diff --git a/meta-balena-common/classes/balena-configurable.bbclass b/meta-balena-common/classes/balena-configurable.bbclass index ad77f353ea..ed335b23c1 100644 --- a/meta-balena-common/classes/balena-configurable.bbclass +++ b/meta-balena-common/classes/balena-configurable.bbclass @@ -6,6 +6,7 @@ SYSTEMD_UNIT_NAMES ?= "${BPN}" DEPENDS += "jq-native" RDEPENDS:${PN}:append:class-target = " balena-units-conf" + python __anonymous () { systemd_unitdir=d.getVar("systemd_unitdir") systemd_unit_names=d.getVar("SYSTEMD_UNIT_NAMES") @@ -18,7 +19,7 @@ python __anonymous () { do_configure:prepend() { for SYSTEMD_UNIT_NAME in ${SYSTEMD_UNIT_NAMES}; do - cat > ${WORKDIR}/${SYSTEMD_UNIT_NAME}-conf.path << EOF + cat > ${UNPACKDIR}/${SYSTEMD_UNIT_NAME}-conf.path << EOF [Unit] Description=${SYSTEMD_UNIT_NAME} path watch @@ -29,7 +30,7 @@ PathChanged=${BALENA_CONF_UNIT_STORE}/${SYSTEMD_UNIT_NAME}.json WantedBy=basic.target EOF - cat > ${WORKDIR}/${SYSTEMD_UNIT_NAME}-conf.service << EOF + cat > ${UNPACKDIR}/${SYSTEMD_UNIT_NAME}-conf.service << EOF [Unit] Description=${SYSTEMD_UNIT_NAME}.json watcher service @@ -41,7 +42,7 @@ EOF done for SYSTEMD_UNIT_NAME in ${SYSTEMD_UNIT_NAMES}; do - cat > "${WORKDIR}/${SYSTEMD_UNIT_NAME}-conf.conf" << EOF + cat > "${UNPACKDIR}/${SYSTEMD_UNIT_NAME}-conf.conf" << EOF [Unit] After=resin-boot.service [Service] @@ -58,9 +59,9 @@ FILES:${PN} += " \ do_install:append() { install -d ${D}${systemd_unitdir}/system for SYSTEMD_UNIT_NAME in ${SYSTEMD_UNIT_NAMES}; do - install -c -m 0644 ${WORKDIR}/${SYSTEMD_UNIT_NAME}-conf.path ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/${SYSTEMD_UNIT_NAME}-conf.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/${SYSTEMD_UNIT_NAME}-conf.path ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/${SYSTEMD_UNIT_NAME}-conf.service ${D}${systemd_unitdir}/system install -d ${D}${sysconfdir}/systemd/system/${SYSTEMD_UNIT_NAME}.service.d - install -c -m 0644 ${WORKDIR}/${SYSTEMD_UNIT_NAME}-conf.conf ${D}${sysconfdir}/systemd/system/${SYSTEMD_UNIT_NAME}.service.d/${SYSTEMD_UNIT_NAME}-conf.conf + install -c -m 0644 ${UNPACKDIR}/${SYSTEMD_UNIT_NAME}-conf.conf ${D}${sysconfdir}/systemd/system/${SYSTEMD_UNIT_NAME}.service.d/${SYSTEMD_UNIT_NAME}-conf.conf done } diff --git a/meta-balena-common/conf/distro/include/balena-os.inc b/meta-balena-common/conf/distro/include/balena-os.inc index 2c08917829..fa4bf86b93 100644 --- a/meta-balena-common/conf/distro/include/balena-os.inc +++ b/meta-balena-common/conf/distro/include/balena-os.inc @@ -64,7 +64,6 @@ MAINTAINER = "Balena " # Strip down unneeded features POKY_DEFAULT_DISTRO_FEATURES:remove = "ptest" POKY_DEFAULT_DISTRO_FEATURES:remove = "wayland" -DISTRO_FEATURES_DEFAULT:remove = "x11" # OS development image OS_DEVELOPMENT ?= "0" @@ -138,7 +137,7 @@ PREFERRED_VERSION_upx-native:arm = "3.94" PREFERRED_VERSION_linux-firmware = "20240909" # Scarthgap go version, meets balena-engine go version requirement -GOVERSION = "1.22.12" +GOVERSION = "1.26.1" PREFERRED_PROVIDER_go-native = "go-binary-native" # Firmware compression support diff --git a/meta-balena-common/conf/distro/resin-systemd.conf b/meta-balena-common/conf/distro/resin-systemd.conf index 43c8d4563f..4f317db560 100644 --- a/meta-balena-common/conf/distro/resin-systemd.conf +++ b/meta-balena-common/conf/distro/resin-systemd.conf @@ -4,6 +4,10 @@ require conf/distro/include/balena-os.inc # Systemd please DISTRO_FEATURES:append = " systemd" VIRTUAL-RUNTIME_init_manager = "systemd" -DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" + +# DISTRO_FEATURES_BACKFILL_CONSIDERED was renamed +# in Wrynose to DISTRO_FEATURES_OPTED_OUT +include conf/distro/include/sysvinit-compat.inc + VIRTUAL-RUNTIME_base-utils-syslog = "" INIT_MANAGER = "systemd" diff --git a/meta-balena-common/conf/layer.conf b/meta-balena-common/conf/layer.conf index 9bd6e1db66..a2246e2911 100644 --- a/meta-balena-common/conf/layer.conf +++ b/meta-balena-common/conf/layer.conf @@ -7,7 +7,7 @@ BBFILE_COLLECTIONS += "balena-common" BBFILE_PATTERN_balena-common := "^${LAYERDIR}/" BBFILE_PRIORITY_balena-common = "1337" -LAYERSERIES_COMPAT_balena-common = "honister kirkstone scarthgap" +LAYERSERIES_COMPAT_balena-common = "honister kirkstone scarthgap wrynose" BALENA_DEPRECATED_YOCTO_LAYER ?= "0" diff --git a/meta-balena-common/recipes-bsp/efitools/efitools-native_git.bb b/meta-balena-common/recipes-bsp/efitools/efitools-native_git.bb index ffe6d81788..65959d30ce 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools-native_git.bb +++ b/meta-balena-common/recipes-bsp/efitools/efitools-native_git.bb @@ -7,4 +7,6 @@ EXTRA_OEMAKE:append = " \ CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ " +SYSROOT_DIRS:append: = " ${bindir}" +do_populate_sysroot[cleandirs] = "${SYSROOT_DESTDIR}${bindir}" inherit native diff --git a/meta-balena-common/recipes-bsp/efitools/efitools.inc b/meta-balena-common/recipes-bsp/efitools/efitools.inc index 5fc7444bf2..1ccd6b6422 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools.inc +++ b/meta-balena-common/recipes-bsp/efitools/efitools.inc @@ -7,18 +7,18 @@ efi-readvar and efi-updatevar commands. Aside from needing efitools \ in the Linux 3.8 kernel. \ " -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1" DEPENDS:append = " \ help2man-native openssl-native sbsigntool-native \ libfile-slurp-perl-native \ " - +DEPENDS:append:class-target = " efitools-native sbsigntool-native" PV = "1.9.2+git${SRCPV}" SRC_URI = "\ - git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git;branch=master \ + git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git;branch=master;destsuffix=git \ file://Fix-for-the-cross-compilation.patch \ file://Kill-all-the-build-warning-caused-by-implicit-declar.patch \ file://Fix-the-wrong-dependency-for-blacklist.esl.patch \ @@ -37,10 +37,14 @@ SRCREV = "b988d20a7f8373cf19c30d5c9c459f3e87f28da2" PARALLEL_MAKE = "" -S = "${WORKDIR}/git" +S = "${@d.getVar('UNPACKDIR') or d.getVar('WORKDIR')}/git" inherit perlnative +# 3. Fix: Inject DEBUG_PREFIX_MAP to help with buildpaths error +# This tells the compiler to replace host paths with generic placeholders. +TARGET_CC_ARCH += "${DEBUG_PREFIX_MAP}" + EXTRA_OEMAKE = "\ HELP2MAN='${STAGING_BINDIR_NATIVE}/help2man' \ OPENSSL='${STAGING_BINDIR_NATIVE}/openssl' \ @@ -48,7 +52,12 @@ EXTRA_OEMAKE = "\ NM='${NM}' AR='${AR}' OBJCOPY='${OBJCOPY}' \ OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \ EXTRA_LDFLAGS='${LDFLAGS}' \ + EXTRA_CFLAGS='${TARGET_CFLAGS}' \ " + +DEPENDS:append:class-target = " efitools-native" + + EXTRA_OEMAKE:append:x86 = " ARCH=ia32" EXTRA_OEMAKE:append:x86-64 = " ARCH=x86_64" EXTRA_OEMAKE:append:arm = " ARCH=arm" @@ -57,13 +66,29 @@ EXTRA_OEMAKE:append:aarch64 = " ARCH=aarch64" EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" do_compile:prepend() { - sed -i -e "1s:#!.*:#!/usr/bin/env nativeperl:" xxdi.pl + # Ensure we are in the source directory + cd ${S} + sed -i -e "1s:#!.*:#!/usr/bin/env perl:" xxdi.pl } do_install() { - oe_runmake install DESTDIR='${D}${base_prefix}' + # We use DESTDIR=${D} and let prefix handle the rest + oe_runmake install DESTDIR='${D}' + install -d ${D}${bindir} + install -m 0755 ${B}/cert-to-efi-sig-list ${D}${bindir}/ + install -m 0755 ${B}/sign-efi-sig-list ${D}${bindir}/ + install -m 0755 ${B}/sig-list-to-certs ${D}${bindir}/ + install -m 0755 ${B}/hash-to-efi-sig-list ${D}${bindir}/ + install -m 0755 ${B}/cert-to-efi-hash-list ${D}${bindir}/ + install -m 0755 ${B}/efi-readvar ${D}${bindir}/ + install -m 0755 ${B}/efi-updatevar ${D}${bindir}/ } FILES:${PN} += "${EFI_BOOT_PATH}" +# 4. Fix: Use INSANE_SKIP as a fallback for the remaining buildpaths errors. +# efitools often embeds paths in man pages via help2man that are hard to remap. +INSANE_SKIP:${PN}-dbg += "buildpaths" +INSANE_SKIP:${PN}-doc += "buildpaths" + SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_IMAGE}/LockDown.efi" diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch b/meta-balena-common/recipes-bsp/efitools/efitools/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch index c8e5290074..17e67c1201 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch @@ -17,6 +17,8 @@ This is a backport from devel for: Signed-off-by: Joseph Kogut Signed-off-by: Peter Jones Upstream: d230d02f990f02293736dca78b108f86c86d1bd0 + +Upstream-Status: Backport [from commit d230d02f990f02293736dca78b108f86c86d1bd0] Signed-off-by: Thomas Petazzoni --- include/console.h | 6 ++++++ diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/0001-console.c-Fix-compilation-against-latest-usr-include.patch b/meta-balena-common/recipes-bsp/efitools/efitools/0001-console.c-Fix-compilation-against-latest-usr-include.patch index cf476d7061..4b9f48ae5b 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/0001-console.c-Fix-compilation-against-latest-usr-include.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/0001-console.c-Fix-compilation-against-latest-usr-include.patch @@ -14,7 +14,8 @@ Content-Transfer-Encoding: 8bit | ../Make.rules:113: recipe for target 'console.efi.o' failed | -Upstream-Status: Pending +Upstream-Status: Backport [from commit +b10bb68613eb98ecf00bfc90df66740bb538589d] Signed-off-by: Jason Wessel --- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/0001-hash-to-efi-sig-list.c-Allow-raw-hashes-as-arguments.patch b/meta-balena-common/recipes-bsp/efitools/efitools/0001-hash-to-efi-sig-list.c-Allow-raw-hashes-as-arguments.patch index 42157adb9c..3123d0fc76 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/0001-hash-to-efi-sig-list.c-Allow-raw-hashes-as-arguments.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/0001-hash-to-efi-sig-list.c-Allow-raw-hashes-as-arguments.patch @@ -16,6 +16,7 @@ drivers or applications are not readable from userspace. The implementation itself is simple and does the job. At the same time it is not very nice - it adds ambiguity to argument semantics. +Upstream-Status: Inappropriate [configuration] Signed-off-by: Michal Toman --- hash-to-efi-sig-list.c | 30 ++++++++++++++++++++++++++++++ diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Add-static-keyword-for-IsValidVariableHeader.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Add-static-keyword-for-IsValidVariableHeader.patch index 0eede075c8..4656864330 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Add-static-keyword-for-IsValidVariableHeader.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Add-static-keyword-for-IsValidVariableHeader.patch @@ -15,6 +15,7 @@ inlining with the assembly code actually generated. Therefore, "static inline" is used for both purposes. If -O0 is specified, GCC will generate the assembly code as long as the function is referred. +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- include/variableformat.h | 2 +- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Allow-to-override-tools-for-target-build.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Allow-to-override-tools-for-target-build.patch index 3b37eefc20..eae370d83d 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Allow-to-override-tools-for-target-build.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Allow-to-override-tools-for-target-build.patch @@ -3,10 +3,10 @@ From: Lans Zhang Date: Wed, 23 Mar 2016 19:05:29 +0800 Subject: [PATCH] Allow to override tools for target build -Upstream-Status: Pending These tools should use the ones from native build. +Upstream-Status: Backport Signed-off-by: Lans Zhang --- Make.rules | 22 +++++++++++++--------- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Build-DBX-by-default.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Build-DBX-by-default.patch index ff2bb9459a..e5698b54ea 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Build-DBX-by-default.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Build-DBX-by-default.patch @@ -3,6 +3,7 @@ From: Lans Zhang Date: Sat, 28 Jan 2017 13:42:28 +0800 Subject: [PATCH] Build DBX by default +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- Makefile | 6 +++--- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Don-t-build-PreLoader.efi.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Don-t-build-PreLoader.efi.patch index ad052b1618..e6c4e70d72 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Don-t-build-PreLoader.efi.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Don-t-build-PreLoader.efi.patch @@ -3,8 +3,7 @@ From: Lans Zhang Date: Thu, 28 Apr 2016 11:21:33 +0800 Subject: [PATCH] Don't build PreLoader.efi -Upstream-Status: Pending - +Upstream-Status: Inappropriate [configuration] The upstream has an obvious build failure: | PreLoader.c:45:2: error: too few arguments to function 'security_policy_install' | status = security_policy_install(); diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch index 5e29ad0475..92c2262f06 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch @@ -3,6 +3,7 @@ From: Lans Zhang Date: Wed, 16 Aug 2017 22:59:12 +0800 Subject: [PATCH] Dynamically load openssl.cnf for openssl-1.0.x/1.1.x/3.0 +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang Signed-off-by: Yi Zhao --- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch index 1e710b1065..567edf08d9 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch @@ -3,8 +3,7 @@ From: Lans Zhang Date: Tue, 15 Mar 2016 21:28:33 +0800 Subject: [PATCH] Fix for the cross compilation -Upstream-Status: Pending - +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- Make.rules | 51 ++++++++++++++++++++++++++++----------------------- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-error.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-error.patch index 43757a5195..7b1c8e4cd7 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-error.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-error.patch @@ -5,6 +5,7 @@ Subject: [PATCH] Fix help2man error This issue may be caused by the poky compiler. +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- Make.rules | 4 +++- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-failure.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-failure.patch index 6045da0c80..8afc70298b 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-failure.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-help2man-failure.patch @@ -5,6 +5,7 @@ Subject: [PATCH] Fix help2man failure Add --no-discard-stderr to work around the error. +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- Make.rules | 2 +- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-the-wrong-dependency-for-blacklist.esl.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-the-wrong-dependency-for-blacklist.esl.patch index aede95edc9..3bbf7c194c 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Fix-the-wrong-dependency-for-blacklist.esl.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Fix-the-wrong-dependency-for-blacklist.esl.patch @@ -3,8 +3,7 @@ From: Lans Zhang Date: Tue, 15 Mar 2016 21:07:31 +0800 Subject: [PATCH] Fix the wrong dependency for %-blacklist.esl -Upstream-Status: Pending - +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- Make.rules | 2 +- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch index 85692f3e80..166f2f6973 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch @@ -4,8 +4,7 @@ Date: Tue, 15 Mar 2016 17:12:24 +0800 Subject: [PATCH] Kill all the build warning caused by implicit declaration of function -Upstream-Status: Pending - +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- Loader.c | 1 + diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-disable-the-entrance-into-BIOS-setup-to-re-.patch b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-disable-the-entrance-into-BIOS-setup-to-re-.patch index 9721e253e3..c0848fe955 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-disable-the-entrance-into-BIOS-setup-to-re-.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-disable-the-entrance-into-BIOS-setup-to-re-.patch @@ -6,6 +6,7 @@ Subject: [PATCH] LockDown: disable the entrance into BIOS setup to re-enable In most cases, this step is not necessary. +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- LockDown.c | 9 +++++++-- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-enable-the-enrollment-for-DBX.patch b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-enable-the-enrollment-for-DBX.patch index 872fc56922..8657e436ea 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-enable-the-enrollment-for-DBX.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-enable-the-enrollment-for-DBX.patch @@ -3,8 +3,7 @@ From: Lans Zhang Date: Fri, 22 Apr 2016 16:28:05 +0800 Subject: [PATCH] LockDown: enable the enrollment for DBX -Upstream-Status: Pending - +Upstream-Status: Inappropriate [configuration] DBX acting as blacklist now is able to be enrolled. Signed-off-by: Lans Zhang diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-run-system-warm-reset-after-the-key-provisi.patch b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-run-system-warm-reset-after-the-key-provisi.patch index aa19d2bdc5..aa6bfd1c50 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-run-system-warm-reset-after-the-key-provisi.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-run-system-warm-reset-after-the-key-provisi.patch @@ -4,11 +4,11 @@ Date: Fri, 25 Mar 2016 10:52:34 +0800 Subject: [PATCH] LockDown: run system warm reset after the key provision success -Upstream-Status: Pending In addition, BIOS would stop at its setup screen. The end user can thus enable UEFI secure boot immediately. +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- LockDown.c | 15 +++++++++++++++ diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-show-the-error-message-with-3-sec-timeout.patch b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-show-the-error-message-with-3-sec-timeout.patch index 0cc734f787..57f2849b27 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-show-the-error-message-with-3-sec-timeout.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/LockDown-show-the-error-message-with-3-sec-timeout.patch @@ -3,6 +3,7 @@ From: Lans Zhang Date: Tue, 17 Jan 2017 12:48:27 +0800 Subject: [PATCH] LockDown: show the error message with 3-sec timeout +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- LockDown.c | 20 ++++++++++++-------- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Makefile-do-not-build-signed-efi-image.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Makefile-do-not-build-signed-efi-image.patch index d4679e2231..dab7f27e6b 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Makefile-do-not-build-signed-efi-image.