subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 75d3609..28d0cc1 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -58,7 +58,8 @@
- $CI_PROJECT_DIR/work/build/tmp/work*/**/testimage/*
#
-# Prep stage, update repositories once
+# Prep stage, update repositories once.
+# Set the CI variable CI_CLEAN_REPOS=1 to refetch the respositories from scratch
#
update-repos:
extends: .setup
@@ -70,9 +71,12 @@
# Build stage, the actual build jobs
#
# Available options for building are
+# DISTRO: [poky, poky-tiny]
+# KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
# TOOLCHAINS: [gcc, clang, armgcc, external-gccarm]
# TCLIBC: [glibc, musl]
-# FIRMWARE: [uboot, edk2]
+# FIRMWARE: [u-boot, edk2]
+# TS: [none, trusted-services]
# VIRT: [none, xen]
# TESTING: testimage
@@ -88,7 +92,7 @@
extends: .build
parallel:
matrix:
- - TESTING: [testimage,tftf]
+ - TESTING: [testimage, tftf]
tags:
- x86_64
@@ -100,13 +104,7 @@
parallel:
matrix:
- TESTING: testimage
-
-fvp-base-arm32:
- extends: .build
- parallel:
- matrix:
- - TOOLCHAINS: [gcc, external-gccarm]
- TESTING: testimage
+ - FIRMWARE: edk2
fvp-baser-aemv8r64:
extends: .build
@@ -127,7 +125,7 @@
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
- FIRMWARE: [uboot, edk2]
+ FIRMWARE: [u-boot, edk2]
musca-b1:
extends: .build
@@ -146,14 +144,16 @@
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
+ - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
TESTING: testimage
qemuarm64-secureboot:
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
+ - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, trusted-services]
TESTING: testimage
@@ -162,8 +162,12 @@
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
- EFI: [uboot, edk2]
+ - DISTRO: poky
+ KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
+ FIRMWARE: [u-boot, edk2]
+ TESTING: testimage
+ - DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
@@ -171,15 +175,20 @@
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
+ - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang, external-gccarm]
TESTING: testimage
qemuarm:
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
- EFI: [uboot, edk2]
+ - DISTRO: poky
+ KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
+ FIRMWARE: [u-boot, edk2]
+ TESTING: testimage
+ - DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
@@ -187,7 +196,11 @@
extends: .build
parallel:
matrix:
- - TESTING: testimage
+ - DISTRO: poky
+ KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TESTING: testimage
+ - DISTRO: poky-tiny
+ TESTING: testimage
sgi575:
extends: .build