subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml
index a2063f1..eeee785 100644
--- a/meta-arm/ci/clang.yml
+++ b/meta-arm/ci/clang.yml
@@ -6,5 +6,8 @@
url: https://github.com/kraj/meta-clang
local_conf_header:
- clang: |
+ toolchain: |
TOOLCHAIN = "clang"
+ # This is needed to stop bitbake getting confused about what clang/llvm is
+ # being used, see https://github.com/kraj/meta-clang/pull/766
+ BBMASK += "/meta/recipes-devtools/llvm/llvm.*\.bb"
diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml
index 65ff9d3..d856cfe 100644
--- a/meta-arm/ci/corstone1000-common.yml
+++ b/meta-arm/ci/corstone1000-common.yml
@@ -3,13 +3,12 @@
includes:
- ci/base.yml
- ci/meta-openembedded.yml
+ - ci/poky-tiny.yml
local_conf_header:
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
-distro: poky-tiny
-
target:
- corstone1000-image
- perf
diff --git a/meta-arm/ci/corstone500.yml b/meta-arm/ci/corstone500.yml
index 437c97c..0f9592e 100644
--- a/meta-arm/ci/corstone500.yml
+++ b/meta-arm/ci/corstone500.yml
@@ -3,17 +3,10 @@
includes:
- ci/base.yml
- ci/fvp.yml
+ - ci/poky-tiny.yml
local_conf_header:
fvp-config: |
IMAGE_FEATURES:remove = " ssh-server-dropbear"
- extrapackages: |
- # Intentionally blank to prevent perf from being added to the image in base.yml
machine: corstone500
-
-distro: poky-tiny
-
-target:
- - core-image-minimal
- - perf
diff --git a/meta-arm/ci/fvp-base-arm32.yml b/meta-arm/ci/fvp-base-arm32.yml
deleted file mode 100644
index 9f790f6..0000000
--- a/meta-arm/ci/fvp-base-arm32.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-header:
- version: 11
- includes:
- - ci/base.yml
- - ci/fvp.yml
-
-machine: fvp-base-arm32
diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml
index a12c621..a8f8dfc 100644
--- a/meta-arm/ci/fvp.yml
+++ b/meta-arm/ci/fvp.yml
@@ -3,7 +3,7 @@
local_conf_header:
testimagefvp: |
- INHERIT = "fvpboot"
+ INHERIT += "fvpboot"
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
diff --git a/meta-arm/ci/gcc.yml b/meta-arm/ci/gcc.yml
new file mode 100644
index 0000000..a394368
--- /dev/null
+++ b/meta-arm/ci/gcc.yml
@@ -0,0 +1,7 @@
+header:
+ version: 11
+
+#NOTE: This is the default for poky. This is only being added for completeness/clarity
+local_conf_header:
+ toolchain: |
+ TOOLCHAIN = "gcc"
diff --git a/meta-arm/ci/glibc.yml b/meta-arm/ci/glibc.yml
new file mode 100644
index 0000000..adc85a7
--- /dev/null
+++ b/meta-arm/ci/glibc.yml
@@ -0,0 +1,7 @@
+header:
+ version: 11
+
+#NOTE: This is the default for poky. This is only being added for completeness/clarity
+local_conf_header:
+ libc: |
+ TCLIBC = "glibc"
diff --git a/meta-arm/ci/jobs-to-kas b/meta-arm/ci/jobs-to-kas
index d6896b7..b8615a5 100755
--- a/meta-arm/ci/jobs-to-kas
+++ b/meta-arm/ci/jobs-to-kas
@@ -18,7 +18,7 @@
# defaults, we can simply ignore those parameters. They are necessary
# to pass in so that matrix can correctly setup all of the permutations
# of each individual run.
- if [[ $i == 'none' || $i == 'gcc' || $i == 'glibc' || $i == 'uboot' ]]; then
+ if [[ $i == 'none' ]]; then
continue
fi
FILES+=":ci/$i.yml"
diff --git a/meta-arm/ci/linux-yocto-dev.yml b/meta-arm/ci/linux-yocto-dev.yml
new file mode 100644
index 0000000..a6fadce
--- /dev/null
+++ b/meta-arm/ci/linux-yocto-dev.yml
@@ -0,0 +1,6 @@
+header:
+ version: 9
+
+local_conf_header:
+ kernel: |
+ PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-dev"
diff --git a/meta-arm/ci/linux-yocto-rt.yml b/meta-arm/ci/linux-yocto-rt.yml
new file mode 100644
index 0000000..69d768c
--- /dev/null
+++ b/meta-arm/ci/linux-yocto-rt.yml
@@ -0,0 +1,6 @@
+header:
+ version: 9
+
+local_conf_header:
+ kernel: |
+ PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
diff --git a/meta-arm/ci/linux-yocto.yml b/meta-arm/ci/linux-yocto.yml
new file mode 100644
index 0000000..359fea5
--- /dev/null
+++ b/meta-arm/ci/linux-yocto.yml
@@ -0,0 +1,7 @@
+header:
+ version: 9
+
+#NOTE: This is the default for poky. This is only being added for completeness/clarity
+local_conf_header:
+ kernel: |
+ PREFERRED_PROVIDER_virtual/kernel = "linux-yocto"
diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml
new file mode 100644
index 0000000..cf252a0
--- /dev/null
+++ b/meta-arm/ci/poky-tiny.yml
@@ -0,0 +1,14 @@
+header:
+ version: 9
+
+distro: poky-tiny
+
+local_conf_header:
+ hacking: |
+ TEST_SUITES = "ping"
+ extrapackages: |
+ # Intentionally blank to prevent perf from being added to the image in base.yml
+
+target:
+ - core-image-minimal
+ - perf
diff --git a/meta-arm/ci/poky.yml b/meta-arm/ci/poky.yml
new file mode 100644
index 0000000..d4bcfeb
--- /dev/null
+++ b/meta-arm/ci/poky.yml
@@ -0,0 +1,4 @@
+header:
+ version: 9
+
+distro: poky
diff --git a/meta-arm/ci/u-boot.yml b/meta-arm/ci/u-boot.yml
new file mode 100644
index 0000000..76bdd23
--- /dev/null
+++ b/meta-arm/ci/u-boot.yml
@@ -0,0 +1,8 @@
+header:
+ version: 11
+
+local_conf_header:
+ bootfirmware: |
+ PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
+ TFA_UBOOT = "1"
+ TFA_UEFI = "0"
diff --git a/meta-arm/ci/update-repos b/meta-arm/ci/update-repos
index 91ff197..9487102 100755
--- a/meta-arm/ci/update-repos
+++ b/meta-arm/ci/update-repos
@@ -4,6 +4,7 @@
import sys
import os
+import shutil
import subprocess
import pathlib
@@ -34,9 +35,14 @@
for repo in repositories:
repodir = base_repodir / repo_shortname(repo)
+
+ if "CI_CLEAN_REPOS" in os.environ:
+ print("Cleaning %s..." % repo)
+ shutil.rmtree(repodir, ignore_errors=True)
+
if repodir.exists():
print("Updating %s..." % repo)
- subprocess.run(["git", "-C", repodir, "fetch"], check=True)
+ subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
else:
print("Cloning %s..." % repo)
subprocess.run(["git", "clone", "--bare", repo, repodir], check=True)