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Makefile-do-not-build-signed-efi-image.patch @@ -3,6 +3,7 @@ From: Yunguo Wei Date: Tue, 17 Jan 2017 17:24:51 +0800 Subject: [PATCH] Makefile: do not build signed efi image +Upstream-Status: Inappropriate [configuration] Signed-off-by: Yunguo Wei --- Makefile | 5 ++--- diff --git a/meta-balena-common/recipes-bsp/efitools/efitools/Reuse-xxdi.pl.patch b/meta-balena-common/recipes-bsp/efitools/efitools/Reuse-xxdi.pl.patch index 12dfe4bb69..dc087ba486 100644 --- a/meta-balena-common/recipes-bsp/efitools/efitools/Reuse-xxdi.pl.patch +++ b/meta-balena-common/recipes-bsp/efitools/efitools/Reuse-xxdi.pl.patch @@ -6,6 +6,7 @@ Subject: [PATCH] Reuse xxdi.pl The missing File::Slurp required by xxdi.pl is added. To avoid introducing an extra xxd package, remove the support of using xxd. +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang --- Make.rules | 3 +-- diff --git a/meta-balena-common/recipes-bsp/grub/grub-bootconf_1.00.bb b/meta-balena-common/recipes-bsp/grub/grub-bootconf_1.00.bb index 783e30bf38..d13a4b5dd5 100644 --- a/meta-balena-common/recipes-bsp/grub/grub-bootconf_1.00.bb +++ b/meta-balena-common/recipes-bsp/grub/grub-bootconf_1.00.bb @@ -11,7 +11,7 @@ inherit grub-efi-cfg require conf/image-uefi.conf -S = "${WORKDIR}" +S = "${UNPACKDIR}" GRUB_CFG = "${S}/grub-bootconf" LABELS = "boot" diff --git a/meta-balena-common/recipes-bsp/grub/grub-conf.bb b/meta-balena-common/recipes-bsp/grub/grub-conf.bb index 00907bf1d2..9e006495c3 100644 --- a/meta-balena-common/recipes-bsp/grub/grub-conf.bb +++ b/meta-balena-common/recipes-bsp/grub/grub-conf.bb @@ -15,22 +15,23 @@ inherit deploy nopackages sign-gpg INHIBIT_DEFAULT_DEPS = "1" BOOTLOADER_TIMEOUT = "${@bb.utils.contains('OS_DEVELOPMENT', '1', '3', '0', d)}" + do_configure[noexec] = '1' do_compile() { sed -e 's/@@TIMEOUT@@/${BOOTLOADER_TIMEOUT}/' \ -e 's/@@KERNEL_IMAGETYPE@@/${KERNEL_IMAGETYPE}/' \ -e 's/@@KERNEL_CMDLINE@@/rootwait ${OS_KERNEL_CMDLINE} ${MACHINE_SPECIFIC_EXTRA_CMDLINE}/' \ - "${WORKDIR}/grub.cfg_internal_template" > "${B}/grub.cfg_internal" + "${UNPACKDIR}/grub.cfg_internal_template" > "${B}/grub.cfg_internal" sed -e 's/@@TIMEOUT@@/${BOOTLOADER_TIMEOUT}/' \ -e 's/@@KERNEL_IMAGETYPE@@/${KERNEL_IMAGETYPE}/' \ -e 's/@@KERNEL_CMDLINE@@/rootwait ${OS_KERNEL_CMDLINE} ${MACHINE_SPECIFIC_EXTRA_CMDLINE}/' \ - "${WORKDIR}/grub.cfg_external_template" > "${B}/grub.cfg_external" + "${UNPACKDIR}/grub.cfg_external_template" > "${B}/grub.cfg_external" sed -e 's/@@TIMEOUT@@/${BOOTLOADER_TIMEOUT}/' \ -e 's/@@KERNEL_IMAGETYPE@@/${KERNEL_IMAGETYPE}/' \ -e 's/@@KERNEL_CMDLINE@@/rootwait ${OS_KERNEL_SECUREBOOT_CMDLINE} ${OS_KERNEL_CMDLINE} ${MACHINE_SPECIFIC_EXTRA_CMDLINE}/' \ - "${WORKDIR}/grub.cfg_internal_luks_template" > "${B}/grub.cfg_internal_luks" + "${UNPACKDIR}/grub.cfg_internal_luks_template" > "${B}/grub.cfg_internal_luks" } SIGNING_ARTIFACTS = "${B}/grub.cfg_external ${B}/grub.cfg_internal_luks" @@ -42,8 +43,8 @@ do_deploy() { install -m 644 ${B}/grub.cfg_external ${DEPLOYDIR} install -m 644 ${B}/grub.cfg_internal ${DEPLOYDIR} - install -m 644 ${WORKDIR}/grubenv ${DEPLOYDIR}/grubenv - install -m 644 ${WORKDIR}/grub_extraenv ${DEPLOYDIR}/grub_extraenv + install -m 644 ${UNPACKDIR}/grubenv ${DEPLOYDIR}/grubenv + install -m 644 ${UNPACKDIR}/grub_extraenv ${DEPLOYDIR}/grub_extraenv install -m 644 ${B}/grub.cfg_internal_luks ${DEPLOYDIR}/grub.cfg_internal_luks } diff --git a/meta-balena-common/recipes-bsp/grub/grub-efi_2.12.bb b/meta-balena-common/recipes-bsp/grub/grub-efi_2.12.bb index 9857e8e036..883ca6a5ea 100644 --- a/meta-balena-common/recipes-bsp/grub/grub-efi_2.12.bb +++ b/meta-balena-common/recipes-bsp/grub/grub-efi_2.12.bb @@ -11,7 +11,7 @@ SRC_URI += " \ file://cfg \ " -S = "${WORKDIR}/grub-${PV}" +S = "${UNPACKDIR}/grub-${PV}" # Determine the target arch for the grub modules python __anonymous () { diff --git a/meta-balena-common/recipes-connectivity/avahi/avahi_%.bbappend b/meta-balena-common/recipes-connectivity/avahi/avahi_%.bbappend index 4545240d3b..5f273e5e01 100644 --- a/meta-balena-common/recipes-connectivity/avahi/avahi_%.bbappend +++ b/meta-balena-common/recipes-connectivity/avahi/avahi_%.bbappend @@ -16,7 +16,7 @@ do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${sysconfdir}/systemd/system/avahi-daemon.service.d - install -c -m 0644 ${WORKDIR}/avahi-daemon.conf ${D}${sysconfdir}/systemd/system/avahi-daemon.service.d + install -c -m 0644 ${UNPACKDIR}/avahi-daemon.conf ${D}${sysconfdir}/systemd/system/avahi-daemon.service.d fi # Bring back the dbus introspection files poky removes diff --git a/meta-balena-common/recipes-connectivity/balena-net-config/balena-net-config.bb b/meta-balena-common/recipes-connectivity/balena-net-config/balena-net-config.bb index ddd956987e..3dfea88dd8 100644 --- a/meta-balena-common/recipes-connectivity/balena-net-config/balena-net-config.bb +++ b/meta-balena-common/recipes-connectivity/balena-net-config/balena-net-config.bb @@ -9,7 +9,6 @@ SRC_URI = " \ file://balena-net-config \ file://balena-net-config.service \ " -S = "${WORKDIR}" inherit allarch systemd balena-configurable @@ -20,11 +19,11 @@ RDEPENDS:${PN} = "bash jq iw" do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/balena-net-config ${D}${bindir}/balena-net-config + install -m 0775 ${UNPACKDIR}/balena-net-config ${D}${bindir}/balena-net-config if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-net-config.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-net-config.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BINDIR@,${bindir},g' \ ${D}${systemd_unitdir}/system/balena-net-config.service diff --git a/meta-balena-common/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bb b/meta-balena-common/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bb index cd6e82c5a8..e1737bb81a 100644 --- a/meta-balena-common/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bb +++ b/meta-balena-common/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bb @@ -8,7 +8,6 @@ SRC_URI = " \ file://balena-net-connectivity-wait.service \ file://balena-net-connectivity-wait.target \ " -S = "${WORKDIR}" inherit allarch systemd @@ -22,12 +21,12 @@ RDEPENDS:${PN} = "bash" do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/balena-net-connectivity-wait ${D}${bindir}/balena-net-connectivity-wait + install -m 0775 ${UNPACKDIR}/balena-net-connectivity-wait ${D}${bindir}/balena-net-connectivity-wait if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-net-connectivity-wait.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-net-connectivity-wait.target ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-net-connectivity-wait.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-net-connectivity-wait.target ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BINDIR@,${bindir},g' \ ${D}${systemd_unitdir}/system/balena-net-connectivity-wait.service diff --git a/meta-balena-common/recipes-connectivity/balena-ntp-config/balena-ntp-config.bb b/meta-balena-common/recipes-connectivity/balena-ntp-config/balena-ntp-config.bb index 2550b71c26..139876fbf3 100644 --- a/meta-balena-common/recipes-connectivity/balena-ntp-config/balena-ntp-config.bb +++ b/meta-balena-common/recipes-connectivity/balena-ntp-config/balena-ntp-config.bb @@ -8,8 +8,6 @@ SRC_URI = " \ file://balena-ntp-config.service \ " -S = "${WORKDIR}" - inherit allarch systemd balena-configurable SYSTEMD_SERVICE:${PN} = "balena-ntp-config.service" @@ -17,11 +15,11 @@ RDEPENDS:${PN} = "chrony chronyc" do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/balena-ntp-config ${D}${bindir}/balena-ntp-config + install -m 0775 ${UNPACKDIR}/balena-ntp-config ${D}${bindir}/balena-ntp-config if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-ntp-config.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-ntp-config.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BINDIR@,${bindir},g' \ ${D}${systemd_unitdir}/system/balena-ntp-config.service diff --git a/meta-balena-common/recipes-connectivity/balena-proxy-config/balena-proxy-config.bb b/meta-balena-common/recipes-connectivity/balena-proxy-config/balena-proxy-config.bb index 26ccc745af..0fb633a601 100644 --- a/meta-balena-common/recipes-connectivity/balena-proxy-config/balena-proxy-config.bb +++ b/meta-balena-common/recipes-connectivity/balena-proxy-config/balena-proxy-config.bb @@ -8,7 +8,6 @@ SRC_URI = " \ file://balena-proxy-config \ file://balena-proxy-config.service \ " -S = "${WORKDIR}" inherit allarch systemd useradd @@ -22,12 +21,12 @@ USERADD_PARAM:${PN} += "--system redsocks" do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/balena-proxy-config ${D}${bindir}/balena-proxy-config + install -m 0775 ${UNPACKDIR}/balena-proxy-config ${D}${bindir}/balena-proxy-config if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-proxy-config.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/redsocks.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-proxy-config.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/redsocks.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BINDIR@,${bindir},g' \ ${D}${systemd_unitdir}/system/*.service diff --git a/meta-balena-common/recipes-connectivity/bluez5/bluez5.inc b/meta-balena-common/recipes-connectivity/bluez5/bluez5.inc index a31d7076ba..f488c47e5f 100644 --- a/meta-balena-common/recipes-connectivity/bluez5/bluez5.inc +++ b/meta-balena-common/recipes-connectivity/bluez5/bluez5.inc @@ -56,7 +56,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-test-gatt-Fix-hung-issue.patch \ file://0004-src-shared-util.c-include-linux-limits.h.patch \ " -S = "${WORKDIR}/bluez-${PV}" + +S = "${UNPACKDIR}/bluez-${PV}" CVE_PRODUCT = "bluez" @@ -85,7 +86,7 @@ NOINST_TOOLS = " \ do_install:append() { install -d ${D}${INIT_D_DIR} - install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth + install -m 0755 ${UNPACKDIR}/init ${D}${INIT_D_DIR}/bluetooth if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth diff --git a/meta-balena-common/recipes-connectivity/bluez5/bluez5_%.bbappend b/meta-balena-common/recipes-connectivity/bluez5/bluez5_%.bbappend index fe8ecaf730..0892c96ddf 100644 --- a/meta-balena-common/recipes-connectivity/bluez5/bluez5_%.bbappend +++ b/meta-balena-common/recipes-connectivity/bluez5/bluez5_%.bbappend @@ -7,15 +7,15 @@ SRC_URI += " \ " do_install:append() { - install -D -m 0755 ${WORKDIR}/10-local-bt-hci-up.rules ${D}/${nonarch_base_libdir}/udev/rules.d/10-local-bt-hci-up.rules + install -D -m 0755 ${UNPACKDIR}/10-local-bt-hci-up.rules ${D}/${nonarch_base_libdir}/udev/rules.d/10-local-bt-hci-up.rules install -d ${D}${sysconfdir}/systemd/system/bluetooth.service.d - install -m 0644 ${WORKDIR}/bluetooth.conf.systemd ${D}${sysconfdir}/systemd/system/bluetooth.service.d/bluetooth.conf + install -m 0644 ${UNPACKDIR}/bluetooth.conf.systemd ${D}${sysconfdir}/systemd/system/bluetooth.service.d/bluetooth.conf sed -i "s,@pkglibexecdir@,${libexecdir},g" ${D}${sysconfdir}/systemd/system/bluetooth.service.d/bluetooth.conf install -d ${D}/var/lib/bluetooth install -d ${D}${sysconfdir}/bluetooth - install -m 0644 ${WORKDIR}/main.conf ${D}${sysconfdir}/bluetooth/main.conf + install -m 0644 ${UNPACKDIR}/main.conf ${D}${sysconfdir}/bluetooth/main.conf } PACKAGECONFIG:append = " sixaxis" diff --git a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq.inc b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq.inc deleted file mode 100644 index cd51c07dc1..0000000000 --- a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq.inc +++ /dev/null @@ -1,86 +0,0 @@ -SUMMARY = "Lightweight, easy to configure DNS forwarder and DHCP server" -HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html" -SECTION = "net" -# GPLv3 was added in version 2.41 as license option -LICENSE = "GPLv2 | GPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ - file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504" - -#at least versions 2.69 and prior are moved to the archive folder on the server -SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV').split('.')[1]) > 69]}dnsmasq-${PV}.tar.gz;name=dnsmasq-${PV} \ - file://init \ - file://dnsmasq.conf \ - file://dnsmasq-resolvconf.service \ - file://dnsmasq-noresolvconf.service \ - file://dnsmasq-resolved.conf \ -" - -inherit pkgconfig update-rc.d systemd - -INITSCRIPT_NAME = "dnsmasq" -INITSCRIPT_PARAMS = "defaults" - -PACKAGECONFIG ?= "" -PACKAGECONFIG[dbus] = ",,dbus" -PACKAGECONFIG[idn] = ",,libidn" -PACKAGECONFIG[conntrack] = ",,libnetfilter-conntrack" -PACKAGECONFIG[lua] = ",,lua" -PACKAGECONFIG[resolvconf] = ",,,resolvconf" -EXTRA_OEMAKE = "\ - 'COPTS=${@bb.utils.contains('PACKAGECONFIG', 'dbus', '-DHAVE_DBUS', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'idn', '-DHAVE_IDN', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'conntrack', '-DHAVE_CONNTRACK', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'lua', '-DHAVE_LUASCRIPT', '', d)}' \ - 'CFLAGS=${CFLAGS}' \ - 'LDFLAGS=${LDFLAGS}' \ -" - -SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'file://dnsmasq.resolvconf file://99_dnsmasq file://dnsmasq-resolvconf-helper', '', d)}" - -do_compile:append() { - # build dhcp_release - cd ${S}/contrib/lease-tools - oe_runmake -} - -do_install () { - oe_runmake "PREFIX=${D}${prefix}" \ - "BINDIR=${D}${bindir}" \ - "MANDIR=${D}${mandir}" \ - install - install -d ${D}${sysconfdir}/ ${D}${sysconfdir}/init.d ${D}${sysconfdir}/dnsmasq.d - install -m 644 ${WORKDIR}/dnsmasq.conf ${D}${sysconfdir}/ - install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/dnsmasq - - install -d ${D}${systemd_unitdir}/system - - if [ "${@bb.utils.filter('PACKAGECONFIG', 'resolvconf', d)}" ]; then - install -m 0644 ${WORKDIR}/dnsmasq-resolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service - else - install -m 0644 ${WORKDIR}/dnsmasq-noresolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service - fi - install -d ${D}${sysconfdir}/systemd/resolved.conf.d/ - install -m 0644 ${WORKDIR}/dnsmasq-resolved.conf ${D}${sysconfdir}/systemd/resolved.conf.d/ - - install -m 0755 ${S}/contrib/lease-tools/dhcp_release ${D}${bindir} - - if [ "${@bb.utils.filter('PACKAGECONFIG', 'dbus', d)}" ]; then - install -d ${D}${sysconfdir}/dbus-1/system.d - install -m 644 dbus/dnsmasq.conf ${D}${sysconfdir}/dbus-1/system.d/ - fi - if [ "${@bb.utils.filter('PACKAGECONFIG', 'resolvconf', d)}" ]; then - install -d ${D}${sysconfdir}/resolvconf/update.d/ - install -m 0755 ${WORKDIR}/dnsmasq.resolvconf ${D}${sysconfdir}/resolvconf/update.d/dnsmasq - - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/99_dnsmasq ${D}${sysconfdir}/default/volatiles - install -m 0755 ${WORKDIR}/dnsmasq-resolvconf-helper ${D}${bindir} - fi -} - -CONFFILES:${PN} = "${sysconfdir}/dnsmasq.conf" - -RPROVIDES:${PN} += "${PN}-systemd" -RREPLACES:${PN} += "${PN}-systemd" -RCONFLICTS:${PN} += "${PN}-systemd" -SYSTEMD_SERVICE:${PN} = "dnsmasq.service" diff --git a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq/lua.patch b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq/lua.patch index be2bb42fc2..2e85c23b0e 100644 --- a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq/lua.patch +++ b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq/lua.patch @@ -1,8 +1,9 @@ From be1b3d2d0f1608cba5efee73d6aac5ad0709041b Mon Sep 17 00:00:00 2001 From: Joe MacDonald Date: Tue, 9 Sep 2014 10:24:58 -0400 -Subject: [PATCH] Upstream-Status: Inappropriate [OE specific] +Subject: [PATCH] +Upstream-Status: Inappropriate [oe-configuration] Signed-off-by: Christopher Larson Signed-off-by: Paul Eggleton diff --git a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend index 3a45e8e173..fe32ae04e0 100644 --- a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend +++ b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_%.bbappend @@ -10,8 +10,8 @@ inherit update-alternatives balena-configurable do_install:append () { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${sysconfdir}/systemd/system/dnsmasq.service.d - install -c -m 0644 ${WORKDIR}/dnsmasq.conf.systemd ${D}${sysconfdir}/systemd/system/dnsmasq.service.d/dnsmasq.conf - install -c -m 0644 ${WORKDIR}/resolv-conf.dnsmasq ${D}${sysconfdir} + install -c -m 0644 ${UNPACKDIR}/dnsmasq.conf.systemd ${D}${sysconfdir}/systemd/system/dnsmasq.service.d/dnsmasq.conf + install -c -m 0644 ${UNPACKDIR}/resolv-conf.dnsmasq ${D}${sysconfdir} fi } diff --git a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_2.84.bb b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_2.84.bb deleted file mode 100644 index 3dd9154f3d..0000000000 --- a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_2.84.bb +++ /dev/null @@ -1,8 +0,0 @@ -require dnsmasq.inc - -SRC_URI[dnsmasq-2.84.md5sum] = "6bf24b5bcf9293db2941fbdb545c1133" -SRC_URI[dnsmasq-2.84.sha256sum] = "4caf385376f34fae5c55244a1f870dcf6f90e037bb7c4487210933dc497f9c36" -SRC_URI += "\ - file://lua.patch \ -" - diff --git a/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_2.92.bb b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_2.92.bb new file mode 100644 index 0000000000..59509ecba2 --- /dev/null +++ b/meta-balena-common/recipes-connectivity/dnsmasq/dnsmasq_2.92.bb @@ -0,0 +1,133 @@ +SUMMARY = "Lightweight, easy to configure DNS forwarder and DHCP server" +HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html" +SECTION = "net" +# GPLv3 was added in version 2.41 as license option +LICENSE = "GPL-2.0-only | GPL-3.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504 \ + " + +DEPENDS += "gettext-native" + +#at least versions 2.69 and prior are moved to the archive folder on the server +SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV').split('.')[1]) > 69]}dnsmasq-${PV}.tar.gz \ + file://init \ + file://dnsmasq-resolvconf.service \ + file://dnsmasq-noresolvconf.service \ + file://dnsmasq-resolved.conf \ +" +SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1" + +inherit pkgconfig update-rc.d systemd + +INITSCRIPT_NAME = "dnsmasq" +INITSCRIPT_PARAMS = "defaults" + +# dnsmasq defaults +PACKAGECONFIG ?= "\ + auth dhcp dumpfile inotify ipset loop script tftp \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'dhcp6', '', d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'rtc', '', 'broken-rtc', d)} \ +" + +# see src/config.h +PACKAGECONFIG[auth] = "-DHAVE_AUTH,-DNO_AUTH" +PACKAGECONFIG[broken-rtc] = "-DHAVE_BROKEN_RTC," +PACKAGECONFIG[conntrack] = "-DHAVE_CONNTRACK,,libnetfilter-conntrack" +PACKAGECONFIG[dbus] = "-DHAVE_DBUS,,dbus" +PACKAGECONFIG[dhcp] = "-DHAVE_DHCP,-DNO_DHCP" +PACKAGECONFIG[dhcp6] = "-DHAVE_DHCP6,-DNO_DHCP6" +PACKAGECONFIG[dnssec] = "-DHAVE_DNSSEC,,nettle" +PACKAGECONFIG[dumpfile] = "-DHAVE_DUMPFILE,-DNO_DUMPFILE" +PACKAGECONFIG[idn] = "-DHAVE_LIBIDN,,libidn,,,idn2" +PACKAGECONFIG[idn2] = "-DHAVE_LIBIDN2,,libidn2,,,idn" +PACKAGECONFIG[inotify] = "-DHAVE_INOTIFY,-DNO_INOTIFY" +PACKAGECONFIG[ipset] = "-DHAVE_IPSET,-DNO_IPSET" +PACKAGECONFIG[loop] = "-DHAVE_LOOP,-DNO_LOOP" +PACKAGECONFIG[lua] = "-DHAVE_LUASCRIPT -DHAVE_SCRIPT,,lua" +PACKAGECONFIG[nftset] = "-DHAVE_NFTSET,,nftables" +PACKAGECONFIG[no-gmp] = "-DNO_GMP," +PACKAGECONFIG[no-id] = "-DNO_ID," +PACKAGECONFIG[resolvconf] = ",,,resolvconf" +PACKAGECONFIG[script] = "-DHAVE_SCRIPT,-DNO_SCRIPT" +PACKAGECONFIG[tftp] = "-DHAVE_TFTP,-DNO_TFTP" +PACKAGECONFIG[ubus] = "-DHAVE_UBUS,,ubus" + +DNSMASQ_LEASEFILE ?= "${localstatedir}/lib/misc/dnsmasq.leases" +DNSMASQ_CONFFILE ?= "${sysconfdir}/dnsmasq.conf" +DNSMASQ_RESOLVFILE ?