYPT
+ 		/*
+@@ -487,6 +483,11 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ 			ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 1;
+ 		}
+ 		xread_jitter(aes_buf, tdata[0].buf_sz, ent_src);
++
++		flags = fcntl(pipefds[0], F_GETFL, 0);
++		flags |= O_NONBLOCK;
++		fcntl(pipefds[0], F_SETFL, flags);
++
+ #else
+ 		message_entsrc(ent_src,LOG_CONS|LOG_INFO, "libgcrypt not available. Disabling AES in JITTER source\n");
+ 		ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
diff --git a/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
new file mode 100644
index 0000000000..b3bc8028ea
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch
@@ -0,0 +1,38 @@
+From 36bc92ef2789b13183c8895d83665f48b13c2b9e Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <matthias.schiffer@tq-group.com>
+Date: Wed, 27 Jan 2021 16:22:39 +0100
+Subject: [PATCH] rngd_jitter: always read from entropy pipe before setting
+ O_NONBLOCK
+
+Even with AES disabled, we want to make sure that jent_read_entropy() has
+already generated some entropy before we consider the the source
+initialized. Otherwise "Entropy Generation is slow" log spam will be
+emitteded until this has happened, which can take several seconds.
+
+Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
+---
+ rngd_jitter.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index 48f344c..b736cdd 100644
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -492,6 +492,17 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ 		message_entsrc(ent_src,LOG_CONS|LOG_INFO, "libgcrypt not available. Disabling AES in JITTER source\n");
+ 		ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
+ #endif
++	} else {
++		/*
++		 * Make sure that an entropy gathering thread has generated
++		 * at least some entropy before setting O_NONBLOCK and finishing
++		 * the entropy source initialization.
++		 *
++		 * This avoids "Entropy Generation is slow" log spamming that
++		 * would otherwise happen until jent_read_entropy() has run
++		 * for the first time.
++		 */
++		xread_jitter(&i, 1, ent_src);
+ 	}
+ 	message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling JITTER rng support\n");
+ 	return 0;
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.9.bb b/meta/recipes-support/rng-tools/rng-tools_6.9.bb
index 913342c315..b8c6f022f3 100644
--- a/meta/recipes-support/rng-tools/rng-tools_6.9.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_6.9.bb
@@ -10,6 +10,9 @@ DEPENDS = "sysfsutils"
 
 SRC_URI = "\
     git://github.com/nhorman/rng-tools.git \
+    file://0001-rngd_jitter-fix-O_NONBLOCK-setting-for-entropy-pipe.patch \
+    file://0002-rngd_jitter-initialize-AES-key-before-setting-the-en.patch \
+    file://0003-rngd_jitter-always-read-from-entropy-pipe-before-set.patch \
     file://init \
     file://default \
     file://rngd.service \
-- 
2.25.1

[OE-core][dunfell 26/28] classes/image_types_wic: Reorder do_flush_pseudodb

[Steve Sakoman]

From: Ricardo Ribalda <ricardo.ribalda@gmail.com>

When IMAGE_FSTYPES contains more types than wic, it can happen than the
pseudo database is not flushed properly.

This can be solved by changing the order of when do_flush_pseudodb is
launched.

Yocto Bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13898
Fixes: dde90a5dd2b2 ("wic: Fix multi images .wks with bitbake")
Signed-off-by: Ricardo Ribalda <ricardo@ribalda.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 445b0a9544b55735496bbb23dbff3399b3b9e9a4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/image_types_wic.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image_types_wic.bbclass b/meta/classes/image_types_wic.bbclass
index f6c8d8995e..ae00acc5ea 100644
--- a/meta/classes/image_types_wic.bbclass
+++ b/meta/classes/image_types_wic.bbclass
@@ -151,7 +151,7 @@ python do_rootfs_wicenv () {
     depdir = d.getVar('IMGDEPLOYDIR')
     bb.utils.copyfile(os.path.join(outdir, basename) + '.env', os.path.join(depdir, basename) + '.env')
 }
-addtask do_flush_pseudodb after do_image before do_image_wic
+addtask do_flush_pseudodb after do_rootfs before do_image do_image_qa
 addtask do_rootfs_wicenv after do_image before do_image_wic
 do_rootfs_wicenv[vardeps] += "${WICVARS}"
 do_rootfs_wicenv[prefuncs] = 'set_image_size'
-- 
2.25.1

[OE-core][dunfell 27/28] oeqa: wic: Add tests for permissions and change-directory

[Steve Sakoman]

From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>

Make sure that the permissions and username are respected when using all
the rootfs modifiers.