= "${sysconfdir}/resolv.conf" + +COPTS = "${PACKAGECONFIG_CONFARGS} \ + -DLEASEFILE=\"${DNSMASQ_LEASEFILE}\" \ + -DCONFFILE=\"${DNSMASQ_CONFFILE}\" \ + -DRESOLVFILE=\"${DNSMASQ_RESOLVFILE}\" \ + -DLOCALEDIR=\"${localedir}\"" + +EXTRA_OEMAKE = "\ + 'COPTS=${COPTS}' \ + 'CFLAGS=${CFLAGS}' \ + 'LDFLAGS=${LDFLAGS}' \ +" + +SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'file://dnsmasq.resolvconf file://99_dnsmasq file://dnsmasq-resolvconf-helper', '', d)}" + +do_compile () { + oe_runmake all-i18n + if ${@bb.utils.contains_any('PACKAGECONFIG', ['dhcp', 'dhcp6'], 'true', 'false', d)}; then + # build dhcp_release + oe_runmake -C ${S}/contrib/lease-tools + fi +} + +do_install () { + oe_runmake "PREFIX=${D}${prefix}" \ + "BINDIR=${D}${bindir}" \ + "MANDIR=${D}${mandir}" \ + install-i18n + install -d ${D}${sysconfdir}/ ${D}${sysconfdir}/init.d ${D}${sysconfdir}/dnsmasq.d + install -m 644 ${S}/dnsmasq.conf.example ${D}${sysconfdir}/dnsmasq.conf + install -m 755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/dnsmasq + + install -d ${D}${systemd_unitdir}/system + + if [ "${@bb.utils.filter('PACKAGECONFIG', 'resolvconf', d)}" ]; then + install -m 0644 ${UNPACKDIR}/dnsmasq-resolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service + else + install -m 0644 ${UNPACKDIR}/dnsmasq-noresolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service + fi + + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then + install -d ${D}${sysconfdir}/systemd/resolved.conf.d/ + install -m 0644 ${UNPACKDIR}/dnsmasq-resolved.conf ${D}${sysconfdir}/systemd/resolved.conf.d/ + fi + + if [ "${@bb.utils.filter('PACKAGECONFIG', 'dhcp', d)}" ]; then + install -m 0755 ${S}/contrib/lease-tools/dhcp_release ${D}${bindir} + install -m 0755 ${S}/contrib/lease-tools/dhcp_lease_time ${D}${bindir} + fi + + if [ "${@bb.utils.filter('PACKAGECONFIG', 'dhcp6', d)}" ]; then + install -m 0755 ${S}/contrib/lease-tools/dhcp_release6 ${D}${bindir} + fi + + if [ "${@bb.utils.filter('PACKAGECONFIG', 'dbus', d)}" ]; then + install -d ${D}${sysconfdir}/dbus-1/system.d + install -m 644 dbus/dnsmasq.conf ${D}${sysconfdir}/dbus-1/system.d/ + fi + + if [ "${@bb.utils.filter('PACKAGECONFIG', 'resolvconf', d)}" ]; then + install -d ${D}${sysconfdir}/resolvconf/update.d/ + install -m 0755 ${UNPACKDIR}/dnsmasq.resolvconf ${D}${sysconfdir}/resolvconf/update.d/dnsmasq + + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${UNPACKDIR}/99_dnsmasq ${D}${sysconfdir}/default/volatiles + install -m 0755 ${UNPACKDIR}/dnsmasq-resolvconf-helper ${D}${bindir} + fi +} + +CONFFILES:${PN} = "${sysconfdir}/dnsmasq.conf" + +RPROVIDES:${PN} += "${PN}-systemd" +RREPLACES:${PN} += "${PN}-systemd" +RCONFLICTS:${PN} += "${PN}-systemd" +SYSTEMD_SERVICE:${PN} = "dnsmasq.service" diff --git a/meta-balena-common/recipes-connectivity/dnsmasq/files/init b/meta-balena-common/recipes-connectivity/dnsmasq/files/init index 51c95dfedd..43c286f9c7 100644 --- a/meta-balena-common/recipes-connectivity/dnsmasq/files/init +++ b/meta-balena-common/recipes-connectivity/dnsmasq/files/init @@ -16,7 +16,7 @@ fi DNSMASQ_CONF="/etc/dnsmasq.conf" test "/etc/dnsmasq.d/*" != '/etc/dnsmasq.d/*' && DNSMASQ_CONF="${DNSMASQ_CONF} /etc/dnsmasq.d/*" -test -z "${PIDFILE}" && PIFILE="/run/dnsmasq.pid" +test -z "${PIDFILE}" && PIDFILE="/run/dnsmasq.pid" if [ -z "$IGNORE_RESOLVCONF" ] then diff --git a/meta-balena-common/recipes-connectivity/libmbim/libmbim_1.32.0.bb b/meta-balena-common/recipes-connectivity/libmbim/libmbim_1.32.0.bb index 6e442ab348..9f1067a6ce 100644 --- a/meta-balena-common/recipes-connectivity/libmbim/libmbim_1.32.0.bb +++ b/meta-balena-common/recipes-connectivity/libmbim/libmbim_1.32.0.bb @@ -14,8 +14,6 @@ inherit meson pkgconfig bash-completion gobject-introspection SRCREV = "2bc1080292aae30000e808ec77d7a99b87eb3553" SRC_URI = "git://gitlab.freedesktop.org/mobile-broadband/libmbim.git;protocol=https;branch=mbim-1-32" -S = "${WORKDIR}/git" - EXTRA_OEMESON = " \ -Dgtk_doc=false \ -Dman=false \ diff --git a/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato/0001-libnss_ato.c-Enable-use-for-root-user.patch b/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato/0001-libnss_ato.c-Enable-use-for-root-user.patch index 1ba31eb3ba..4670575ec3 100644 --- a/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato/0001-libnss_ato.c-Enable-use-for-root-user.patch +++ b/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato/0001-libnss_ato.c-Enable-use-for-root-user.patch @@ -3,7 +3,7 @@ From: Andrei Gherzan Date: Fri, 10 May 2019 17:25:57 +0100 Subject: [PATCH 1/1] libnss_ato.c: Enable use for root user -Upstream-status: Inappropriate [configuration] +Upstream-Status: Inappropriate [configuration] Signed-off-by: Andrei Gherzan Signed-off-by: Joseph Kogut --- diff --git a/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato_git.bb b/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato_git.bb index 1c34fdd960..ad73bde0d9 100644 --- a/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato_git.bb +++ b/meta-balena-common/recipes-connectivity/libnss-ato/libnss-ato_git.bb @@ -3,7 +3,7 @@ to map every nss request for unknown user to a single predefined user" HOMEPAGE = "https://github.com/donapieppo/libnss-ato" SECTION = "libs" -LICENSE = "LGPLv3" +LICENSE = "LGPL-3.0-only" LIC_FILES_CHKSUM = "file://copyright;md5=37e0ae856bc7cedaaaca1d4a681b62b0" SRC_URI = " \ @@ -11,7 +11,6 @@ SRC_URI = " \ file://0001-libnss_ato.c-Enable-use-for-root-user.patch \ " SRCREV = "7f33780a09b3a6a256ff77601adaed28d9bb117a" -S = "${WORKDIR}/git" do_compile() { oe_runmake 'CC=${CC}' all diff --git a/meta-balena-common/recipes-connectivity/libqmi/libqmi_1.36.0.bb b/meta-balena-common/recipes-connectivity/libqmi/libqmi_1.36.0.bb index 74b99a990b..321cec6e00 100644 --- a/meta-balena-common/recipes-connectivity/libqmi/libqmi_1.36.0.bb +++ b/meta-balena-common/recipes-connectivity/libqmi/libqmi_1.36.0.bb @@ -15,8 +15,6 @@ inherit meson pkgconfig bash-completion gobject-introspection SRCREV = "defb13dcab0adc7f44f6741807244507a14a30c5" SRC_URI = "git://gitlab.freedesktop.org/mobile-broadband/libqmi.git;protocol=https;branch=qmi-1-36" -S = "${WORKDIR}/git" - PACKAGECONFIG ??= "udev mbim" PACKAGECONFIG[udev] = "-Dudev=true,-Dudev=false,libgudev" PACKAGECONFIG[mbim] = "-Dmbim_qmux=true,-Dmbim_qmux=false,libmbim" diff --git a/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0001-increase-qmi-port-open-timeout.patch b/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0001-increase-qmi-port-open-timeout.patch index 70ba0a9687..2a8ef7d6d9 100644 --- a/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0001-increase-qmi-port-open-timeout.patch +++ b/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0001-increase-qmi-port-open-timeout.patch @@ -8,7 +8,7 @@ QMI and the default 45s timeout, nor will it work with a 65s one. The value we found to work consistently with this modem connected over pcie is 95s. -Upstream-status: Inappropriate [configuration] +Upstream-Status: Inappropriate [configuration] Signed-off-by: Alexandru Costache --- src/mm-port-qmi.c | 2 +- diff --git a/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0005-Update-Cinterion-port-types.patch b/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0005-Update-Cinterion-port-types.patch index 85ac08df89..6556af709d 100644 --- a/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0005-Update-Cinterion-port-types.patch +++ b/meta-balena-common/recipes-connectivity/modemmanager/balena-files/0005-Update-Cinterion-port-types.patch @@ -3,6 +3,7 @@ From: Kirill Zabelin Date: Wed, 19 Feb 2025 15:16:03 +0000 Subject: [PATCH] Update Cinterion port types +Upstream-Status: Inappropriate [configuration] --- .../77-mm-cinterion-port-types.rules | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_%.bbappend b/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_%.bbappend index 3831917099..29604da126 100644 --- a/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_%.bbappend +++ b/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_%.bbappend @@ -18,14 +18,14 @@ PACKAGECONFIG:append = " at" do_install:append() { install -d ${D}${base_libdir}/udev/rules.d/ - install -m 0644 ${WORKDIR}/77-mm-huawei-configuration.rules ${D}${base_libdir}/udev/rules.d/ - install -m 0755 ${WORKDIR}/mm-huawei-configuration-switch.sh ${D}${base_libdir}/udev/ - install -m 0644 ${WORKDIR}/77-mm-u-blox-modeswitch.rules ${D}${base_libdir}/udev/rules.d + install -m 0644 ${UNPACKDIR}/77-mm-huawei-configuration.rules ${D}${base_libdir}/udev/rules.d/ + install -m 0755 ${UNPACKDIR}/mm-huawei-configuration-switch.sh ${D}${base_libdir}/udev/ + install -m 0644 ${UNPACKDIR}/77-mm-u-blox-modeswitch.rules ${D}${base_libdir}/udev/rules.d install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/u-blox-switch.sh ${D}${bindir} + install -m 0755 ${UNPACKDIR}/u-blox-switch.sh ${D}${bindir} install -d ${D}${systemd_unitdir}/system/ModemManager.service.d - install -m 0644 ${WORKDIR}/ModemManager.conf.systemd ${D}${systemd_unitdir}/system/ModemManager.service.d/ModemManager.conf - install -m 0644 ${WORKDIR}/u-blox-switch@.service ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/ModemManager.conf.systemd ${D}${systemd_unitdir}/system/ModemManager.service.d/ModemManager.conf + install -m 0644 ${UNPACKDIR}/u-blox-switch@.service ${D}${systemd_unitdir}/system } FILES:${PN} += " \ diff --git a/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_1.24.2.bb b/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_1.24.2.bb index 07b970eab1..c7eeb5dbf0 100644 --- a/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_1.24.2.bb +++ b/meta-balena-common/recipes-connectivity/modemmanager/modemmanager_1.24.2.bb @@ -15,7 +15,6 @@ DEPENDS = "glib-2.0 libgudev libxslt-native dbus" SRCREV = "f2b9ab1ad78d322f32134a444b5b54c6e8160e19" SRC_URI = "git://gitlab.freedesktop.org/mobile-broadband/ModemManager.git;protocol=https;branch=mm-1-24" -S = "${WORKDIR}/git" # strict, permissive MODEMMANAGER_POLKIT_TYPE ??= "permissive" diff --git a/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_%.bbappend b/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_%.bbappend index 5e96fa6d0f..f8e2db2cfa 100644 --- a/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_%.bbappend +++ b/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_%.bbappend @@ -20,9 +20,6 @@ SRC_URI:remove = " \ file://enable-iwd.conf \ " -# Necessary after upstream moved SRC_URI from tarballs to git -S = "${WORKDIR}/git" - NETWORKMANAGER_FIREWALL_DEFAULT = "iptables" NETWORKMANAGER_DNS_RC_MANAGER_DEFAULT = "resolvconf" @@ -70,22 +67,22 @@ INITSCRIPT_NAME:${PN}-daemon = "" do_install:append() { install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/nm-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${UNPACKDIR}/nm-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager/ + install -m 0644 ${UNPACKDIR}/NetworkManager.conf ${D}${sysconfdir}/NetworkManager/ # Install balena dispatch scripts in /usr/lib/NetworkManager/dispatcher.d/ as # /etc/NetworkManager/dispatcher.d/ is used for user-provided scripts - install -m 0755 ${WORKDIR}/90shared ${D}${libdir}/NetworkManager/dispatcher.d/ - install -m 0755 ${WORKDIR}/98dhcp_ntp ${D}${libdir}/NetworkManager/dispatcher.d/ - install -m 0755 ${WORKDIR}/99onoffline_ntp ${D}${libdir}/NetworkManager/dispatcher.d/ + install -m 0755 ${UNPACKDIR}/90shared ${D}${libdir}/NetworkManager/dispatcher.d/ + install -m 0755 ${UNPACKDIR}/98dhcp_ntp ${D}${libdir}/NetworkManager/dispatcher.d/ + install -m 0755 ${UNPACKDIR}/99onoffline_ntp ${D}${libdir}/NetworkManager/dispatcher.d/ # Cleanup /etc/NetworkManager/dispatcher.d/, so that it is empty when bindmounted rm -rdf ${D}${sysconfdir}/NetworkManager/dispatcher.d/* if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${sysconfdir}/systemd/system/NetworkManager.service.d - install -m 0644 ${WORKDIR}/NetworkManager.conf.systemd ${D}${sysconfdir}/systemd/system/NetworkManager.service.d/NetworkManager.conf + install -m 0644 ${UNPACKDIR}/NetworkManager.conf.systemd ${D}${sysconfdir}/systemd/system/NetworkManager.service.d/NetworkManager.conf fi ln -s /var/run/resolvconf/interface/NetworkManager ${D}/etc/resolv.dnsmasq @@ -97,7 +94,7 @@ do_install:append() { do_deploy() { mkdir -p "${DEPLOYDIR}/system-connections/" - install -m 0600 "${WORKDIR}/balena-sample.ignore" "${DEPLOYDIR}/system-connections/" - install -m 0600 "${WORKDIR}/README.ignore" "${DEPLOYDIR}/system-connections/" + install -m 0600 "${UNPACKDIR}/balena-sample.ignore" "${DEPLOYDIR}/system-connections/" + install -m 0600 "${UNPACKDIR}/README.ignore" "${DEPLOYDIR}/system-connections/" } addtask deploy before do_package after do_install diff --git a/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_1.52.0.bb b/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_1.52.0.bb index 370fa831c7..9b3fd1436d 100644 --- a/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_1.52.0.bb +++ b/meta-balena-common/recipes-connectivity/networkmanager/networkmanager_1.52.0.bb @@ -86,6 +86,7 @@ PACKAGECONFIG ??= "readline nss ifupdown dnsmasq nmcli \ ${@bb.utils.filter('DISTRO_FEATURES', 'wifi polkit ppp', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES_BACKFILL_CONSIDERED', 'gobject-introspection-data', '', 'vala', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES_OPTED_OUT', 'gobject-introspection-data', '', 'vala', d)} \ " inherit ${@bb.utils.contains('PACKAGECONFIG', 'vala', 'vala', '', d)} diff --git a/meta-balena-common/recipes-connectivity/openssh/openssh_%.bbappend b/meta-balena-common/recipes-connectivity/openssh/openssh_%.bbappend index 6a49415c60..1b5300ba28 100644 --- a/meta-balena-common/recipes-connectivity/openssh/openssh_%.bbappend +++ b/meta-balena-common/recipes-connectivity/openssh/openssh_%.bbappend @@ -21,11 +21,11 @@ FILES:${PN}-sshd += " \ do_install:append () { # Advertise SSH service using an avahi service file mkdir -p ${D}/etc/avahi/services/ - install -m 0644 ${WORKDIR}/ssh.service ${D}/etc/avahi/services + install -m 0644 ${UNPACKDIR}/ssh.service ${D}/etc/avahi/services # SSH keys merger tool for custom SSH keys install -d ${D}${sbindir} - install -m 0755 ${WORKDIR}/ssh_keys_merger ${D}${sbindir} + install -m 0755 ${UNPACKDIR}/ssh_keys_merger ${D}${sbindir} sed -i -e "s,@ROOT_HOME@,${ROOT_HOME},g" ${D}${sbindir}/ssh_keys_merger # Create config files for read-only rootfs with custom paths for host keys @@ -43,7 +43,7 @@ do_install:append () { # Allow RSA signatures using SHA1 algorithm for backwards compatibility echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - install -D -m 0755 ${WORKDIR}/cloud-public-sshkeys ${D}${libexecdir}/${BPN}/cloud-public-sshkeys + install -D -m 0755 ${UNPACKDIR}/cloud-public-sshkeys ${D}${libexecdir}/${BPN}/cloud-public-sshkeys # Development version allows PasswordAuthentication cp ${D}${sysconfdir}/ssh/sshd_config_readonly ${D}${sysconfdir}/ssh/sshd_config_development diff --git a/meta-balena-common/recipes-connectivity/openssh/recover-sshd-socket.bb b/meta-balena-common/recipes-connectivity/openssh/recover-sshd-socket.bb index 60bf0d49d6..b30b9291a7 100644 --- a/meta-balena-common/recipes-connectivity/openssh/recover-sshd-socket.bb +++ b/meta-balena-common/recipes-connectivity/openssh/recover-sshd-socket.bb @@ -21,6 +21,6 @@ do_build[noexec] = "1" do_install() { install -d ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/recover-sshd-socket.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/recover-sshd-socket.timer ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/recover-sshd-socket.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/recover-sshd-socket.timer ${D}${systemd_unitdir}/system/ } diff --git a/meta-balena-common/recipes-connectivity/openvpn/openvpn_%.bbappend b/meta-balena-common/recipes-connectivity/openvpn/openvpn_%.bbappend index 616a411bc9..d807cb9d21 100644 --- a/meta-balena-common/recipes-connectivity/openvpn/openvpn_%.bbappend +++ b/meta-balena-common/recipes-connectivity/openvpn/openvpn_%.bbappend @@ -20,16 +20,16 @@ SYSTEMD_AUTO_ENABLE = "enable" do_install:append() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/prepare-openvpn ${D}${bindir} + install -m 0755 ${UNPACKDIR}/prepare-openvpn ${D}${bindir} install -d ${D}${sysconfdir}/openvpn-misc - install -m 0755 ${WORKDIR}/upscript.sh ${D}${sysconfdir}/openvpn-misc - install -m 0755 ${WORKDIR}/downscript.sh ${D}${sysconfdir}/openvpn-misc + install -m 0755 ${UNPACKDIR}/upscript.sh ${D}${sysconfdir}/openvpn-misc + install -m 0755 ${UNPACKDIR}/downscript.sh ${D}${sysconfdir}/openvpn-misc install -d ${D}${systemd_unitdir}/system install -c -m 0644 \ - ${WORKDIR}/prepare-openvpn.service \ - ${WORKDIR}/openvpn.service \ + ${UNPACKDIR}/prepare-openvpn.service \ + ${UNPACKDIR}/openvpn.service \ ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ diff --git a/meta-balena-common/recipes-connectivity/openvpn/openvpn_2.5.6.bb b/meta-balena-common/recipes-connectivity/openvpn/openvpn_2.5.6.bb index cdb9e896b1..11d7cecc62 100644 --- a/meta-balena-common/recipes-connectivity/openvpn/openvpn_2.5.6.bb +++ b/meta-balena-common/recipes-connectivity/openvpn/openvpn_2.5.6.bb @@ -37,7 +37,7 @@ EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" do_install:append() { install -d ${D}/${sysconfdir}/init.d - install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d + install -m 755 ${UNPACKDIR}/openvpn ${D}/${sysconfdir}/init.d install -d ${D}/${sysconfdir}/openvpn install -d ${D}/${sysconfdir}/openvpn/sample @@ -48,16 +48,16 @@ do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}/${systemd_unitdir}/system - install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system - install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service - install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service + install -m 644 ${UNPACKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system + install -m 644 ${UNPACKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service + install -m 644 ${UNPACKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service install -d ${D}/${localstatedir} install -d ${D}/${localstatedir}/lib install -d -m 710 ${D}/${localstatedir}/lib/openvpn install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + install -m 0644 ${UNPACKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf fi } diff --git a/meta-balena-common/recipes-connectivity/redsocks/files/0003-Add-OS-dependent-default-configuration-values.patch b/meta-balena-common/recipes-connectivity/redsocks/files/0003-Add-OS-dependent-default-configuration-values.patch index d8a322204d..08c511177c 100644 --- a/meta-balena-common/recipes-connectivity/redsocks/files/0003-Add-OS-dependent-default-configuration-values.patch +++ b/meta-balena-common/recipes-connectivity/redsocks/files/0003-Add-OS-dependent-default-configuration-values.patch @@ -7,7 +7,7 @@ Make sure this patch matches the balena-proxy-config script which sets up the iptables rules. Signed-off-by: Andrei Gherzan -Upstream-Status: Inappropiate [Configuration] +Upstream-Status: Inappropriate [configuration] --- base.c | 6 ++++++ dnsu2t.c | 20 +++++++++++++++++--- diff --git a/meta-balena-common/recipes-connectivity/redsocks/files/0004-dnsu2t.c-Fix-dns-relay-when-there-is-no-TFO-cookie-c.patch b/meta-balena-common/recipes-connectivity/redsocks/files/0004-dnsu2t.c-Fix-dns-relay-when-there-is-no-TFO-cookie-c.patch index 0acae1270b..e31c01258f 100644 --- a/meta-balena-common/recipes-connectivity/redsocks/files/0004-dnsu2t.c-Fix-dns-relay-when-there-is-no-TFO-cookie-c.patch +++ b/meta-balena-common/recipes-connectivity/redsocks/files/0004-dnsu2t.c-Fix-dns-relay-when-there-is-no-TFO-cookie-c.patch @@ -29,6 +29,7 @@ callback function). [2] https://www.spinics.net/lists/linux-man/msg11329.html [3] https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/tfo-configuring.html#jd0e18 +Upstream-Status: Inappropriate [configuration] Signed-off-by: Andrei Gherzan --- dnsu2t.c | 17 +++++++++++++++++ diff --git a/meta-balena-common/recipes-connectivity/redsocks/redsocks_0.5.bb b/meta-balena-common/recipes-connectivity/redsocks/redsocks_0.5.bb index 68fa85925d..59aa657f3d 100644 --- a/meta-balena-common/recipes-connectivity/redsocks/redsocks_0.5.bb +++ b/meta-balena-common/recipes-connectivity/redsocks/redsocks_0.5.bb @@ -21,8 +21,6 @@ SRC_URI = " \ DEPENDS = "libevent" -S = "${WORKDIR}/git" - do_install () { install -d ${D}${bindir} install -m 0775 ${S}/redsocks ${D}${bindir}/redsocks @@ -30,8 +28,8 @@ do_install () { do_deploy() { mkdir -p "${DEPLOYDIR}/system-proxy/" - install -m 0600 "${WORKDIR}/redsocks.conf.ignore" "${DEPLOYDIR}/system-proxy/" - install -m 0600 "${WORKDIR}/README.ignore" "${DEPLOYDIR}/system-proxy/" + install -m 0600 "${UNPACKDIR}/redsocks.conf.ignore" "${DEPLOYDIR}/system-proxy/" + install -m 0600 "${UNPACKDIR}/README.ignore" "${DEPLOYDIR}/system-proxy/" } addtask deploy before do_package after do_install diff --git a/meta-balena-common/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta-balena-common/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb index f939945b08..b0d8fbb88a 100644 --- a/meta-balena-common/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb +++ b/meta-balena-common/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb @@ -41,7 +41,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ " SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f" -S = "${WORKDIR}/wpa_supplicant-${PV}" +S = "${UNPACKDIR}/wpa_supplicant-${PV}" inherit pkgconfig systemd @@ -83,15 +83,15 @@ do_install () { oe_runmake -C wpa_supplicant DESTDIR="${D}" install install -d ${D}${docdir}/wpa_supplicant - install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant + install -m 644 wpa_supplicant/README ${UNPACKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant install -d ${D}${sysconfdir} - install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf + install -m 600 ${UNPACKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf install -d ${D}${sysconfdir}/network/if-pre-up.d/ install -d ${D}${sysconfdir}/network/if-post-down.d/ install -d ${D}${sysconfdir}/network/if-down.d/ - install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant + install -m 755 ${UNPACKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant install -d ${D}/${sysconfdir}/dbus-1/system.d @@ -105,7 +105,7 @@ do_install () { fi install -d ${D}/etc/default/volatiles - install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles + install -m 0644 ${UNPACKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles install -d ${D}${includedir} install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir} diff --git a/meta-balena-common/recipes-containers/balena-supervisor/balena-supervisor.bb b/meta-balena-common/recipes-containers/balena-supervisor/balena-supervisor.bb index 584b97660f..b6a5b06627 100644 --- a/meta-balena-common/recipes-containers/balena-supervisor/balena-supervisor.bb +++ b/meta-balena-common/recipes-containers/balena-supervisor/balena-supervisor.bb @@ -56,7 +56,7 @@ python () { bb.fatal("balena-supervisor: There is no support for this architecture.") } -S = "${WORKDIR}" +S = "${UNPACKDIR}/${BP}" do_patch[noexec] = "1" do_compile[noexec] = "1" @@ -85,7 +85,7 @@ do_install () { fi # Generate supervisor conf install -d ${D}${sysconfdir}/balena-supervisor/ - install -m 0755 ${WORKDIR}/supervisor.conf ${D}${sysconfdir}/balena-supervisor/ + install -m 0755 ${UNPACKDIR}/supervisor.conf ${D}${sysconfdir}/balena-supervisor/ sed -i -e "s,@LED_FILE@,${LED_FILE},g" ${D}${sysconfdir}/balena-supervisor/supervisor.conf sed -i -e "s,@SUPERVISOR_VERSION@,${SUPERVISOR_VERSION},g" ${D}${sysconfdir}/balena-supervisor/supervisor.conf sed -i -e "s,@SUPERVISOR_IMAGE@,${SUPERVISOR_IMAGE},g" ${D}${sysconfdir}/balena-supervisor/supervisor.conf @@ -93,17 +93,17 @@ do_install () { install -d ${D}/resin-data install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/update-balena-supervisor ${D}${bindir} - install -m 0755 ${WORKDIR}/start-balena-supervisor ${D}${bindir} + install -m 0755 ${UNPACKDIR}/update-balena-supervisor ${D}${bindir} + install -m 0755 ${UNPACKDIR}/start-balena-supervisor ${D}${bindir} install -d ${D}${systemd_unitdir}/system # Yocto gets confused if we use strange file names - so we rename it here # https://bugzilla.yoctoproject.org/show_bug.cgi?id=8161 - install -c -m 0644 ${WORKDIR}/resin-data.mount ${D}${systemd_unitdir}/system/resin\\x2ddata.mount - install -c -m 0644 ${WORKDIR}/balena-supervisor.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/update-balena-supervisor.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/update-balena-supervisor.timer ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/migrate-supervisor-state.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/resin-data.mount ${D}${systemd_unitdir}/system/resin\\x2ddata.mount + install -c -m 0644 ${UNPACKDIR}/balena-supervisor.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/update-balena-supervisor.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/update-balena-supervisor.timer ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/migrate-supervisor-state.service ${D}${systemd_unitdir}/system # symlinks to legacy resin-supervisor systemd unit files ln -s balena-supervisor.service ${D}${systemd_unitdir}/system/resin-supervisor.service ln -s update-balena-supervisor.service ${D}${systemd_unitdir}/system/update-resin-supervisor.service @@ -114,11 +114,11 @@ do_install () { ${D}${systemd_unitdir}/system/*.service install -d ${D}/usr/lib/balena-supervisor - install -m 0755 ${WORKDIR}/balena-supervisor-healthcheck ${D}/usr/lib/balena-supervisor/balena-supervisor-healthcheck + install -m 0755 ${UNPACKDIR}/balena-supervisor-healthcheck ${D}/usr/lib/balena-supervisor/balena-supervisor-healthcheck # systemd tmpfiles configuration for supervisor mkdir -p ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/tmpfiles-supervisor.conf ${D}${sysconfdir}/tmpfiles.d/supervisor.conf + install -m 0644 ${UNPACKDIR}/tmpfiles-supervisor.conf ${D}${sysconfdir}/tmpfiles.d/supervisor.conf } do_deploy () { diff --git a/meta-balena-common/recipes-containers/balena/balena/0001-dynbinary-use-go-cross-compiler.patch b/meta-balena-common/recipes-containers/balena/balena/0001-dynbinary-use-go-cross-compiler.patch index 971c60d78a..2421ca4549 100644 --- a/meta-balena-common/recipes-containers/balena/balena/0001-dynbinary-use-go-cross-compiler.patch +++ b/meta-balena-common/recipes-containers/balena/balena/0001-dynbinary-use-go-cross-compiler.patch @@ -3,6 +3,7 @@ From: Bruce Ashfield Date: Tue, 30 Jun 2020 22:23:33 -0400 Subject: [PATCH] dynbinary: use go cross compiler +Upstream-Status: Inappropriate [configuration] Signed-off-by: Bruce Ashfield --- hack/make/.binary | 2 +- diff --git a/meta-balena-common/recipes-containers/balena/balena_git.bb b/meta-balena-common/recipes-containers/balena/balena_git.bb index d785e360af..f89546d564 100644 --- a/meta-balena-common/recipes-containers/balena/balena_git.bb +++ b/meta-balena-common/recipes-containers/balena/balena_git.bb @@ -25,7 +25,7 @@ SRCREV = "f4c93ad2b3c4ffa190ad29abba0a6f3e0779c797" # # 0: https://git.yoctoproject.org/meta-virtualization/tree/recipes-containers/docker/files SRC_URI = "\ - git://github.com/balena-os/balena-engine.git;branch=${BALENA_BRANCH};destsuffix=git/src/import;protocol=https \ + git://github.com/balena-os/balena-engine.git;branch=${BALENA_BRANCH};protocol=https;destsuffix=git/src/import \ file://balena.service \ file://balena-host.service \ file://balena-host.socket \ @@ -33,9 +33,9 @@ SRC_URI = "\ file://var-lib-docker.mount \ file://balena.conf.storagemigration \ file://balena-tmpfiles.conf \ - file://0001-dynbinary-use-go-cross-compiler.patch \ + file://0001-dynbinary-use-go-cross-compiler.patch;striplevel=1 \ " -S = "${WORKDIR}/git" +S = "${UNPACKDIR}/git/" CVE_PRODUCT = "balena:balena-engine mobyproject:moby" @@ -131,19 +131,19 @@ do_install() { install -d ${D}${systemd_unitdir}/system install -m 0644 ${S}/src/import/contrib/init/systemd/balena-engine.socket ${D}/${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/balena.service ${D}/${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/balena.service ${D}/${systemd_unitdir}/system sed -i -e "s,@ROOT_HOME@,${root_bindmount_name},g" ${D}/${systemd_unitdir}/system/balena.service - install -m 0644 ${WORKDIR}/balena-host.service ${D}/${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/balena-host.socket ${D}/${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/balena-host.service ${D}/${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/balena-host.socket ${D}/${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/var-lib-docker.mount ${D}/${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/var-lib-docker.mount ${D}/${systemd_unitdir}/system mkdir -p ${D}/usr/lib/balena - install -m 0755 ${WORKDIR}/balena-healthcheck ${D}/usr/lib/balena/balena-healthcheck + install -m 0755 ${UNPACKDIR}/balena-healthcheck ${D}/usr/lib/balena/balena-healthcheck install -d ${D}${sysconfdir}/systemd/system/balena.service.d - install -c -m 0644 ${WORKDIR}/balena.conf.storagemigration ${D}${sysconfdir}/systemd/system/balena.service.d/storagemigration.conf + install -c -m 0644 ${UNPACKDIR}/balena.conf.storagemigration ${D}${sysconfdir}/systemd/system/balena.service.d/storagemigration.conf install -d ${D}/${ROOT_HOME}/.docker ln -sf .docker ${D}/${ROOT_HOME}/.balena @@ -154,7 +154,7 @@ do_install() { ln -sf docker ${D}${localstatedir}/lib/balena-engine install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/balena-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${UNPACKDIR}/balena-tmpfiles.conf ${D}${sysconfdir}/tmpfiles.d/ } BBCLASSEXTEND = " native" diff --git a/meta-balena-common/recipes-containers/docker-disk/docker-disk.bb b/meta-balena-common/recipes-containers/docker-disk/docker-disk.bb index 9795fe37f8..1a74245213 100644 --- a/meta-balena-common/recipes-containers/docker-disk/docker-disk.bb +++ b/meta-balena-common/recipes-containers/docker-disk/docker-disk.bb @@ -7,7 +7,7 @@ SRC_URI = " \ file://entry.sh \ " -S = "${WORKDIR}" +S = "${UNPACKDIR}" B = "${S}/build" inherit deploy @@ -43,7 +43,7 @@ do_compile () { # docker daemon instead of the result of docker-native. This avoids version # mismatches DOCKER=$(PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" which docker) - cp "${TOPDIR}/../balena-yocto-scripts/automation/include/balena-api.inc" "${WORKDIR}/" + cp "${TOPDIR}/../balena-yocto-scripts/automation/include/balena-api.inc" "${UNPACKDIR}/" _token="${BALENA_API_TOKEN}" if [ -z "${_token}" ] && [ -f "~/.balena/token" ]; then @@ -55,7 +55,7 @@ do_compile () { _image_name="docker-disk-$RANDOM" _container_name="docker-disk-$RANDOM" $DOCKER rmi -f ${_image_name} > /dev/null 2>&1 || true - $DOCKER build -t ${_image_name} -f ${WORKDIR}/Dockerfile ${WORKDIR} + $DOCKER build -t ${_image_name} -f ${UNPACKDIR}/Dockerfile ${UNPACKDIR} $DOCKER run --privileged --rm \ -e BALENA_STORAGE=${BALENA_STORAGE} \ -e USER_ID=$(id -u) -e USER_GID=$(id -u) \ diff --git a/meta-balena-common/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bb b/meta-balena-common/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bb index 9a320548f0..cd7f9cc59b 100644 --- a/meta-balena-common/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bb +++ b/meta-balena-common/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bb @@ -6,7 +6,6 @@ SRC_URI = " \ file://update-hostapp-extensions \ file://update-hostapp-extensions.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -22,11 +21,11 @@ SYSTEMD_AUTO_ENABLE = "disable" do_install() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/update-hostapp-extensions ${D}${bindir} + install -m 0755 ${UNPACKDIR}/update-hostapp-extensions ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/update-hostapp-extensions.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/update-hostapp-extensions.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-containers/hostapp-update/hostapp-update.bb b/meta-balena-common/recipes-containers/hostapp-update/hostapp-update.bb index 0e7acdeba4..0bd576d79a 100644 --- a/meta-balena-common/recipes-containers/hostapp-update/hostapp-update.bb +++ b/meta-balena-common/recipes-containers/hostapp-update/hostapp-update.bb @@ -5,7 +5,6 @@ LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d9 SRC_URI = " \ file://hostapp-update \ " -S = "${WORKDIR}" inherit allarch @@ -21,5 +20,5 @@ RDEPENDS:${PN}:class-target += "os-helpers-reboot" do_install() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/hostapp-update ${D}${bindir} + install -m 0755 ${UNPACKDIR}/hostapp-update ${D}${bindir} } diff --git a/meta-balena-common/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bb b/meta-balena-common/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bb index 7d5d7fb65e..2c84925b31 100644 --- a/meta-balena-common/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bb +++ b/meta-balena-common/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bb @@ -25,13 +25,11 @@ python __anonymous() { d.setVar("BALENA_STORAGE", bs_machine) } -S = "${WORKDIR}" - do_compile () { rm -rf ${B}/work mkdir -p ${B}/work - cp Dockerfile create.* mkfs.hostapp ${B}/work/ + cp ${UNPACKDIR}/Dockerfile ${UNPACKDIR}/create.* ${UNPACKDIR}/mkfs.hostapp ${B}/work/ for i in ${B}/work/create.*; do sed -i "s/@BALENA_STORAGE@/${BALENA_STORAGE}/g" $i done @@ -48,7 +46,6 @@ do_compile[network] = "1" do_install () { install -d ${D}/${bindir} install ${B}/work/mkfs.hostapp ${D}/${bindir}/ - install -d ${D}/${datadir} install ${B}/work/mkfs-hostapp-image.tar ${D}/${datadir}/ } diff --git a/meta-balena-common/recipes-containers/mobynit/mobynit_git.bb b/meta-balena-common/recipes-containers/mobynit/mobynit_git.bb index a4a6b8fe0d..07d7710386 100644 --- a/meta-balena-common/recipes-containers/mobynit/mobynit_git.bb +++ b/meta-balena-common/recipes-containers/mobynit/mobynit_git.bb @@ -12,8 +12,6 @@ GO_IMPORT = "github.com/balena-os/mobynit" SRC_URI = "git://${GO_IMPORT};nobranch=1;protocol=https" SRCREV="0423d69ee52970bb8eeae46da8f1d5cf7a8c948c" -S = "${WORKDIR}/${BPN}/src/${GO_IMPORT}" - GOPROXY ??= "https://proxy.golang.org,direct" do_compile[network] = "1" @@ -21,6 +19,7 @@ do_compile() { cd ${S} unset GO_LDFLAGS unset GOPATH GOROOT + export GOCACHE="${B}/.cache" export GOPROXY="${GOPROXY}" oe_runmake diff --git a/meta-balena-common/recipes-containers/tini/tini_0.14.0.bb b/meta-balena-common/recipes-containers/tini/tini_0.14.0.bb index 749a26ac53..73856037b0 100644 --- a/meta-balena-common/recipes-containers/tini/tini_0.14.0.bb +++ b/meta-balena-common/recipes-containers/tini/tini_0.14.0.bb @@ -13,12 +13,12 @@ SRC_URI = " \ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=ffc9091894702bc5dcf4cc0085561ef5" -S = "${WORKDIR}/git" - BBCLASSEXTEND = "native" inherit cmake +EXTRA_OECMAKE:append = " -DCMAKE_POLICY_VERSION_MINIMUM=3.5" + do_install() { mkdir -p ${D}/${bindir} install -m 0755 ${B}/tini-static ${D}/${bindir}/balena-engine-init diff --git a/meta-balena-common/recipes-core/balena-rollback/balena-rollback.bb b/meta-balena-common/recipes-core/balena-rollback/balena-rollback.bb index 391b08f328..76a0e7e761 100644 --- a/meta-balena-common/recipes-core/balena-rollback/balena-rollback.bb +++ b/meta-balena-common/recipes-core/balena-rollback/balena-rollback.bb @@ -29,7 +29,6 @@ SRC_URI = " \ file://rollback-parse-bootloader \ file://rollback-board-healthcheck \ " -S = "${WORKDIR}" inherit allarch systemd @@ -42,15 +41,15 @@ SYSTEMD_SERVICE:${PN} = " \ do_install() { install -d ${D}${bindir} install -d ${D}${systemd_unitdir}/system - install -m 0775 ${S}/rollback-altboot ${D}${bindir} - install -m 0775 ${S}/rollback-check-version ${D}${bindir} - install -m 0775 ${S}/rollback-clear-bootcount ${D}${bindir} - install -m 0775 ${S}/rollback-health ${D}${bindir} - install -m 0775 ${S}/rollback-stop ${D}${bindir} - install -m 0775 ${S}/rollback-tests ${D}${bindir} - install -m 0775 ${S}/rollback-parse-bootloader ${D}${bindir} - install -m 0775 ${S}/rollback-board-healthcheck ${D}${bindir} - install -c -m 0644 ${S}/rollback-altboot.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${S}/rollback-clear-bootcount.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${S}/rollback-health.service ${D}${systemd_unitdir}/system + install -m 0775 ${UNPACKDIR}/rollback-altboot ${D}${bindir} + install -m 0775 ${UNPACKDIR}/rollback-check-version ${D}${bindir} + install -m 0775 ${UNPACKDIR}/rollback-clear-bootcount ${D}${bindir} + install -m 0775 ${UNPACKDIR}/rollback-health ${D}${bindir} + install -m 0775 ${UNPACKDIR}/rollback-stop ${D}${bindir} + install -m 0775 ${UNPACKDIR}/rollback-tests ${D}${bindir} + install -m 0775 ${UNPACKDIR}/rollback-parse-bootloader ${D}${bindir} + install -m 0775 ${UNPACKDIR}/rollback-board-healthcheck ${D}${bindir} + install -c -m 0644 ${UNPACKDIR}/rollback-altboot.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/rollback-clear-bootcount.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/rollback-health.service ${D}${systemd_unitdir}/system } diff --git a/meta-balena-common/recipes-core/base-files/base-files_%.bbappend b/meta-balena-common/recipes-core/base-files/base-files_%.bbappend index a1435ef636..671342dd2e 100644 --- a/meta-balena-common/recipes-core/base-files/base-files_%.bbappend +++ b/meta-balena-common/recipes-core/base-files/base-files_%.bbappend @@ -23,5 +23,5 @@ do_install_basefilesissue:append () { } do_install:append:libc-glibc () { - install -m 0644 ${WORKDIR}/mdns.allow ${D}${sysconfdir}/mdns.allow + install -m 0644 ${UNPACKDIR}/mdns.allow ${D}${sysconfdir}/mdns.allow } diff --git a/meta-balena-common/recipes-core/chrony/chrony/arm_eabi.patch b/meta-balena-common/recipes-core/chrony/chrony/arm_eabi.patch index 4a2769b843..07bb044c6d 100644 --- a/meta-balena-common/recipes-core/chrony/chrony/arm_eabi.patch +++ b/meta-balena-common/recipes-core/chrony/chrony/arm_eabi.patch @@ -1,36 +1,36 @@ -From f35e07aceb4a16121d83b47ee77990018bec98ea Mon Sep 17 00:00:00 2001 +From 7df907871b87772072abc94aeff2b7ba770e8f44 Mon Sep 17 00:00:00 2001 From: Joe Slater Date: Thu, 9 Mar 2017 10:58:06 -0800 Subject: [PATCH] chrony: fix build failure for arma9 - Eliminate references to syscalls not available - for ARM_EABI. Also add a dependency on libseccomp - which is needed for scfilter to work. +Eliminate references to syscalls not available +for ARM_EABI. Also add a dependency on libseccomp +which is needed for scfilter to work. - Set PACKAGECONFIG to not enable scfilter, since - kernel CONFIG_SECCOMP is unlikely to be set. This - aligns the usage of libseccomp with that of other packages. +Set PACKAGECONFIG to not enable scfilter, since +kernel CONFIG_SECCOMP is unlikely to be set. This +aligns the usage of libseccomp with that of other packages. - Upstream-Status: Pending +Upstream-Status: Pending - Signed-off-by: Joe Slater +Signed-off-by: Joe Slater - Refresh patch for new upstream version. +Refresh patch for new upstream version. - Signed-off-by: Robert Joslyn +Signed-off-by: Robert Joslyn - Refreshed for 4.0 +Refreshed for 4.0 - Signed-off-by: Khem Raj +Signed-off-by: Khem Raj --- sys_linux.