Add tests for change-directory command

Cc: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4aad9531df44d1b0637bd559161702ad86861b46)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/wic.py | 90 +++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index 13b6a0cc72..d4c0db8bda 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -62,6 +62,12 @@ def extract_files(debugfs_output):
     return [line.split('/')[5].strip() for line in \
             debugfs_output.strip().split('/\n')]
 
+def files_own_by_root(debugfs_output):
+    for line in debugfs_output.strip().split('/\n'):
+        if line.split('/')[3:5] != ['0', '0']:
+            print(debugfs_output)
+            return False
+    return True
 
 class WicTestCase(OESelftestTestCase):
     """Wic test class."""
@@ -84,6 +90,7 @@ class WicTestCase(OESelftestTestCase):
                 self.skipTest('wic-tools cannot be built due its (intltool|gettext)-native dependency and NLS disable')
 
             bitbake('core-image-minimal')
+            bitbake('core-image-minimal-mtdutils')
             WicTestCase.image_is_ready = True
 
         rmtree(self.resultdir, ignore_errors=True)
@@ -506,6 +513,89 @@ part /part2 --source rootfs --ondisk mmcblk0 --fstype=ext4 --include-path %s"""
                                       % (wks_file, self.resultdir), ignore_status=True).status)
         os.remove(wks_file)
 
+    def test_permissions(self):
+        """Test permissions are respected"""
+
+        oldpath = os.environ['PATH']
+        os.environ['PATH'] = get_bb_var("PATH", "wic-tools")
+
+        t_normal = """
+part / --source rootfs --fstype=ext4
+"""
+        t_exclude = """
+part / --source rootfs --fstype=ext4 --exclude-path=home
+"""
+        t_multi = """
+part / --source rootfs --ondisk sda --fstype=ext4
+part /export --source rootfs --rootfs=core-image-minimal-mtdutils --fstype=ext4
+"""
+        t_change = """
+part / --source rootfs --ondisk sda --fstype=ext4 --exclude-path=etc/   
+part /etc --source rootfs --fstype=ext4 --change-directory=etc
+"""
+        tests = [t_normal, t_exclude, t_multi, t_change]
+
+        try:
+            for test in tests:
+                include_path = os.path.join(self.resultdir, 'test-include')
+                os.makedirs(include_path)
+                wks_file = os.path.join(include_path, 'temp.wks')
+                with open(wks_file, 'w') as wks:
+                    wks.write(test)
+                runCmd("wic create %s -e core-image-minimal -o %s" \
+                                       % (wks_file, self.resultdir))
+
+                for part in glob(os.path.join(self.resultdir, 'temp-*.direct.p*')):
+                    res = runCmd("debugfs -R 'ls -p' %s 2>/dev/null" % (part))
+                    self.assertEqual(True, files_own_by_root(res.output))
+
+                rmtree(self.resultdir, ignore_errors=True)
+
+        finally:
+            os.environ['PATH'] = oldpath
+
+    def test_change_directory(self):
+        """Test --change-directory wks option."""
+
+        oldpath = os.environ['PATH']
+        os.environ['PATH'] = get_bb_var("PATH", "wic-tools")
+
+        try:
+            include_path = os.path.join(self.resultdir, 'test-include')
+            os.makedirs(include_path)
+            wks_file = os.path.join(include_path, 'temp.wks')
+            with open(wks_file, 'w') as wks:
+                wks.write("part /etc --source rootfs --fstype=ext4 --change-directory=etc")
+            runCmd("wic create %s -e core-image-minimal -o %s" \
+                                       % (wks_file, self.resultdir))
+
+            part1 = glob(os.path.join(self.resultdir, 'temp-*.direct.p1'))[0]
+
+            res = runCmd("debugfs -R 'ls -p' %s 2>/dev/null" % (part1))
+            files = extract_files(res.output)
+            self.assertIn('passwd', files)
+
+        finally:
+            os.environ['PATH'] = oldpath
+
+    def test_change_directory_errors(self):
+        """Test --change-directory wks option error handling."""
+        wks_file = 'temp.wks'
+
+        # Absolute argument.
+        with open(wks_file, 'w') as wks:
+            wks.write("part / --source rootfs --fstype=ext4 --change-directory /usr")
+        self.assertNotEqual(0, runCmd("wic create %s -e core-image-minimal -o %s" \
+                                      % (wks_file, self.resultdir), ignore_status=True).status)
+        os.remove(wks_file)
+
+        # Argument pointing to parent directory.
+        with open(wks_file, 'w') as wks:
+            wks.write("part / --source rootfs --fstype=ext4 --change-directory ././..")
+        self.assertNotEqual(0, runCmd("wic create %s -e core-image-minimal -o %s" \
+                                      % (wks_file, self.resultdir), ignore_status=True).status)
+        os.remove(wks_file)
+
 class Wic2(WicTestCase):
 