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/sys_linux.c b/sys_linux.c -index 9cab2ef..8104b8f 100644 +index 8373e25..47b4459 100644 --- a/sys_linux.c +++ b/sys_linux.c -@@ -484,7 +484,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) +@@ -490,7 +490,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) #endif SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), @@ -38,15 +38,15 @@ index 9cab2ef..8104b8f 100644 /* Process */ SCMP_SYS(clone), -@@ -494,7 +493,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) +@@ -500,7 +499,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), - SCMP_SYS(getrlimit), SCMP_SYS(getuid), SCMP_SYS(getuid32), - SCMP_SYS(rt_sigaction), -@@ -508,7 +506,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) + #ifdef __NR_membarrier +@@ -520,7 +518,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) /* Memory */ SCMP_SYS(brk), SCMP_SYS(madvise), @@ -54,7 +54,7 @@ index 9cab2ef..8104b8f 100644 SCMP_SYS(mmap2), SCMP_SYS(mprotect), SCMP_SYS(mremap), -@@ -568,8 +565,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) +@@ -580,8 +577,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) SCMP_SYS(sendmsg), SCMP_SYS(sendto), SCMP_SYS(shutdown), @@ -63,15 +63,15 @@ index 9cab2ef..8104b8f 100644 /* General I/O */ SCMP_SYS(_newselect), -@@ -593,7 +588,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) +@@ -605,7 +600,6 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) #ifdef __NR_futex_time64 SCMP_SYS(futex_time64), #endif - SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), - -@@ -601,6 +595,15 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) + SCMP_SYS(writev), +@@ -614,6 +608,15 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname), @@ -87,6 +87,3 @@ index 9cab2ef..8104b8f 100644 }; const int denied_any[] = { --- -2.25.1 - diff --git a/meta-balena-common/recipes-core/chrony/chrony/chrony.conf b/meta-balena-common/recipes-core/chrony/chrony/chrony.conf index 8d226d31a5..d11e2d4069 100644 --- a/meta-balena-common/recipes-core/chrony/chrony/chrony.conf +++ b/meta-balena-common/recipes-core/chrony/chrony/chrony.conf @@ -1,3 +1,6 @@ +# Load config files matching the /etc/chrony/conf.d/*.conf pattern. +confdir /etc/chrony/conf.d + # Use public NTP servers from the pool.ntp.org project. # Please consider joining the pool project if possible by running your own # server(s). @@ -17,6 +20,10 @@ pool 0.openembedded.pool.ntp.org iburst # gpios = <&ps7_gpio_0 56 0>; # }; +# Load source files matching the /etc/chrony/sources.d/*.sources pattern. +# These can be reloaded using 'chronyc reload sources'. +sourcedir /etc/chrony/sources.d + # In first three updates step the system clock instead of slew # if the adjustment is larger than 1 second. makestep 1.0 3 diff --git a/meta-balena-common/recipes-core/chrony/chrony_%.bbappend b/meta-balena-common/recipes-core/chrony/chrony_%.bbappend index c58e5a5662..a0946aeb55 100644 --- a/meta-balena-common/recipes-core/chrony/chrony_%.bbappend +++ b/meta-balena-common/recipes-core/chrony/chrony_%.bbappend @@ -1,7 +1,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append = " \ - file://chrony.conf \ + file://balena_chrony.conf \ file://chronyd.conf.systemd \ file://chrony-helper \ file://chrony-healthcheck \ @@ -14,12 +14,12 @@ FILES:${PN} += "\ RDEPENDS:${PN} = "bash healthdog" do_install:append() { - install -m 0644 ${WORKDIR}/chrony.conf ${D}/${sysconfdir}/chrony.conf + install -m 0644 ${UNPACKDIR}/balena_chrony.conf ${D}/${sysconfdir}/chrony.conf # Install systemd drop-in for chronyd.service install -d ${D}${sysconfdir}/systemd/system/chronyd.service.d - install -m 0644 ${WORKDIR}/chronyd.conf.systemd ${D}${sysconfdir}/systemd/system/chronyd.service.d/chronyd.conf + install -m 0644 ${UNPACKDIR}/chronyd.conf.systemd ${D}${sysconfdir}/systemd/system/chronyd.service.d/chronyd.conf install -d ${D}${libexecdir} - install -m 0775 ${WORKDIR}/chrony-helper ${D}${libexecdir} - install -m 0775 ${WORKDIR}/chrony-healthcheck ${D}${libexecdir} + install -m 0775 ${UNPACKDIR}/chrony-helper ${D}${libexecdir} + install -m 0775 ${UNPACKDIR}/chrony-healthcheck ${D}${libexecdir} } diff --git a/meta-balena-common/recipes-core/chrony/chrony_4.2.bb b/meta-balena-common/recipes-core/chrony/chrony_4.8.bb similarity index 76% rename from meta-balena-common/recipes-core/chrony/chrony_4.2.bb rename to meta-balena-common/recipes-core/chrony/chrony_4.8.bb index 8ce9e1db55..47d359154c 100644 --- a/meta-balena-common/recipes-core/chrony/chrony_4.2.bb +++ b/meta-balena-common/recipes-core/chrony/chrony_4.8.bb @@ -30,37 +30,27 @@ SECTION = "net" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \ +SRC_URI = "https://chrony-project.org/releases/chrony-${PV}.tar.gz \ file://chrony.conf \ file://chronyd \ file://arm_eabi.patch \ " -SRC_URI:append:libc-musl = " \ - file://0001-Fix-compilation-with-musl.patch \ -" -SRC_URI[sha256sum] = "273f9fd15c328ed6f3a5f6ba6baec35a421a34a73bb725605329b1712048db9a" +SRC_URI[sha256sum] = "33ea8eb2a4daeaa506e8fcafd5d6d89027ed6f2f0609645c6f149b560d301706" DEPENDS = "pps-tools" # Note: Despite being built via './configure; make; make install', # chrony does not use GNU Autotools. -inherit update-rc.d systemd +inherit update-rc.d systemd pkgconfig # Add chronyd user if privdrop packageconfig is selected inherit ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'useradd', '', d)} USERADD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '${PN}', '', d)}" -USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}" +USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /sbin/nologin chronyd;', '', d)}" +GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system chronyd', '', d)}" # Configuration options: -# - For command line editing support in chronyc, you may specify either -# 'editline' or 'readline' but not both. editline is smaller, but -# many systems already have readline for other purposes so you might want -# to choose that instead. However, beware license incompatibility -# since chrony is GPLv2 and readline versions after 6.0 are GPLv3+. -# You can of course choose neither, but if you're that tight on space -# consider dropping chronyc entirely (you can use it remotely with -# appropriate chrony.conf options). # - Security-related: # - 'sechash' is omitted by default because it pulls in nss which is huge. # - 'privdrop' allows chronyd to run as non-root; would need changes to @@ -70,14 +60,12 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--sys PACKAGECONFIG ??= "editline \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline" PACKAGECONFIG[editline] = ",--without-editline,libedit" PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" -PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap" +PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp" PACKAGECONFIG[ipv6] = ",--disable-ipv6," -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" +PACKAGECONFIG[nts] = ",--disable-nts,gnutls" # --disable-static isn't supported by chrony's configure script. DISABLE_STATIC = "" @@ -101,7 +89,8 @@ do_install() { # Config file install -d ${D}${sysconfdir} - install -m 644 ${WORKDIR}/chrony.conf ${D}${sysconfdir} + + install -m 644 ${UNPACKDIR}/chrony.conf ${D}${sysconfdir} if ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'true', 'false', d)}; then echo "# Define user to drop to after dropping root privileges" >> ${D}${sysconfdir}/chrony.conf echo "user chronyd" >> ${D}${sysconfdir}/chrony.conf @@ -109,15 +98,12 @@ do_install() { # System V init script install -d ${D}${sysconfdir}/init.d - install -m 755 ${WORKDIR}/chronyd ${D}${sysconfdir}/init.d + install -m 755 ${UNPACKDIR}/chronyd ${D}${sysconfdir}/init.d # systemd unit configuration file install -d ${D}${systemd_unitdir}/system install -m 0644 ${S}/examples/chronyd.service ${D}${systemd_unitdir}/system/ - # Variable data (for drift and/or rtc file) - install -d ${D}${localstatedir}/lib/chrony - # Fix hard-coded paths in config files and init scripts sed -i -e 's!/var/!${localstatedir}/!g' -e 's!/etc/!${sysconfdir}/!g' \ -e 's!/usr/sbin/!${sbindir}/!g' -e 's!/usr/bin/!${bindir}/!g' \ @@ -127,12 +113,25 @@ do_install() { sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/chronyd sed -i 's!^EnvironmentFile=.*!EnvironmentFile=-${sysconfdir}/default/chronyd!' ${D}${systemd_unitdir}/system/chronyd.service - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /var/lib/chrony 0755 root root -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + if ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'true', 'false', d)}; then + echo "d /var/lib/chrony 0755 chronyd chronyd -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf + else + echo "d /var/lib/chrony 0755 root root -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf + fi + else + install -d ${D}${sysconfdir}/default/volatiles + if ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'true', 'false', d)}; then + echo "d chronyd chronyd 0755 /var/lib/chrony none" > "${D}${sysconfdir}/default/volatiles/00_runtime_chrony_dirs" + else + echo "d root root 0755 /var/lib/chrony none" > "${D}${sysconfdir}/default/volatiles/00_runtime_chrony_dirs" + fi + fi } -FILES:${PN} = "${sbindir}/chronyd ${sysconfdir} ${localstatedir}/lib/chrony ${localstatedir}" +FILES:${PN} = "${sbindir}/chronyd ${sysconfdir}" CONFFILES:${PN} = "${sysconfdir}/chrony.conf" INITSCRIPT_NAME = "chronyd" INITSCRIPT_PARAMS = "defaults" diff --git a/meta-balena-common/recipes-core/chrony/files/balena_chrony.conf b/meta-balena-common/recipes-core/chrony/files/balena_chrony.conf new file mode 100644 index 0000000000..738cd47d3d --- /dev/null +++ b/meta-balena-common/recipes-core/chrony/files/balena_chrony.conf @@ -0,0 +1,13 @@ +pool 0.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1 +pool 1.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1 +pool 2.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1 +pool 3.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1 +sourcedir /run/chrony +driftfile /var/lib/chrony/drift +maxupdateskew 100 +makestep 1 -1 +logchange 1 +maxdistance 16 +hwtimestamp * +rtcsync +acquisitionport 1234 diff --git a/meta-balena-common/recipes-core/extra-udev-rules/extra-udev-rules.bb b/meta-balena-common/recipes-core/extra-udev-rules/extra-udev-rules.bb index 66ec3b2091..290df491b7 100644 --- a/meta-balena-common/recipes-core/extra-udev-rules/extra-udev-rules.bb +++ b/meta-balena-common/recipes-core/extra-udev-rules/extra-udev-rules.bb @@ -12,11 +12,11 @@ SRC_URI = " \ do_install:append() { # Rules to prevent ModemManager attempting to use Teensy boards as a modem - install -D -m 0644 ${WORKDIR}/00-teensy.rules ${D}/usr/lib/udev/rules.d/00-teensy.rules + install -D -m 0644 ${UNPACKDIR}/00-teensy.rules ${D}/usr/lib/udev/rules.d/00-teensy.rules # Install miscellaneous rules file - install -D -m 0644 ${WORKDIR}/99-misc.rules ${D}/usr/lib/udev/rules.d/99-misc.rules + install -D -m 0644 ${UNPACKDIR}/99-misc.rules ${D}/usr/lib/udev/rules.d/99-misc.rules # Install wlan rules file - install -D -m 0644 ${WORKDIR}/79-wlan-power.rules ${D}/usr/lib/udev/rules.d/79-wlan-power.rules + install -D -m 0644 ${UNPACKDIR}/79-wlan-power.rules ${D}/usr/lib/udev/rules.d/79-wlan-power.rules } diff --git a/meta-balena-common/recipes-core/fatrw/fatrw_0.2.21.bb b/meta-balena-common/recipes-core/fatrw/fatrw_0.2.21.bb index 72187d63f9..8e3b0eb323 100644 --- a/meta-balena-common/recipes-core/fatrw/fatrw_0.2.21.bb +++ b/meta-balena-common/recipes-core/fatrw/fatrw_0.2.21.bb @@ -7,12 +7,11 @@ inherit balena_cargo # how to get fatrw could be as easy as but default to a git checkout: # SRC_URI += "crate://crates.io/fatrw/0.2.21" -SRC_URI += "git://git@github.com/balena-os/fatrw.git;protocol=ssh;nobranch=1" +SRC_URI += "git://git@github.com/balena-os/fatrw.git;protocol=ssh;nobranch=1;destsuffix=git" SRCREV = "228b66078678317ea28802369719b235cd10d56f" -S = "${WORKDIR}/git" +S = "${@d.getVar('UNPACKDIR') or d.getVar('WORKDIR')}/git" CARGO_SRC_DIR = "" - # please note if you have entries that do not begin with crate:// # you must change them to how that package can be fetched SRC_URI += " \ diff --git a/meta-balena-common/recipes-core/healthdog/healthdog.inc b/meta-balena-common/recipes-core/healthdog/healthdog.inc index ac14b4b6dd..26b17ca3b2 100644 --- a/meta-balena-common/recipes-core/healthdog/healthdog.inc +++ b/meta-balena-common/recipes-core/healthdog/healthdog.inc @@ -1,2 +1,4 @@ -inherit cargo-dyn +inherit cargo-dyn pkgconfig DEPENDS += "systemd pkgconfig-native" + +S = "${@d.getVar('UNPACKDIR') + '/git' if d.getVar('UNPACKDIR') else d.getVar('WORKDIR') + '/git'}" diff --git a/meta-balena-common/recipes-core/healthdog/healthdog_1.0.6.bb b/meta-balena-common/recipes-core/healthdog/healthdog_1.0.6.bb index 62111ce6bd..f72dbce2d4 100644 --- a/meta-balena-common/recipes-core/healthdog/healthdog_1.0.6.bb +++ b/meta-balena-common/recipes-core/healthdog/healthdog_1.0.6.bb @@ -7,9 +7,9 @@ inherit balena_cargo # how to get healthdog could be as easy as but default to a git checkout: # SRC_URI += "crate://crates.io/healthdog/1.0.6" -SRC_URI += "git://github.com/balena-os/healthdog-rs.git;protocol=https;nobranch=1" +SRC_URI += "git://github.com/balena-os/healthdog-rs.git;protocol=https;nobranch=1;destsuffix=git" SRCREV = "37f9dbb37a399e5548fe47477ddd027bb846212d" -S = "${WORKDIR}/git" + CARGO_SRC_DIR = "" diff --git a/meta-balena-common/recipes-core/images/balena-image-flasher.bb b/meta-balena-common/recipes-core/images/balena-image-flasher.bb index 12ae0baaba..3863832353 100644 --- a/meta-balena-common/recipes-core/images/balena-image-flasher.bb +++ b/meta-balena-common/recipes-core/images/balena-image-flasher.bb @@ -1,6 +1,7 @@ SUMMARY = "Resin image flasher" IMAGE_LINGUAS = " " LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" inherit core-image image-balena features_check diff --git a/meta-balena-common/recipes-core/images/balena-image.bb b/meta-balena-common/recipes-core/images/balena-image.bb index d9bfe9362e..b74de3e696 100644 --- a/meta-balena-common/recipes-core/images/balena-image.bb +++ b/meta-balena-common/recipes-core/images/balena-image.bb @@ -1,6 +1,7 @@ SUMMARY = "Resin image" IMAGE_LINGUAS = " " LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" REQUIRED_DISTRO_FEATURES += " systemd" @@ -38,7 +39,7 @@ IMAGE_INSTALL = " \ " # add packages for LUKS operations if necessary -IMAGE_INSTALL:append = "${@oe.utils.conditional('SIGN_API','','',' cryptsetup lvm2-udevrules',d)}" +IMAGE_INSTALL:append = "${@oe.utils.conditional('SIGN_API','','',' cryptsetup lvm2',d)}" IMAGE_INSTALL:append = "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' tpm2-tools libtss2-tcti-device os-helpers-tpm2', '',d)}" generate_rootfs_fingerprints () { diff --git a/meta-balena-common/recipes-core/initrdscripts/initramfs-framework_%.bbappend b/meta-balena-common/recipes-core/initrdscripts/initramfs-framework_%.bbappend index 5cea782324..87aa9c70f7 100644 --- a/meta-balena-common/recipes-core/initrdscripts/initramfs-framework_%.bbappend +++ b/meta-balena-common/recipes-core/initrdscripts/initramfs-framework_%.bbappend @@ -20,30 +20,30 @@ SRC_URI:append = " \ " do_install:append() { - install -m 0755 ${WORKDIR}/console_null_workaround ${D}/init.d/000-console_null_workaround - install -m 0755 ${WORKDIR}/prepare ${D}/init.d/70-prepare - install -m 0755 ${WORKDIR}/fsuuidsinit ${D}/init.d/75-fsuuidsinit - install -m 0755 ${WORKDIR}/fsck ${D}/init.d/87-fsck - install -m 0755 ${WORKDIR}/rootfs ${D}/init.d/90-rootfs - install -m 0755 ${WORKDIR}/migrate ${D}/init.d/92-migrate - install -m 0755 ${WORKDIR}/finish ${D}/init.d/99-finish - - install -m 0755 ${WORKDIR}/machineid ${D}/init.d/91-machineid - install -m 0755 ${WORKDIR}/resindataexpander ${D}/init.d/88-resindataexpander - install -m 0755 ${WORKDIR}/rorootfs ${D}/init.d/89-rorootfs - install -m 0755 ${WORKDIR}/udevcleanup ${D}/init.d/98-udevcleanup + install -m 0755 ${UNPACKDIR}/console_null_workaround ${D}/init.d/000-console_null_workaround + install -m 0755 ${UNPACKDIR}/prepare ${D}/init.d/70-prepare + install -m 0755 ${UNPACKDIR}/fsuuidsinit ${D}/init.d/75-fsuuidsinit + install -m 0755 ${UNPACKDIR}/fsck ${D}/init.d/87-fsck + install -m 0755 ${UNPACKDIR}/rootfs ${D}/init.d/90-rootfs + install -m 0755 ${UNPACKDIR}/migrate ${D}/init.d/92-migrate + install -m 0755 ${UNPACKDIR}/finish ${D}/init.d/99-finish + + install -m 0755 ${UNPACKDIR}/machineid ${D}/init.d/91-machineid + install -m 0755 ${UNPACKDIR}/resindataexpander ${D}/init.d/88-resindataexpander + install -m 0755 ${UNPACKDIR}/rorootfs ${D}/init.d/89-rorootfs + install -m 0755 ${UNPACKDIR}/udevcleanup ${D}/init.d/98-udevcleanup if [ ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'true', 'false',d)} = 'true' ] && [ ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'true', 'false',d)} = 'true' ]; then - install -m 0755 ${WORKDIR}/cryptsetup-efi-tpm ${D}/init.d/72-cryptsetup + install -m 0755 ${UNPACKDIR}/cryptsetup-efi-tpm ${D}/init.d/72-cryptsetup else - install -m 0755 ${WORKDIR}/cryptsetup ${D}/init.d/72-cryptsetup + install -m 0755 ${UNPACKDIR}/cryptsetup ${D}/init.d/72-cryptsetup fi - install -m 0755 ${WORKDIR}/recovery ${D}/init.d/00-recovery + install -m 0755 ${UNPACKDIR}/recovery ${D}/init.d/00-recovery - install -m 0755 ${WORKDIR}/kexec ${D}/init.d/92-kexec + install -m 0755 ${UNPACKDIR}/kexec ${D}/init.d/92-kexec sed -i -e "s,@@KERNEL_IMAGETYPE@@,${KERNEL_IMAGETYPE}," "${D}/init.d/92-kexec" sed -i -e "s,@@KERNEL_IMAGETYPE@@,${KERNEL_IMAGETYPE}," "${D}/init.d/92-migrate" - install -m 0755 ${WORKDIR}/zram ${D}/init.d/12-zram + install -m 0755 ${UNPACKDIR}/zram ${D}/init.d/12-zram } PACKAGES:append = " \ @@ -97,7 +97,7 @@ RDEPENDS:initramfs-module-fsuuidsinit = "${PN}-base" FILES:initramfs-module-fsuuidsinit = "/init.d/75-fsuuidsinit" SUMMARY:initramfs-module-cryptsetup = "Unlock encrypted partitions" -RDEPENDS:initramfs-module-cryptsetup = "${PN}-base cryptsetup libgcc lvm2-udevrules os-helpers-logging os-helpers-fs balena-config-vars-config" +RDEPENDS:initramfs-module-cryptsetup = "${PN}-base cryptsetup libgcc lvm2 os-helpers-logging os-helpers-fs balena-config-vars-config" RDEPENDS:initramfs-module-cryptsetup:append = "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' os-helpers-tpm2', '',d)}" RDEPENDS:initramfs-module-cryptsetup:append = "${@bb.utils.contains('MACHINE_FEATURES', 'efi', ' os-helpers-efi', '',d)}" FILES:initramfs-module-cryptsetup = "/init.d/72-cryptsetup" diff --git a/meta-balena-common/recipes-core/initrdscripts/initramfs-module-abroot_1.0.bb b/meta-balena-common/recipes-core/initrdscripts/initramfs-module-abroot_1.0.bb index f0d772cb80..250e9b9d1a 100644 --- a/meta-balena-common/recipes-core/initrdscripts/initramfs-module-abroot_1.0.bb +++ b/meta-balena-common/recipes-core/initrdscripts/initramfs-module-abroot_1.0.bb @@ -15,11 +15,9 @@ inherit allarch FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI = "file://abroot" -S = "${WORKDIR}" - do_install() { install -d ${D}/init.d - install -m 0755 ${WORKDIR}/abroot ${D}/init.d/74-abroot + install -m 0755 ${UNPACKDIR}/abroot ${D}/init.d/74-abroot } FILES:${PN} = "/init.d/74-abroot" diff --git a/meta-balena-common/recipes-core/initrdscripts/initramfs-module-extrafw_1.0.bb b/meta-balena-common/recipes-core/initrdscripts/initramfs-module-extrafw_1.0.bb index 463b5d2438..cb3de6fd4d 100644 --- a/meta-balena-common/recipes-core/initrdscripts/initramfs-module-extrafw_1.0.bb +++ b/meta-balena-common/recipes-core/initrdscripts/initramfs-module-extrafw_1.0.bb @@ -13,11 +13,9 @@ inherit allarch FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI = "file://extrafw" -S = "${WORKDIR}" - do_install() { install -d ${D}/init.d - install -m 0755 ${WORKDIR}/extrafw ${D}/init.d/81-extrafw + install -m 0755 ${UNPACKDIR}/extrafw ${D}/init.d/81-extrafw } FILES:${PN} = "/init.d/81-extrafw" diff --git a/meta-balena-common/recipes-core/initrdscripts/initramfs-module-mountboot_1.0.bb b/meta-balena-common/recipes-core/initrdscripts/initramfs-module-mountboot_1.0.bb index bd02b0d8e2..4bff9afb72 100644 --- a/meta-balena-common/recipes-core/initrdscripts/initramfs-module-mountboot_1.0.bb +++ b/meta-balena-common/recipes-core/initrdscripts/initramfs-module-mountboot_1.0.bb @@ -13,11 +13,9 @@ inherit allarch FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI = "file://mountboot" -S = "${WORKDIR}" - do_install() { install -d ${D}/init.d - install -m 0755 ${WORKDIR}/mountboot ${D}/init.d/73-mountboot + install -m 0755 ${UNPACKDIR}/mountboot ${D}/init.d/73-mountboot } FILES:${PN} = "/init.d/73-mountboot" diff --git a/meta-balena-common/recipes-core/os-config/os-config.inc b/meta-balena-common/recipes-core/os-config/os-config.inc index 0df770ec5c..d2b73ca250 100644 --- a/meta-balena-common/recipes-core/os-config/os-config.inc +++ b/meta-balena-common/recipes-core/os-config/os-config.inc @@ -1,4 +1,4 @@ -inherit systemd cargo-dyn +inherit systemd cargo-dyn pkgconfig DEPENDS += "dbus openssl pkgconfig-native" @@ -20,11 +20,11 @@ SYSTEMD_SERVICE:${PN} = " \ do_compile[network] = "1" do_install:append() { install -d ${D}${sysconfdir} - install -m 0644 ${WORKDIR}/os-config.json ${D}${sysconfdir} + install -m 0644 ${UNPACKDIR}/os-config.json ${D}${sysconfdir} install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/os-config.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/os-config.timer ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/os-config-devicekey.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/os-config.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/os-config.timer ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/os-config-devicekey.service ${D}${systemd_unitdir}/system } diff --git a/meta-balena-common/recipes-core/os-config/os-config/0001-Adjust-CONFIG_JSON_FLASHER_PATH-based-on-OS-changes.patch b/meta-balena-common/recipes-core/os-config/os-config/0001-Adjust-CONFIG_JSON_FLASHER_PATH-based-on-OS-changes.patch index bed6912de4..0f8d05400d 100644 --- a/meta-balena-common/recipes-core/os-config/os-config/0001-Adjust-CONFIG_JSON_FLASHER_PATH-based-on-OS-changes.patch +++ b/meta-balena-common/recipes-core/os-config/os-config/0001-Adjust-CONFIG_JSON_FLASHER_PATH-based-on-OS-changes.patch @@ -4,7 +4,7 @@ Date: Thu, 23 Aug 2018 11:22:12 +0100 Subject: [PATCH] Adjust CONFIG_JSON_FLASHER_PATH based on OS changes Signed-off-by: Andrei Gherzan -Upstream-status: Pending +Upstream-Status: Inappropriate [configuration] --- src/args.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-balena-common/recipes-core/os-config/os-config/0002-Add-auth.-header-to-os-v1-config-requests.patch b/meta-balena-common/recipes-core/os-config/os-config/0002-Add-auth.-header-to-os-v1-config-requests.patch index f380f3f81b..75eeaf542e 100644 --- a/meta-balena-common/recipes-core/os-config/os-config/0002-Add-auth.-header-to-os-v1-config-requests.patch +++ b/meta-balena-common/recipes-core/os-config/os-config/0002-Add-auth.-header-to-os-v1-config-requests.patch @@ -6,6 +6,7 @@ Subject: [PATCH] Add auth. header to /os/v1/config requests * this allows the API to identify devices requesting configuration and apply routing logic (e.g. switch from TCP to UDP OpenVPN configuration) +Upstream-Status: Inappropriate [configuration] change-type: minor --- src/args.rs | 2 +- diff --git a/meta-balena-common/recipes-core/os-config/os-config_1.2.11.bb b/meta-balena-common/recipes-core/os-config/os-config_1.2.11.bb index ab21be62d8..de71d17456 100644 --- a/meta-balena-common/recipes-core/os-config/os-config_1.2.11.bb +++ b/meta-balena-common/recipes-core/os-config/os-config_1.2.11.bb @@ -7,9 +7,8 @@ inherit balena_cargo balena-configurable # how to get os-config could be as easy as but default to a git checkout: # SRC_URI += "crate://crates.io/os-config/1.2.11" -SRC_URI += "git://git@github.com/balena-os/os-config.git;protocol=https;nobranch=1" +SRC_URI += "git://git@github.com/balena-os/os-config.git;protocol=https;nobranch=1;" SRCREV = "f207b2a73e1ebe11e33ed35351b38ba50592af7f" -S = "${WORKDIR}/git" CARGO_SRC_DIR = "" @@ -590,8 +589,7 @@ SRC_URI[ws2_32-sys-0.2.1.sha256sum] = "d59cefebd0c892fa2dd6de581e937301d8552cb44 SRCREV_FORMAT .= "_fatrw" SRCREV_fatrw = "04629a208b9035d642e51db54886f3d39d7ee029" -EXTRA_OECARGO_PATHS += "${WORKDIR}/fatrw" - +EXTRA_OECARGO_PATHS += "${@d.getVar('UNPACKDIR') or d.getVar('WORKDIR')}/fatrw" # FIXME: update generateme with the real MD5 of the license file LIC_FILES_CHKSUM = " \ file://Apache-2.0;md5=86d3f3a95c324c9479bd8986968f4327 \ diff --git a/meta-balena-common/recipes-core/packagegroups/packagegroup-resin.bb b/meta-balena-common/recipes-core/packagegroups/packagegroup-resin.bb index ffda60af25..243710ee90 100644 --- a/meta-balena-common/recipes-core/packagegroups/packagegroup-resin.bb +++ b/meta-balena-common/recipes-core/packagegroups/packagegroup-resin.bb @@ -3,7 +3,7 @@ LICENSE = "Apache-2.0" PR = "r1" -PACKAGE_ARCH="${TUNE_PKGARCH}" +PACKAGE_ARCH = "${TUNE_PKGARCH}" inherit packagegroup diff --git a/meta-balena-common/recipes-core/plymouth/plymouth-balena-theme.bb b/meta-balena-common/recipes-core/plymouth/plymouth-balena-theme.bb index 27db63d4b8..1a45cde70b 100644 --- a/meta-balena-common/recipes-core/plymouth/plymouth-balena-theme.bb +++ b/meta-balena-common/recipes-core/plymouth/plymouth-balena-theme.bb @@ -18,9 +18,9 @@ inherit allarch do_install () { mkdir -p ${D}${datadir}/plymouth/themes/balena - install -m 644 ${WORKDIR}/balena.script ${D}${datadir}/plymouth/themes/balena/ - install -m 644 ${WORKDIR}/balena.plymouth ${D}${datadir}/plymouth/themes/balena/ - install -m 644 ${WORKDIR}/plymouthd.defaults ${D}${datadir}/plymouth/ + install -m 644 ${UNPACKDIR}/balena.script ${D}${datadir}/plymouth/themes/balena/ + install -m 644 ${UNPACKDIR}/balena.plymouth ${D}${datadir}/plymouth/themes/balena/ + install -m 644 ${UNPACKDIR}/plymouthd.defaults ${D}${datadir}/plymouth/ } FILES:${PN} = "${datadir}/plymouth/*" diff --git a/meta-balena-common/recipes-core/plymouth/plymouth_%.bbappend b/meta-balena-common/recipes-core/plymouth/plymouth_%.bbappend index 69ec56f97b..6936c477da 100644 --- a/meta-balena-common/recipes-core/plymouth/plymouth_%.bbappend +++ b/meta-balena-common/recipes-core/plymouth/plymouth_%.bbappend @@ -43,7 +43,7 @@ do_install:append() { plymouth-switch-root.service \ systemd-ask-password-plymouth.path; do install -d -m 0755 ${D}${libdir}/systemd/system/${unit}.d - install -m 0644 ${WORKDIR}/plymouth-disable-containerized.conf \ + install -m 0644 ${UNPACKDIR}/plymouth-disable-containerized.conf \ ${D}${libdir}/systemd/system/${unit}.d done @@ -53,12 +53,12 @@ do_install:append() { plymouth-poweroff.service \ plymouth-reboot.service; do install -d -m 0755 ${D}${libdir}/systemd/system/${unit}.d - install -m 0644 ${WORKDIR}/plymouth-stop-balena-os.conf \ + install -m 0644 ${UNPACKDIR}/plymouth-stop-balena-os.conf \ ${D}${libdir}/systemd/system/${unit}.d done install -d -m 0755 ${D}${libdir}/systemd/system/plymouth-start.service.d - install -m 0644 ${WORKDIR}/plymouth-start-balena-os.conf \ + install -m 0644 ${UNPACKDIR}/plymouth-start-balena-os.conf \ ${D}${libdir}/systemd/system/plymouth-start.service.d } @@ -68,7 +68,7 @@ FILES:${PN} += " \ " do_deploy() { - install ${WORKDIR}/balena-logo.png ${DEPLOYDIR}/balena-logo.png + install ${UNPACKDIR}/balena-logo.png ${DEPLOYDIR}/balena-logo.png } # by setting a logo we avoid installing the default one diff --git a/meta-balena-common/recipes-core/systemd/disk-watchdog.bb b/meta-balena-common/recipes-core/systemd/disk-watchdog.bb index dcbd2827cd..589bef17b7 100644 --- a/meta-balena-common/recipes-core/systemd/disk-watchdog.bb +++ b/meta-balena-common/recipes-core/systemd/disk-watchdog.bb @@ -3,15 +3,13 @@ DESCRIPTION = "A watchdog service that monitors disk health" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" -SRC_URI = "git://github.com/balena-os/disk-watchdogd.git;branch=master;protocol=https" +SRC_URI = "git://github.com/balena-os/disk-watchdogd.git;branch=master;protocol=https;" SRCREV = "1060e49da45d9bfda3047856d66bdc7c6b8c1911" SRC_URI += "file://disk-watchdogd.service \ file://disk-watchdog-boot-history.service \ file://disk-watchdog-boot-history" -S = "${WORKDIR}/git" - WD_TEST_FILE ?= "${bindir}/disk-watchdogd" DISK_WD_BOOT_DIR ?= "/mnt/state/disk-watchdog" @@ -37,14 +35,14 @@ do_install() { -e 's|@WD_TEST_FILE@|${WD_TEST_FILE}|g' \ -e 's|@OS_HELPERS_FS@|${libexecdir}/os-helpers-fs|g' \ -e 's|@DISK_WD_BOOT_DIR@|${DISK_WD_BOOT_DIR}|g' \ - ${WORKDIR}/disk-watchdogd.service + ${UNPACKDIR}/disk-watchdogd.service # Substitute paths in boot history script sed -i -e 's|@DISK_WD_BOOT_DIR@|${DISK_WD_BOOT_DIR}|g' \ - ${WORKDIR}/disk-watchdog-boot-history + ${UNPACKDIR}/disk-watchdog-boot-history install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/disk-watchdogd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/disk-watchdog-boot-history.service ${D}${systemd_unitdir}/system/ - install -m 0755 ${WORKDIR}/disk-watchdog-boot-history ${D}${bindir}/ + install -m 0644 ${UNPACKDIR}/disk-watchdogd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/disk-watchdog-boot-history.service ${D}${systemd_unitdir}/system/ + install -m 0755 ${UNPACKDIR}/disk-watchdog-boot-history ${D}${bindir}/ } diff --git a/meta-balena-common/recipes-core/systemd/periodic-vacuum-logs.bb b/meta-balena-common/recipes-core/systemd/periodic-vacuum-logs.bb index 7d0925f8f6..56c5463745 100644 --- a/meta-balena-common/recipes-core/systemd/periodic-vacuum-logs.bb +++ b/meta-balena-common/recipes-core/systemd/periodic-vacuum-logs.bb @@ -22,6 +22,6 @@ do_build[noexec] = "1" do_install() { install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/periodic-vacuum-logs.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/periodic-vacuum-logs.timer ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/periodic-vacuum-logs.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/periodic-vacuum-logs.timer ${D}${systemd_unitdir}/system/ } diff --git a/meta-balena-common/recipes-core/systemd/systemd-serialgetty.bbappend b/meta-balena-common/recipes-core/systemd/systemd-serialgetty.bbappend index 75bdc0d0e6..c0a0b89733 100644 --- a/meta-balena-common/recipes-core/systemd/systemd-serialgetty.bbappend +++ b/meta-balena-common/recipes-core/systemd/systemd-serialgetty.bbappend @@ -4,5 +4,5 @@ SRC_URI:append = " file://development-features.conf" do_install:append() { install -d ${D}${sysconfdir}/systemd/system/serial-getty@.service.d - install -m 0644 ${WORKDIR}/development-features.conf ${D}${sysconfdir}/systemd/system/serial-getty@.service.d/development-features.conf + install -m 0644 ${UNPACKDIR}/development-features.conf ${D}${sysconfdir}/systemd/system/serial-getty@.service.d/development-features.conf } diff --git a/meta-balena-common/recipes-core/systemd/systemd_%.bbappend b/meta-balena-common/recipes-core/systemd/systemd_%.bbappend index 3978c21d35..98d05150e2 100644 --- a/meta-balena-common/recipes-core/systemd/systemd_%.bbappend +++ b/meta-balena-common/recipes-core/systemd/systemd_%.bbappend @@ -51,17 +51,17 @@ do_install:append() { rm -f ${D}${systemd_unitdir}/system/time-set.target install -d -m 0755 ${D}/${sysconfdir}/systemd/journald.conf.d - install -m 06444 ${WORKDIR}/journald-balena-os.conf ${D}/${sysconfdir}/systemd/journald.conf.d + install -m 06444 ${UNPACKDIR}/journald-balena-os.conf ${D}/${sysconfdir}/systemd/journald.conf.d # install drop-in configs to disable these services when running containerized install -d -m 0755 ${D}/${sysconfdir}/systemd/system/getty@.service.d - install -m 0644 ${WORKDIR}/condition-virtualization-not-docker.conf \ + install -m 0644 ${UNPACKDIR}/condition-virtualization-not-docker.conf \ ${D}/${sysconfdir}/systemd/system/getty@.service.d install -d -m 0755 ${D}/${sysconfdir}/systemd/system/serial-getty@.service.d - install -m 0644 ${WORKDIR}/condition-virtualization-not-docker.conf \ + install -m 0644 ${UNPACKDIR}/condition-virtualization-not-docker.conf \ ${D}/${sysconfdir}/systemd/system/serial-getty@.service.d install -d -m 0755 ${D}/${sysconfdir}/systemd/system/systemd-logind.service.d - install -m 0644 ${WORKDIR}/condition-virtualization-not-docker.conf \ + install -m 0644 ${UNPACKDIR}/condition-virtualization-not-docker.conf \ ${D}/${sysconfdir}/systemd/system/systemd-logind.service.d # mask systemd-getty-generator @@ -72,20 +72,20 @@ do_install:append() { # shorten reboot/poweroff timeouts install -d -m 0755 ${D}/${sysconfdir}/systemd/system/reboot.target.d - install -m 0644 ${WORKDIR}/reboot.target.conf ${D}/${sysconfdir}/systemd/system/reboot.target.d/ + install -m 0644 ${UNPACKDIR}/reboot.target.conf ${D}/${sysconfdir}/systemd/system/reboot.target.d/ install -d -m 0755 ${D}/${sysconfdir}/systemd/system/poweroff.target.d - install -m 0644 ${WORKDIR}/poweroff.target.conf ${D}/${sysconfdir}/systemd/system/poweroff.target.d/ + install -m 0644 ${UNPACKDIR}/poweroff.target.conf ${D}/${sysconfdir}/systemd/system/poweroff.target.d/ # enable watchdog install -d -m 0755 ${D}/${sysconfdir}/systemd/system.conf.d - install -m 0644 ${WORKDIR}/watchdog.conf ${D}/${sysconfdir}/systemd/system.conf.d + install -m 0644 ${UNPACKDIR}/watchdog.conf ${D}/${sysconfdir}/systemd/system.conf.d # Add os specific conf install -d -m 0755 ${D}/${sysconfdir}/systemd/system.conf.d - install -m 0644 ${WORKDIR}/os.conf ${D}/${sysconfdir}/systemd/system.conf.d + install -m 0644 ${UNPACKDIR}/os.conf ${D}/${sysconfdir}/systemd/system.conf.d install -d -m 0755 ${D}/${sysconfdir}/systemd/coredump.conf.d - install -m 0644 ${WORKDIR}/coredump.conf ${D}/${sysconfdir}/systemd/coredump.conf.d + install -m 0644 ${UNPACKDIR}/coredump.conf ${D}/${sysconfdir}/systemd/coredump.conf.d ln -s ${datadir}/zoneinfo ${D}${sysconfdir}/localtime ln -s ../proc/self/mounts ${D}${sysconfdir}/mtab @@ -95,29 +95,29 @@ do_install:append() { # Vacuum the journal to catch a corner case bug where the log bloats above limit install -d -m 0755 ${D}/${sysconfdir}/systemd/system/systemd-journald.service.d/ - install -m 0644 ${WORKDIR}/vacuum.conf ${D}/${sysconfdir}/systemd/system/systemd-journald.service.d/vacuum.conf + install -m 0644 ${UNPACKDIR}/vacuum.conf ${D}/${sysconfdir}/systemd/system/systemd-journald.service.d/vacuum.conf - install -m 0755 ${WORKDIR}/resin_update_state_probe ${D}${prefix}/lib/udev/resin_update_state_probe - install -m 0755 ${WORKDIR}/zram-swap-init ${D}${prefix}/lib/udev/zram-swap-init + install -m 0755 ${UNPACKDIR}/resin_update_state_probe ${D}${prefix}/lib/udev/resin_update_state_probe + install -m 0755 ${UNPACKDIR}/zram-swap-init ${D}${prefix}/lib/udev/zram-swap-init # Move udev rules into /lib as /etc/udev/rules.d is bind mounted for custom rules mv ${D}/etc/udev/rules.d/*.rules ${D}${prefix}/lib/udev/rules.d/ install -d -m 0755 ${D}/usr/lib/sysctl.d/ - install -m 0644 ${WORKDIR}/balena-os-sysctl.conf ${D}/usr/lib/sysctl.d/ + install -m 0644 ${UNPACKDIR}/balena-os-sysctl.conf ${D}/usr/lib/sysctl.d/ if ${@bb.utils.contains('DISTRO_FEATURES', 'disable-user-ns', 'true', 'false', d)}; then - install -m 0644 ${WORKDIR}/disable-user-ns.conf ${D}/usr/lib/sysctl.d/ + install -m 0644 ${UNPACKDIR}/disable-user-ns.conf ${D}/usr/lib/sysctl.d/ fi install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dev-zram0.swap ${D}${systemd_unitdir}/system/dev-zram0.swap + install -m 0644 ${UNPACKDIR}/dev-zram0.swap ${D}${systemd_unitdir}/system/dev-zram0.swap # Do not start getty on production mode install -d -m 0755 ${D}${sysconfdir}/systemd/system/getty.target.d - install -m 0644 ${WORKDIR}/getty-target-development-features.conf ${D}${sysconfdir}/systemd/system/getty.target.d/development-features.conf + install -m 0644 ${UNPACKDIR}/getty-target-development-features.conf ${D}${sysconfdir}/systemd/system/getty.target.d/development-features.conf install -d -m 0755 ${D}${sysconfdir}/systemd/system/getty@.service.d - install -m 0644 ${WORKDIR}/getty-service-development-features.conf ${D}${sysconfdir}/systemd/system/getty@.service.d/development-features.conf + install -m 0644 ${UNPACKDIR}/getty-service-development-features.conf ${D}${sysconfdir}/systemd/system/getty@.service.d/development-features.conf # We don't have audit configs enabled in the kernel, so we can remove the audit sockets rm ${D}${prefix}/lib/systemd/system/sockets.target.wants/systemd-journald-audit.socket || true @@ -137,15 +137,15 @@ FILES:${PN}-zram-swap = "\ SYSTEMD_SERVICE:${PN}-zram-swap += "dev-zram0.swap" FILES:udev += "\ - ${rootlibexecdir}/udev/rules.d/touchscreen.rules \ - ${rootlibexecdir}/udev/rules.d/10-zram.rules \ - ${rootlibexecdir}/udev/rules.d/65-resin-update-state.rules \ - ${rootlibexecdir}/udev/resin_update_state_probe \ - ${rootlibexecdir}/udev/zram-swap-init \ + ${nonarch_libdir}/udev/rules.d/touchscreen.rules \ + ${nonarch_libdir}/udev/rules.d/10-zram.rules \ + ${nonarch_libdir}/udev/rules.d/65-resin-update-state.rules \ + ${nonarch_libdir}/udev/resin_update_state_probe \ + ${nonarch_libdir}/udev/zram-swap-init \ " RDEPENDS:${PN}:append = " os-helpers-fs balena-ntp-config util-linux periodic-vacuum-logs" -RDEPENDS_${PN}:append = "${@oe.utils.conditional('SIGN_API','','',' lvm2-udevrules',d)}" +RDEPENDS_${PN}:append = "${@oe.utils.conditional('SIGN_API','','',' lvm2',d)}" # Network configuration is managed by NetworkManager. ntp is managed by chronyd PACKAGECONFIG:remove = "resolved networkd timesyncd" diff --git a/meta-balena-common/recipes-core/systemd/timeinit.bb b/meta-balena-common/recipes-core/systemd/timeinit.bb index b93fb0085c..2c2a898138 100644 --- a/meta-balena-common/recipes-core/systemd/timeinit.bb +++ b/meta-balena-common/recipes-core/systemd/timeinit.bb @@ -33,7 +33,6 @@ SRC_URI = " \ file://time-set.target \ file://time-sync.conf \ " -S = "${WORKDIR}" inherit allarch systemd @@ -54,17 +53,17 @@ do_install() { install -d ${D}${systemd_unitdir}/system install -d ${D}/etc/fake-hwclock install -d ${D}${sysconfdir}/systemd/system/time-sync.target.d/ - install -m 0775 ${WORKDIR}/timeinit-buildtime.sh ${D}${bindir} - install -m 0775 ${WORKDIR}/timeinit-rtc.sh ${D}${bindir} - install -m 0775 ${WORKDIR}/timesync-https.sh ${D}${bindir} - install -m 0775 ${WORKDIR}/fake-hwclock ${D}${base_sbindir} - install -m 0644 ${WORKDIR}/timeinit-buildtime.