     def test_bmap_short(self):
-- 
2.25.1

[OE-core][dunfell 28/28] wic/selftest: test_permissions also test bitbake image

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

existing test case test_permissions use Wic command as standalone
tools to create wic image and check that wic image for permissions.

add extra steps to the test case to also check against image build
using bitbake do_image_wic.

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 551ce73a90757ba43501fe5cf9ac84a7b77de549)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/wic.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py
index d4c0db8bda..0435aa29c9 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -516,6 +516,9 @@ part /part2 --source rootfs --ondisk mmcblk0 --fstype=ext4 --include-path %s"""
     def test_permissions(self):
         """Test permissions are respected"""
 
+        # prepare wicenv and rootfs
+        bitbake('core-image-minimal core-image-minimal-mtdutils -c do_rootfs_wicenv')
+
         oldpath = os.environ['PATH']
         os.environ['PATH'] = get_bb_var("PATH", "wic-tools")
 
@@ -549,6 +552,19 @@ part /etc --source rootfs --fstype=ext4 --change-directory=etc
                     res = runCmd("debugfs -R 'ls -p' %s 2>/dev/null" % (part))
                     self.assertEqual(True, files_own_by_root(res.output))
 
+                config = 'IMAGE_FSTYPES += "wic"\nWKS_FILE = "%s"\n' % wks_file
+                self.append_config(config)
+                bitbake('core-image-minimal')
+                tmpdir = os.path.join(get_bb_var('WORKDIR', 'core-image-minimal'),'build-wic')
+
+                # check each partition for permission
+                for part in glob(os.path.join(tmpdir, 'temp-*.direct.p*')):
+                    res = runCmd("debugfs -R 'ls -p' %s 2>/dev/null" % (part))
+                    self.assertTrue(files_own_by_root(res.output)
+                        ,msg='Files permission incorrect using wks set "%s"' % test)
+
+                # clean config and result directory for next cases
+                self.remove_config(config)
                 rmtree(self.resultdir, ignore_errors=True)
 
         finally:
-- 
2.25.1

Re: [OE-core][dunfell 18/28] image_types: Ensure tar archives are reproducible

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 1922 bytes --]

Please add this only together with
https://git.openembedded.org/openembedded-core/commit/?id=3ecea58f2a3382d9f4b410d6ad7089111334cb6f

RP dropped this one from last gatesgarth PR as well until both are applied
at the same time:
https://lists.openembedded.org/g/openembedded-core/message/147712

On Mon, Feb 8, 2021 at 2:54 PM Steve Sakoman <steve@sakoman.com> wrote:

> From: Richard Purdie <richard.purdie@linuxfoundation.org>
>
> The tar output seems to vary depending on the version of tar used and
> distro
> configuration. Be explict about the output format to avoid this and be
> determinstic.
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit c56f3c9febc1732aa1302524c6c4da36f16bd1f7)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  meta/classes/image_types.bbclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes/image_types.bbclass
> b/meta/classes/image_types.bbclass
> index d81747527b..6de16d42b9 100644
> --- a/meta/classes/image_types.bbclass
> +++ b/meta/classes/image_types.bbclass
> @@ -126,7 +126,7 @@ IMAGE_CMD_squashfs-lz4 = "mksquashfs ${IMAGE_ROOTFS}
> ${IMGDEPLOYDIR}/${IMAGE_NAM
>  # required when extracting, but it seems prudent to use it in both cases.
>  IMAGE_CMD_TAR ?= "tar"
>  # ignore return code 1 "file changed as we read it" as other tasks(e.g.
> do_image_wic) may be hardlinking rootfs
> -IMAGE_CMD_tar = "${IMAGE_CMD_TAR} --sort=name --numeric-owner -cf
> ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} .
> || [ $? -eq 1 ]"
> +IMAGE_CMD_tar = "${IMAGE_CMD_TAR} --sort=name --format=gnu
> --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar
> -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
>
>  do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append"
>  IMAGE_CMD_cpio () {
> --
> 2.25.1
>
>
> 
>
>