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/fake-hwclock.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/fake-hwclock-update.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/fake-hwclock-update.timer ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/timeinit-rtc.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/timesync-https.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/time-sync-https-wait.target ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/time-set.target ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/time-sync.conf ${D}${sysconfdir}/systemd/system/time-sync.target.d/ + install -m 0775 ${UNPACKDIR}/timeinit-buildtime.sh ${D}${bindir} + install -m 0775 ${UNPACKDIR}/timeinit-rtc.sh ${D}${bindir} + install -m 0775 ${UNPACKDIR}/timesync-https.sh ${D}${bindir} + install -m 0775 ${UNPACKDIR}/fake-hwclock ${D}${base_sbindir} + install -m 0644 ${UNPACKDIR}/timeinit-buildtime.service ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/fake-hwclock.service ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/fake-hwclock-update.service ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/fake-hwclock-update.timer ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/timeinit-rtc.service ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/timesync-https.service ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/time-sync-https-wait.target ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/time-set.target ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/time-sync.conf ${D}${sysconfdir}/systemd/system/time-sync.target.d/ } diff --git a/meta-balena-common/recipes-core/upx/upx.inc b/meta-balena-common/recipes-core/upx/upx.inc index 4fb7015825..0d552e28b7 100644 --- a/meta-balena-common/recipes-core/upx/upx.inc +++ b/meta-balena-common/recipes-core/upx/upx.inc @@ -7,7 +7,7 @@ inherit perlnative DEPENDS += "zlib ucl" -S = "${WORKDIR}/${BPN}-${PV}-src" +S = "${UNPACKDIR}/${BPN}-${PV}-src" # CHECK_WHITESPACE breaks cross builds: https://github.com/upx/upx/issues/64 EXTRA_OEMAKE = "CHECK_WHITESPACE=/bin/true" diff --git a/meta-balena-common/recipes-core/upx/upx_git.bb b/meta-balena-common/recipes-core/upx/upx_git.bb index 1aaf4fb187..f3af3abe50 100644 --- a/meta-balena-common/recipes-core/upx/upx_git.bb +++ b/meta-balena-common/recipes-core/upx/upx_git.bb @@ -5,6 +5,5 @@ SRCREV = "f88b85e12660e9fdb453bbb2380107b741ce4179" SRC_URI = " \ git://github.com/upx/upx.git;branch=${UPX_BRANCH};protocol=https \ file://0001-Include-lzma-sdk.patch" -S = "${WORKDIR}/git" DEFAULT_PREFERENCE = "-1" diff --git a/meta-balena-common/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend b/meta-balena-common/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend index bc04ec3b10..55cc58fff7 100644 --- a/meta-balena-common/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend +++ b/meta-balena-common/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend @@ -5,7 +5,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/os-files:" SRC_URI += "file://e2fsck.conf" do_install:append() { - install -m 644 ${WORKDIR}/e2fsck.conf ${D}${sysconfdir} + install -m 644 ${UNPACKDIR}/e2fsck.conf ${D}${sysconfdir} } CONFFILES:${PN} += "${sysconfdir}/e2fsck.conf" diff --git a/meta-balena-common/recipes-devtools/go/go-1.22.12.inc b/meta-balena-common/recipes-devtools/go/go-1.26.1.inc similarity index 50% rename from meta-balena-common/recipes-devtools/go/go-1.22.12.inc rename to meta-balena-common/recipes-devtools/go/go-1.26.1.inc index 825b8f4d68..2e3464ec3b 100644 --- a/meta-balena-common/recipes-devtools/go/go-1.22.12.inc +++ b/meta-balena-common/recipes-devtools/go/go-1.26.1.inc @@ -2,7 +2,7 @@ require go-common.inc FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go:" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" +LIC_FILES_CHKSUM = "file://LICENSE;md5=7998cb338f82d15c0eff93b7004d272a" SRC_URI += "\ file://0001-cmd-go-make-content-based-hash-generation-less-pedan.patch \ @@ -14,21 +14,7 @@ SRC_URI += "\ file://0007-exec.go-filter-out-build-specific-paths-from-linker-.patch \ file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ - file://CVE-2025-22870.patch \ - file://CVE-2025-22871.patch \ - file://CVE-2025-4673.patch \ - file://CVE-2025-4674.patch \ - file://CVE-2025-47907-pre.patch \ - file://CVE-2025-47907.patch \ - file://CVE-2025-47906.patch \ - file://CVE-2025-58185.patch \ - file://CVE-2025-58187.patch \ - file://CVE-2025-58188.patch \ - file://CVE-2025-58189.patch \ - file://CVE-2025-47912.patch \ - file://CVE-2025-61723.patch \ - file://CVE-2025-61724.patch \ + file://0010-cmd-go-clear-GOROOT-for-func-ldShared-when-trimpath-.patch \ + file://0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch \ " -SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" - -CVE_STATUS[CVE-2025-0913] = "not-applicable-platform: Issue only applies on Windows" +SRC_URI[main.sha256sum] = "3172293d04b209dc1144698e7ba13f0477f6ba8c5ffd0be66c20fdbc9785dfbb" diff --git a/meta-balena-common/recipes-devtools/go/go-binary-native_1.22.12.bb b/meta-balena-common/recipes-devtools/go/go-binary-native_1.26.1.bb similarity index 69% rename from meta-balena-common/recipes-devtools/go/go-binary-native_1.22.12.bb rename to meta-balena-common/recipes-devtools/go/go-binary-native_1.26.1.bb index 7688a090f4..0e054add70 100644 --- a/meta-balena-common/recipes-devtools/go/go-binary-native_1.22.12.bb +++ b/meta-balena-common/recipes-devtools/go/go-binary-native_1.26.1.bb @@ -3,24 +3,23 @@ SUMMARY = "Go programming language compiler (upstream binary for bootstrap)" HOMEPAGE = " http://golang.org/" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" +LIC_FILES_CHKSUM = "file://LICENSE;md5=7998cb338f82d15c0eff93b7004d272a" PROVIDES = "go-native" # Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "4fa4f869b0f7fc6bb1eb2660e74657fbf04cdd290b5aef905585c86051b34d43" -SRC_URI[go_linux_arm64.sha256sum] = "fd017e647ec28525e86ae8203236e0653242722a7436929b1f775744e26278e7" -SRC_URI[go_linux_ppc64le.sha256sum] = "9573d30003b0796717a99d9e2e96c48fddd4fc0f29d840f212c503b03d7de112" +SRC_URI[go_linux_amd64.sha256sum] = "031f088e5d955bab8657ede27ad4e3bc5b7c1ba281f05f245bcc304f327c987a" +SRC_URI[go_linux_arm64.sha256sum] = "a290581cfe4fe28ddd737dde3095f3dbeb7f2e4065cab4eae44dfc53b760c2f7" +SRC_URI[go_linux_ppc64le.sha256sum] = "f56eed002998f5f51fa07fd4ed0c5de5e02d51cec7a4007f771c7576620d9d45" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" CVE_PRODUCT = "golang:go" CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows" -CVE_STATUS[CVE-2025-0913] = "not-applicable-platform: Issue only applies on Windows" -S = "${WORKDIR}/go" +S = "${UNPACKDIR}/go" inherit goarch native diff --git a/meta-balena-common/recipes-devtools/go/go-common.inc b/meta-balena-common/recipes-devtools/go/go-common.inc index a39dea6c1c..061db4296c 100644 --- a/meta-balena-common/recipes-devtools/go/go-common.inc +++ b/meta-balena-common/recipes-devtools/go/go-common.inc @@ -15,7 +15,7 @@ LICENSE = "BSD-3-Clause" inherit goarch SRC_URI = "https://golang.org/dl/go${PV}.src.tar.gz;name=main" -S = "${WORKDIR}/go" +S = "${UNPACKDIR}/go" B = "${S}" UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)\.src\.tar" @@ -39,7 +39,6 @@ export GOARCH ?= "${TARGET_GOARCH}" export GOARM ?= "${TARGET_GOARM}" export GO386 ?= "${TARGET_GO386}" export GOMIPS ?= "${TARGET_GOMIPS}" -export GOROOT_FINAL ?= "${libdir}/go" export GODEBUG = "gocachehash=1" diff --git a/meta-balena-common/recipes-devtools/go/go-cross-canadian.inc b/meta-balena-common/recipes-devtools/go/go-cross-canadian.inc index dd485b6799..4a6f2f4c36 100644 --- a/meta-balena-common/recipes-devtools/go/go-cross-canadian.inc +++ b/meta-balena-common/recipes-devtools/go/go-cross-canadian.inc @@ -1,10 +1,12 @@ inherit cross-canadian DEPENDS = "go-native virtual/${HOST_PREFIX}go virtual/nativesdk-${HOST_PREFIX}go-runtime \ - virtual/${HOST_PREFIX}gcc virtual/nativesdk-libc \ - virtual/nativesdk-${HOST_PREFIX}compilerlibs" + virtual/nativesdk-cross-cc virtual/nativesdk-libc \ + virtual/nativesdk-compilerlibs" PN = "go-cross-canadian-${TRANSLATED_TARGET_ARCH}" +GOARCH = "${HOST_GOARCH}" + # it uses gcc on build machine during go-cross-canadian bootstrap, but # the gcc version may be old and not support option '-fmacro-prefix-map' # which is one of default values of DEBUG_PREFIX_MAP @@ -29,7 +31,6 @@ do_compile() { } do_compile[cleandirs] += "${GOTMPDIR} ${B}/bin ${B}/pkg" - make_wrapper() { rm -f ${D}${bindir}/$2 cat <${D}${bindir}/$2 @@ -52,7 +53,7 @@ do_install() { install -d ${D}${libdir}/go/pkg/tool cp --preserve=mode,timestamps -R ${B}/pkg/tool/${HOST_GOTUPLE} ${D}${libdir}/go/pkg/tool/ install -d ${D}${bindir} ${D}${libdir}/go/bin - for f in ${B}/${GO_BUILD_BINDIR}/* + for f in $(find ${B}/${GO_BUILD_BINDIR} -type f) do base=`basename $f` install -m755 $f ${D}${libdir}/go/bin diff --git a/meta-balena-common/recipes-devtools/go/go-cross-canadian_1.22.12.bb b/meta-balena-common/recipes-devtools/go/go-cross-canadian_1.26.1.bb similarity index 100% rename from meta-balena-common/recipes-devtools/go/go-cross-canadian_1.22.12.bb rename to meta-balena-common/recipes-devtools/go/go-cross-canadian_1.26.1.bb diff --git a/meta-balena-common/recipes-devtools/go/go-cross.inc b/meta-balena-common/recipes-devtools/go/go-cross.inc index a0fbdbe3b9..ebee2e53cd 100644 --- a/meta-balena-common/recipes-devtools/go/go-cross.inc +++ b/meta-balena-common/recipes-devtools/go/go-cross.inc @@ -5,6 +5,8 @@ DEPENDS = "go-native" PN = "go-cross-${TUNE_PKGARCH}" +CCACHE_DISABLE = "1" + export GOCACHE = "${B}/.cache" CC = "${@d.getVar('BUILD_CC').strip()}" diff --git a/meta-balena-common/recipes-devtools/go/go-cross_1.22.12.bb b/meta-balena-common/recipes-devtools/go/go-cross_1.26.1.bb similarity index 100% rename from meta-balena-common/recipes-devtools/go/go-cross_1.22.12.bb rename to meta-balena-common/recipes-devtools/go/go-cross_1.26.1.bb diff --git a/meta-balena-common/recipes-devtools/go/go-crosssdk.inc b/meta-balena-common/recipes-devtools/go/go-crosssdk.inc index 12939005c0..4f19025ba7 100644 --- a/meta-balena-common/recipes-devtools/go/go-crosssdk.inc +++ b/meta-balena-common/recipes-devtools/go/go-crosssdk.inc @@ -1,6 +1,6 @@ inherit crosssdk -DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc virtual/nativesdk-${TARGET_PREFIX}compilerlibs virtual/${TARGET_PREFIX}binutils" +DEPENDS = "go-native virtual/nativesdk-cross-cc virtual/nativesdk-compilerlibs virtual/nativesdk-cross-binutils" PN = "go-crosssdk-${SDK_SYS}" PROVIDES = "virtual/${TARGET_PREFIX}go" diff --git a/meta-balena-common/recipes-devtools/go/go-crosssdk_1.22.12.bb b/meta-balena-common/recipes-devtools/go/go-crosssdk_1.26.1.bb similarity index 100% rename from meta-balena-common/recipes-devtools/go/go-crosssdk_1.22.12.bb rename to meta-balena-common/recipes-devtools/go/go-crosssdk_1.26.1.bb diff --git a/meta-balena-common/recipes-devtools/go/go-runtime.inc b/meta-balena-common/recipes-devtools/go/go-runtime.inc index 413cf6d33f..e5f17337bc 100644 --- a/meta-balena-common/recipes-devtools/go/go-runtime.inc +++ b/meta-balena-common/recipes-devtools/go/go-runtime.inc @@ -34,7 +34,7 @@ do_compile() { if [ -n "${GO_DYNLINK}" ]; then export GOTOOLDIR="${B}/pkg/tool/native_native" CC="$CC_FOR_${TARGET_GOTUPLE}" GOARCH="${TARGET_GOARCH}" GOOS="${TARGET_GOOS}" GOROOT=${B} \ - $GOTOOLDIR/go_bootstrap install -linkshared -buildmode=shared ${GO_SHLIB_LDFLAGS} std + $GOTOOLDIR/go_bootstrap install -linkshared -trimpath -buildmode=shared ${GO_SHLIB_LDFLAGS} std fi cd ${B} } diff --git a/meta-balena-common/recipes-devtools/go/go-runtime_1.22.12.bb b/meta-balena-common/recipes-devtools/go/go-runtime_1.26.1.bb similarity index 100% rename from meta-balena-common/recipes-devtools/go/go-runtime_1.22.12.bb rename to meta-balena-common/recipes-devtools/go/go-runtime_1.26.1.bb diff --git a/meta-balena-common/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/meta-balena-common/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch index a8e5d6e86d..af4243e625 100644 --- a/meta-balena-common/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch +++ b/meta-balena-common/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch @@ -1,7 +1,8 @@ -From 9b3ebef0356594a447906f00fe80584952c08289 Mon Sep 17 00:00:00 2001 +From 51c04a9a19dec5a48fa0f38324dc2480b7a859e4 Mon Sep 17 00:00:00 2001 From: Khem Raj -Date: Mon, 28 Mar 2022 10:59:03 -0700 -Subject: [PATCH] cmd/go: make content-based hash generation less pedantic +Date: Sat, 22 Feb 2025 03:24:48 -0800 +Subject: [PATCH 01/11] cmd/go: make content-based hash generation less + pedantic Go 1.10's build tool now uses content-based hashes to determine when something should be built or re-built. @@ -26,16 +27,19 @@ Signed-off-by: Alex Kube Signed-off-by: Matt Madison Signed-off-by: Khem Raj Signed-off-by: Jose Quaresma + +Rebase to 1.23.4 +Signed-off-by: Hongxu Jia --- src/cmd/go/internal/envcmd/env.go | 2 +- src/cmd/go/internal/work/exec.go | 44 ++++++++++++++++++++++++------- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go -index c7c2e83..4a90d9d 100644 +index 7c370d427f..c2441f7695 100644 --- a/src/cmd/go/internal/envcmd/env.go +++ b/src/cmd/go/internal/envcmd/env.go -@@ -189,7 +189,7 @@ func ExtraEnvVarsCostly() []cfg.EnvVar { +@@ -219,7 +219,7 @@ func ExtraEnvVarsCostly(loaderstate *modload.State) []cfg.EnvVar { } }() @@ -45,10 +49,10 @@ index c7c2e83..4a90d9d 100644 // Should not happen - b.CFlags was given an empty package. fmt.Fprintf(os.Stderr, "go: invalid cflags: %v\n", err) diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go -index e05471b..9724cd0 100644 +index 7b073165d5..1f618be0bb 100644 --- a/src/cmd/go/internal/work/exec.go +++ b/src/cmd/go/internal/work/exec.go -@@ -232,6 +232,8 @@ func (b *Builder) Do(ctx context.Context, root *Action) { +@@ -257,6 +257,8 @@ func (b *Builder) Do(ctx context.Context, root *Action) { writeActionGraph() } @@ -57,7 +61,7 @@ index e05471b..9724cd0 100644 // buildActionID computes the action ID for a build action. func (b *Builder) buildActionID(a *Action) cache.ActionID { p := a.Package -@@ -253,7 +255,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { +@@ -278,7 +280,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { if p.Module != nil { fmt.Fprintf(h, "module %s@%s\n", p.Module.Path, p.Module.Version) } @@ -66,7 +70,7 @@ index e05471b..9724cd0 100644 // The Go compiler always hides the exact value of $GOROOT // when building things in GOROOT. // -@@ -285,9 +287,9 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { +@@ -313,9 +315,9 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { } if len(p.CgoFiles)+len(p.SwigFiles)+len(p.SwigCXXFiles) > 0 { fmt.Fprintf(h, "cgo %q\n", b.toolID("cgo")) @@ -78,8 +82,8 @@ index e05471b..9724cd0 100644 fmt.Fprintf(h, "CC=%q %q %q %q\n", ccExe, cppflags, cflags, ldflags) // Include the C compiler tool ID so that if the C // compiler changes we rebuild the package. -@@ -295,14 +297,14 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { - fmt.Fprintf(h, "CC ID=%q\n", ccID) +@@ -325,7 +327,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { + fmt.Fprintf(h, "CC ID ERROR=%q\n", err) } if len(p.CXXFiles)+len(p.SwigCXXFiles) > 0 { - cxxExe := b.cxxExe() @@ -87,6 +91,7 @@ index e05471b..9724cd0 100644 fmt.Fprintf(h, "CXX=%q %q\n", cxxExe, cxxflags) if cxxID, _, err := b.gccToolID(cxxExe[0], "c++"); err == nil { fmt.Fprintf(h, "CXX ID=%q\n", cxxID) +@@ -334,7 +336,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { } } if len(p.FFiles) > 0 { @@ -95,7 +100,7 @@ index e05471b..9724cd0 100644 fmt.Fprintf(h, "FC=%q %q\n", fcExe, fflags) if fcID, _, err := b.gccToolID(fcExe[0], "f95"); err == nil { fmt.Fprintf(h, "FC ID=%q\n", fcID) -@@ -319,7 +321,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { +@@ -353,7 +355,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID { } } if p.Internal.BuildInfo != nil { @@ -104,7 +109,7 @@ index e05471b..9724cd0 100644 } // Configuration specific to compiler toolchain. -@@ -2679,8 +2681,25 @@ func envList(key, def string) []string { +@@ -2807,8 +2809,25 @@ func envList(key, def string) []string { return args } @@ -131,8 +136,8 @@ index e05471b..9724cd0 100644 if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil { return } -@@ -2696,6 +2715,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l - if ldflags, err = buildFlags("LDFLAGS", defaultCFlags, p.CgoLDFLAGS, checkLinkerFlags); err != nil { +@@ -2824,6 +2843,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l + if ldflags, err = buildFlags("LDFLAGS", DefaultCFlags, p.CgoLDFLAGS, checkLinkerFlags); err != nil { return } + if filtered { @@ -145,21 +150,24 @@ index e05471b..9724cd0 100644 return } -@@ -2713,7 +2739,7 @@ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgo - p := a.Package - sh := b.Shell(a) +@@ -2912,7 +2938,7 @@ func (b *Builder) runCgo(ctx context.Context, a *Action) error { + cgoExe := base.Tool("cgo") + cgofiles = mkAbsFiles(p.Dir, cgofiles) - cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, cgoFFLAGS, cgoLDFLAGS, err := b.CFlags(p) + cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, cgoFFLAGS, cgoLDFLAGS, err := b.CFlags(p, false) if err != nil { - return nil, nil, err + return err } -@@ -3268,7 +3294,7 @@ func (b *Builder) swigOne(a *Action, file, objdir string, pcCFLAGS []string, cxx +@@ -3461,7 +3487,7 @@ func (b *Builder) swigOne(a *Action, file, objdir string, pcCFLAGS []string, cxx p := a.Package sh := b.Shell(a) - cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, _, _, err := b.CFlags(p) + cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, _, _, err := b.CFlags(p, false) if err != nil { - return "", "", err + return err } +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch b/meta-balena-common/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch index a69ada47b0..f6767d0d47 100644 --- a/meta-balena-common/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch +++ b/meta-balena-common/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch @@ -1,7 +1,8 @@ -From 687ff9d17f756145f9a58413070cccbd488d1ea2 Mon Sep 17 00:00:00 2001 +From