[-- Attachment #2: Type: text/html, Size: 2759 bytes --]

Re: [OE-core][dunfell 18/28] image_types: Ensure tar archives are reproducible

[Steve Sakoman]

On Mon, Feb 8, 2021 at 4:20 AM Martin Jansa <martin.jansa@gmail.com> wrote:
>
> Please add this only together with
> https://git.openembedded.org/openembedded-core/commit/?id=3ecea58f2a3382d9f4b410d6ad7089111334cb6f

Just noticed that this morning, I will move this patch to the next
batch along with the follow on patch.

Steve

> RP dropped this one from last gatesgarth PR as well until both are applied at the same time:
> https://lists.openembedded.org/g/openembedded-core/message/147712
>
> On Mon, Feb 8, 2021 at 2:54 PM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> From: Richard Purdie <richard.purdie@linuxfoundation.org>
>>
>> The tar output seems to vary depending on the version of tar used and distro
>> configuration. Be explict about the output format to avoid this and be
>> determinstic.
>>
>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>> (cherry picked from commit c56f3c9febc1732aa1302524c6c4da36f16bd1f7)
>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>> ---
>>  meta/classes/image_types.bbclass | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
>> index d81747527b..6de16d42b9 100644
>> --- a/meta/classes/image_types.bbclass
>> +++ b/meta/classes/image_types.bbclass
>> @@ -126,7 +126,7 @@ IMAGE_CMD_squashfs-lz4 = "mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAM
>>  # required when extracting, but it seems prudent to use it in both cases.
>>  IMAGE_CMD_TAR ?= "tar"
>>  # ignore return code 1 "file changed as we read it" as other tasks(e.g. do_image_wic) may be hardlinking rootfs
>> -IMAGE_CMD_tar = "${IMAGE_CMD_TAR} --sort=name --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
>> +IMAGE_CMD_tar = "${IMAGE_CMD_TAR} --sort=name --format=gnu --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]"
>>
>>  do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append"
>>  IMAGE_CMD_cpio () {
>> --
>> 2.25.1
>>
>>
>> 
>>

Re: [OE-core][dunfell 23/28] opkg: Fix build reproducibility issue

[Richard Purdie]

On Mon, 2021-02-08 at 03:52 -1000, Steve Sakoman wrote:
> From: Richard Purdie <richard.purdie@linuxfoundation.org>
> 
> A build date was leaking into the generated docs and makefile used for
> ptests leading to reproducibility issues each time the month changed.
> 
> Add a patch to use SOURCE_DATE_EPOCH to derive it if available.
> 
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 6a9ca7aec4991eabd425e32fdf85f51bb1686b8b)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  .../opkg/opkg/sourcedateepoch.patch           | 25 +++++++++++++++++++
>  meta/recipes-devtools/opkg/opkg_0.4.2.bb      |  1 +
>  2 files changed, 26 insertions(+)
>  create mode 100644 meta/recipes-devtools/opkg/opkg/sourcedateepoch.patch

I'd hold this one until I get the patch fixed...

Cheers,

Richard

Re: [OE-core][dunfell 23/28] opkg: Fix build reproducibility issue

[Steve Sakoman]

On Tue, Feb 9, 2021 at 4:34 AM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Mon, 2021-02-08 at 03:52 -1000, Steve Sakoman wrote:
> > From: Richard Purdie <richard.purdie@linuxfoundation.org>
> >
> > A build date was leaking into the generated docs and makefile used for
> > ptests leading to reproducibility issues each time the month changed.
> >
> > Add a patch to use SOURCE_DATE_EPOCH to derive it if available.
> >
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit 6a9ca7aec4991eabd425e32fdf85f51bb1686b8b)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> >  .../opkg/opkg/sourcedateepoch.patch           | 25 +++++++++++++++++++
> >  meta/recipes-devtools/opkg/opkg_0.4.2.bb      |  1 +
> >  2 files changed, 26 insertions(+)
> >  create mode 100644 meta/recipes-devtools/opkg/opkg/sourcedateepoch.patch
>
> I'd hold this one until I get the patch fixed...

Got it!  I'll remove from the pull request and wait till I see your
fix to resubmit.

Steve