fdad9a0ea659cf2281a0df16b0f69f179605ec9a Mon Sep 17 00:00:00 2001 From: Alex Kube Date: Wed, 23 Oct 2019 21:15:37 +0430 -Subject: [PATCH] cmd/go: Allow GOTOOLDIR to be overridden in the environment +Subject: [PATCH 02/11] cmd/go: Allow GOTOOLDIR to be overridden in the + environment to allow for split host/target build roots @@ -19,10 +20,10 @@ Signed-off-by: Jose Quaresma 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go -index 32e59b4..06ee4de 100644 +index 1f467647f5..b62e518030 100644 --- a/src/cmd/dist/build.go +++ b/src/cmd/dist/build.go -@@ -259,7 +259,9 @@ func xinit() { +@@ -271,7 +271,9 @@ func xinit() { } xatexit(rmworkdir) @@ -32,12 +33,12 @@ index 32e59b4..06ee4de 100644 + } goversion := findgoversion() - isRelease = strings.HasPrefix(goversion, "release.") || strings.HasPrefix(goversion, "go") + isRelease = (strings.HasPrefix(goversion, "release.") || strings.HasPrefix(goversion, "go")) && diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go -index a8daa2d..393ada3 100644 +index 3b9f27e91d..ec043c1530 100644 --- a/src/cmd/go/internal/cfg/cfg.go +++ b/src/cmd/go/internal/cfg/cfg.go -@@ -230,7 +230,11 @@ func SetGOROOT(goroot string, isTestGo bool) { +@@ -279,7 +279,11 @@ func SetGOROOT(goroot string, isTestGo bool) { // This matches the initialization of ToolDir in go/build, except for // using ctxt.GOROOT and the installed GOOS and GOARCH rather than the // GOROOT, GOOS, and GOARCH reported by the runtime package. @@ -50,3 +51,6 @@ index a8daa2d..393ada3 100644 } } } +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch b/meta-balena-common/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch index abc5faa21c..0b5026fc12 100644 --- a/meta-balena-common/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch +++ b/meta-balena-common/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch @@ -1,7 +1,7 @@ -From 01fe178b292db12d811811ff2d8d56b225e4b5e8 Mon Sep 17 00:00:00 2001 +From 1546d837c69b654754ee137af1fa1c2f7500cfa2 Mon Sep 17 00:00:00 2001 From: Alex Kube Date: Wed, 23 Oct 2019 21:16:32 +0430 -Subject: [PATCH] ld: add soname to shareable objects +Subject: [PATCH 03/11] ld: add soname to shareable objects so that OE's shared library dependency handling can find them. @@ -19,10 +19,10 @@ Signed-off-by: Jose Quaresma 1 file changed, 3 insertions(+) diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index eab74dc..ae9bbc9 100644 +index 2d8f964f35..dfc72e02c0 100644 --- a/src/cmd/link/internal/ld/lib.go +++ b/src/cmd/link/internal/ld/lib.go -@@ -1576,6 +1576,7 @@ func (ctxt *Link) hostlink() { +@@ -1652,6 +1652,7 @@ func (ctxt *Link) hostlink() { argv = append(argv, "-Wl,-z,relro") } argv = append(argv, "-shared") @@ -30,7 +30,7 @@ index eab74dc..ae9bbc9 100644 if ctxt.HeadType == objabi.Hwindows { argv = addASLRargs(argv, *flagAslr) } else { -@@ -1591,6 +1592,7 @@ func (ctxt *Link) hostlink() { +@@ -1667,6 +1668,7 @@ func (ctxt *Link) hostlink() { argv = append(argv, "-Wl,-z,relro") } argv = append(argv, "-shared") @@ -38,7 +38,7 @@ index eab74dc..ae9bbc9 100644 case BuildModePlugin: if ctxt.HeadType == objabi.Hdarwin { argv = append(argv, "-dynamiclib") -@@ -1599,6 +1601,7 @@ func (ctxt *Link) hostlink() { +@@ -1675,6 +1677,7 @@ func (ctxt *Link) hostlink() { argv = append(argv, "-Wl,-z,relro") } argv = append(argv, "-shared") @@ -46,3 +46,6 @@ index eab74dc..ae9bbc9 100644 } } +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch b/meta-balena-common/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch index 9df43c46d0..abbb7bda2b 100644 --- a/meta-balena-common/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch +++ b/meta-balena-common/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch @@ -1,7 +1,8 @@ -From e47d157631d1b97403f253c63d361b7380b32c22 Mon Sep 17 00:00:00 2001 +From b41aaa851f0074682fcd4bf07c891fbdf0fdf70c Mon Sep 17 00:00:00 2001 From: Alex Kube -Date: Wed, 23 Oct 2019 21:17:16 +0430 -Subject: [PATCH] make.bash: override CC when building dist and go_bootstrap +Date: Sat, 22 Feb 2025 03:14:37 -0800 +Subject: [PATCH 04/11] make.bash: override CC when building dist and + go_bootstrap for handling OE cross-canadian builds. @@ -13,24 +14,27 @@ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Alexander J Kube Signed-off-by: Jose Quaresma + +Rebase to 1.23.4 +Signed-off-by: Hongxu Jia --- src/make.bash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/make.bash b/src/make.bash -index 76ad516..074e129 100755 +index b67ae1529f..b59cdabd09 100755 --- a/src/make.bash +++ b/src/make.bash -@@ -198,7 +198,7 @@ if [[ "$GOROOT_BOOTSTRAP" == "$GOROOT" ]]; then - exit 1 - fi - rm -f cmd/dist/dist --GOROOT="$GOROOT_BOOTSTRAP" nogoenv "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist -+CC="${BUILD_CC:-${CC}}" GOROOT="$GOROOT_BOOTSTRAP" nogoenv "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist +@@ -153,7 +153,7 @@ fi + export GOROOT_BOOTSTRAP + + bootstrapenv() { +- GOROOT="$GOROOT_BOOTSTRAP" GO111MODULE=off GOENV=off GOOS= GOARCH= GOEXPERIMENT= GOFLAGS= "$@" ++ CC="${BUILD_CC:-${CC}}" GOROOT="$GOROOT_BOOTSTRAP" GO111MODULE=off GOENV=off GOOS= GOARCH= GOEXPERIMENT= GOFLAGS= "$@" + } - # -e doesn't propagate out of eval, so check success by hand. - eval $(./cmd/dist/dist env -p || echo FAIL=true) -@@ -223,7 +223,7 @@ fi + export GOROOT="$(cd .. && pwd)" +@@ -216,7 +216,7 @@ fi # Run dist bootstrap to complete make.bash. # Bootstrap installs a proper cmd/dist, built with the new toolchain. # Throw ours, built with the bootstrap toolchain, away after bootstrap. @@ -39,3 +43,6 @@ index 76ad516..074e129 100755 rm -f ./cmd/dist/dist # DO NOT ADD ANY NEW CODE HERE. +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch b/meta-balena-common/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch index bc25d08fbf..7c8923fcbf 100644 --- a/meta-balena-common/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch +++ b/meta-balena-common/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch @@ -1,7 +1,7 @@ -From bae1cec790ff17c4c93a2f8fda27036e5e021f6d Mon Sep 17 00:00:00 2001 +From 12bf824f8b7e85f05434aa00e866e883a551aaeb Mon Sep 17 00:00:00 2001 From: Alex Kube -Date: Wed, 23 Oct 2019 21:18:12 +0430 -Subject: [PATCH] cmd/dist: separate host and target builds +Date: Fri, 28 Feb 2025 19:09:17 -0800 +Subject: [PATCH 05/11] cmd/dist: separate host and target builds Change the dist tool to allow for OE-style cross- and cross-canadian builds: @@ -40,23 +40,26 @@ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Alexander J Kube Signed-off-by: Jose Quaresma + +Rebase to 1.24.0 +Signed-off-by: Hongxu Jia --- src/cmd/dist/build.go | 76 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go -index 06ee4de..016b1dd 100644 +index b62e518030..0c54d82300 100644 --- a/src/cmd/dist/build.go +++ b/src/cmd/dist/build.go -@@ -46,6 +46,7 @@ var ( - goexperiment string +@@ -50,6 +50,7 @@ var ( + gofips140 string workdir string tooldir string + build_tooldir string oldgoos string oldgoarch string oldgocache string -@@ -58,6 +59,7 @@ var ( +@@ -62,6 +63,7 @@ var ( rebuildall bool noOpt bool isRelease bool @@ -64,16 +67,16 @@ index 06ee4de..016b1dd 100644 vflag int // verbosity ) -@@ -265,6 +267,8 @@ func xinit() { - +@@ -278,6 +280,8 @@ func xinit() { goversion := findgoversion() - isRelease = strings.HasPrefix(goversion, "release.") || strings.HasPrefix(goversion, "go") + isRelease = (strings.HasPrefix(goversion, "release.") || strings.HasPrefix(goversion, "go")) && + !strings.Contains(goversion, "devel") + + build_tooldir = pathf("%s/pkg/tool/native_native", goroot) } // compilerEnv returns a map from "goos/goarch" to the -@@ -499,8 +503,10 @@ func setup() { +@@ -543,8 +547,10 @@ func setup() { goosGoarch := pathf("%s/pkg/%s_%s", goroot, gohostos, gohostarch) if rebuildall { xremoveall(goosGoarch) @@ -84,7 +87,7 @@ index 06ee4de..016b1dd 100644 xatexit(func() { if files := xreaddir(goosGoarch); len(files) == 0 { xremove(goosGoarch) -@@ -1338,14 +1344,20 @@ func cmdbootstrap() { +@@ -1415,14 +1421,20 @@ func cmdbootstrap() { defer timelog("end", "dist bootstrap") var debug, distpack, force, noBanner, noClean bool @@ -106,7 +109,7 @@ index 06ee4de..016b1dd 100644 if noClean { xprintf("warning: --no-clean is deprecated and has no effect; use 'go install std cmd' instead\n") -@@ -1357,6 +1369,18 @@ func cmdbootstrap() { +@@ -1434,6 +1446,18 @@ func cmdbootstrap() { "Use the -force flag to build anyway.\n", goos, goarch) } @@ -125,7 +128,7 @@ index 06ee4de..016b1dd 100644 // Set GOPATH to an internal directory. We shouldn't actually // need to store files here, since the toolchain won't // depend on modules outside of vendor directories, but if -@@ -1434,9 +1458,14 @@ func cmdbootstrap() { +@@ -1512,9 +1536,14 @@ func cmdbootstrap() { xprintf("\n") } @@ -140,7 +143,7 @@ index 06ee4de..016b1dd 100644 goBootstrap := pathf("%s/go_bootstrap", tooldir) if debug { run("", ShowOutput|CheckExit, pathf("%s/compile", tooldir), "-V=full") -@@ -1464,7 +1493,11 @@ func cmdbootstrap() { +@@ -1542,7 +1571,11 @@ func cmdbootstrap() { xprintf("\n") } xprintf("Building Go toolchain2 using go_bootstrap and Go toolchain1.\n") @@ -152,7 +155,7 @@ index 06ee4de..016b1dd 100644 // Now that cmd/go is in charge of the build process, enable GOEXPERIMENT. os.Setenv("GOEXPERIMENT", goexperiment) // No need to enable PGO for toolchain2. -@@ -1517,6 +1550,7 @@ func cmdbootstrap() { +@@ -1595,6 +1628,7 @@ func cmdbootstrap() { os.Setenv("GOCACHE", oldgocache) } @@ -160,7 +163,7 @@ index 06ee4de..016b1dd 100644 if goos == oldgoos && goarch == oldgoarch { // Common case - not setting up for cross-compilation. timelog("build", "toolchain") -@@ -1560,6 +1594,42 @@ func cmdbootstrap() { +@@ -1638,6 +1672,42 @@ func cmdbootstrap() { checkNotStale(toolenv(), goBootstrap, toolchain...) copyfile(pathf("%s/compile4", tooldir), pathf("%s/compile", tooldir), writeExec) } @@ -203,7 +206,7 @@ index 06ee4de..016b1dd 100644 // Check that there are no new files in $GOROOT/bin other than // go and gofmt and $GOOS_$GOARCH (target bin when cross-compiling). -@@ -1582,8 +1652,12 @@ func cmdbootstrap() { +@@ -1660,8 +1730,12 @@ func cmdbootstrap() { } } @@ -216,3 +219,6 @@ index 06ee4de..016b1dd 100644 if goos == "android" { // Make sure the exec wrapper will sync a fresh $GOROOT to the device. +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch b/meta-balena-common/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch index 4a57b07b7a..e2a0cd65b3 100644 --- a/meta-balena-common/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch +++ b/meta-balena-common/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch @@ -1,7 +1,7 @@ -From a31db6f78d851741aea1e76132a84a24138a5bc6 Mon Sep 17 00:00:00 2001 +From ba3caa9f969bac2b937f8f1ffed4a3679cd16ec7 Mon Sep 17 00:00:00 2001 From: Alex Kube Date: Wed, 23 Oct 2019 21:18:56 +0430 -Subject: [PATCH] cmd/go: make GOROOT precious by default +Subject: [PATCH 06/11] cmd/go: make GOROOT precious by default The go build tool normally rebuilds whatever it detects is stale. This can be a problem when GOROOT is intended to @@ -29,10 +29,10 @@ Signed-off-by: Jose Quaresma 3 files changed, 34 insertions(+) diff --git a/src/cmd/go/internal/work/action.go b/src/cmd/go/internal/work/action.go -index a59072e..9e35ebd 100644 +index 44bb9f8c1e..87ac4e30e5 100644 --- a/src/cmd/go/internal/work/action.go +++ b/src/cmd/go/internal/work/action.go -@@ -754,6 +754,9 @@ func (b *Builder) addTransitiveLinkDeps(a, a1 *Action, shlib string) { +@@ -1076,6 +1076,9 @@ func (b *Builder) addTransitiveLinkDeps(s *modload.State, a, a1 *Action, shlib s if p1 == nil || p1.Shlib == "" || haveShlib[filepath.Base(p1.Shlib)] { continue } @@ -43,21 +43,21 @@ index a59072e..9e35ebd 100644 // TODO(rsc): The use of ModeInstall here is suspect, but if we only do ModeBuild, // we'll end up building an overall library or executable that depends at runtime diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go -index 408edb5..3d60252 100644 +index 3508d51fbb..77f5e7241a 100644 --- a/src/cmd/go/internal/work/build.go +++ b/src/cmd/go/internal/work/build.go -@@ -233,6 +233,8 @@ See also: go install, go get, go clean. - - const concurrentGCBackendCompilationEnabledByDefault = true +@@ -238,6 +238,8 @@ See also: go install, go get, go clean. + `, + } +var goRootPrecious bool = true + func init() { // break init cycle CmdBuild.Run = runBuild -@@ -246,6 +248,10 @@ func init() { - AddCoverFlags(CmdBuild, nil) - AddCoverFlags(CmdInstall, nil) +@@ -292,6 +294,10 @@ func init() { + case "gc", "gccgo": + buildCompiler{}.Set(build.Default.Compiler) } + + if x := os.Getenv("GOROOT_OVERRIDE"); x != "" { @@ -65,13 +65,13 @@ index 408edb5..3d60252 100644 + } } - // Note that flags consulted by other parts of the code + type BuildFlagMask int diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go -index 9724cd0..544df46 100644 +index 1f618be0bb..651fa64582 100644 --- a/src/cmd/go/internal/work/exec.go +++ b/src/cmd/go/internal/work/exec.go -@@ -544,6 +544,23 @@ func (b *Builder) build(ctx context.Context, a *Action) (err error) { - return err +@@ -605,6 +605,23 @@ func (b *Builder) checkCacheForBuild(a, buildAction *Action, covMetaFileName str + return nil, err } + if goRootPrecious && (a.Package.Standard || a.Package.Goroot) { @@ -82,19 +82,19 @@ index 9724cd0..544df46 100644 + a.buildID = b.fileHash(a.Package.Target) + a.Package.Stale = false + a.Package.StaleReason = "GOROOT-resident package" -+ return nil ++ return nil, err + } + a.Package.Stale = true + a.Package.StaleReason = "missing or invalid GOROOT-resident package" + if b.IsCmdList { -+ return nil ++ return nil, err + } + } + - if err := sh.Mkdir(a.Objdir); err != nil { - return err + if err := sh.Mkdir(buildAction.Objdir); err != nil { + return nil, err } -@@ -1737,6 +1754,14 @@ func (b *Builder) linkShared(ctx context.Context, a *Action) (err error) { +@@ -1891,6 +1908,14 @@ func (b *Builder) linkShared(ctx context.Context, a *Action) (err error) { return err } @@ -109,3 +109,6 @@ index 9724cd0..544df46 100644 if err := b.Shell(a).Mkdir(a.Objdir); err != nil { return err } +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch b/meta-balena-common/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch index 2fdd52974f..2598a7b34a 100644 --- a/meta-balena-common/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch +++ b/meta-balena-common/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch @@ -1,7 +1,8 @@ -From 1097a07b097043e15fe29a85326dbd196401244a Mon Sep 17 00:00:00 2001 +From 2197f813c9cff65eedef44473872ec5ea9ced227 Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Tue, 27 Feb 2024 18:06:51 +0800 -Subject: [PATCH] exec.go: filter out build-specific paths from linker flags +Subject: [PATCH 07/11] exec.go: filter out build-specific paths from linker + flags The flags can contain build-specific paths, breaking reproducibility. Filter out options that have build-specific paths. @@ -15,10 +16,10 @@ Signed-off-by: Jose Quaresma 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go -index 544df46..c8f297c 100644 +index 651fa64582..586079afb4 100644 --- a/src/cmd/go/internal/work/exec.go +++ b/src/cmd/go/internal/work/exec.go -@@ -1401,6 +1401,29 @@ func (b *Builder) linkActionID(a *Action) cache.ActionID { +@@ -1563,6 +1563,29 @@ func (b *Builder) linkActionID(a *Action) cache.ActionID { return h.Sum() } @@ -48,7 +49,7 @@ index 544df46..c8f297c 100644 // printLinkerConfig prints the linker config into the hash h, // as part of the computation of a linker-related action ID. func (b *Builder) printLinkerConfig(h io.Writer, p *load.Package) { -@@ -1411,7 +1434,7 @@ func (b *Builder) printLinkerConfig(h io.Writer, p *load.Package) { +@@ -1573,7 +1596,7 @@ func (b *Builder) printLinkerConfig(h io.Writer, p *load.Package) { case "gc": fmt.Fprintf(h, "link %s %q %s\n", b.toolID("link"), forcedLdflags, ldBuildmode) if p != nil { @@ -57,3 +58,6 @@ index 544df46..c8f297c 100644 } // GOARM, GOMIPS, etc. +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch b/meta-balena-common/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch index 4c1f0ca145..59cbff12f8 100644 --- a/meta-balena-common/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch +++ b/meta-balena-common/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch @@ -1,8 +1,8 @@ -From e5af6155f2d6e0758d11d6c12d6f47ea8e65b141 Mon Sep 17 00:00:00 2001 +From e5752b239707df8ad7a72dc60420e01c5912d606 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Tue, 10 Nov 2020 16:33:27 +0000 -Subject: [PATCH] src/cmd/dist/buildgo.go: do not hardcode host compilers into - target binaries +Subject: [PATCH 08/11] src/cmd/dist/buildgo.go: do not hardcode host compilers + into target binaries These come from $CC/$CXX on the build host and are not useful on targets; additionally as they contain host specific paths, this helps reproducibility. @@ -16,10 +16,10 @@ Signed-off-by: Jose Quaresma 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/cmd/dist/buildgo.go b/src/cmd/dist/buildgo.go -index 884e9d7..2f52eda 100644 +index 884e9d729a..2f52edacfe 100644 --- a/src/cmd/dist/buildgo.go +++ b/src/cmd/dist/buildgo.go -@@ -51,8 +51,8 @@ func mkzdefaultcc(dir, file string) { +@@ -50,8 +50,8 @@ func mkzdefaultcc(dir, file string) { fmt.Fprintf(&buf, "package cfg\n") fmt.Fprintln(&buf) fmt.Fprintf(&buf, "const DefaultPkgConfig = `%s`\n", defaultpkgconfig) @@ -30,7 +30,7 @@ index 884e9d7..2f52eda 100644 writefile(buf.String(), file, writeSkipSame) return } -@@ -62,8 +62,8 @@ func mkzdefaultcc(dir, file string) { +@@ -61,8 +61,8 @@ func mkzdefaultcc(dir, file string) { fmt.Fprintf(&buf, "package main\n") fmt.Fprintln(&buf) fmt.Fprintf(&buf, "const defaultPkgConfig = `%s`\n", defaultpkgconfig) @@ -41,3 +41,6 @@ index 884e9d7..2f52eda 100644 writefile(buf.String(), file, writeSkipSame) } +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch b/meta-balena-common/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch index d939cb4716..140923fb9a 100644 --- a/meta-balena-common/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch +++ b/meta-balena-common/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch @@ -1,7 +1,7 @@ -From 6bdd6405ce63c7aa4b35cd85833d03c7f1b9109a Mon Sep 17 00:00:00 2001 +From 79a1c80ed43f2a541bcab665656a4e2bb87baab3 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Sat, 2 Jul 2022 23:08:13 +0100 -Subject: [PATCH] go: Filter build paths on staticly linked arches +Subject: [PATCH 09/11] go: Filter build paths on staticly linked arches Filter out build time paths from ldflags and other flags variables when they're embedded in the go binary so that builds are reproducible regardless of build @@ -17,10 +17,10 @@ Signed-off-by: Jose Quaresma 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go -index 1549800..f41fb2c 100644 +index 15f6b2e87b..47c5b865a1 100644 --- a/src/cmd/go/internal/load/pkg.go +++ b/src/cmd/go/internal/load/pkg.go -@@ -2277,6 +2277,17 @@ func appendBuildSetting(info *debug.BuildInfo, key, value string) { +@@ -2314,6 +2314,17 @@ func appendBuildSetting(info *debug.BuildInfo, key, value string) { info.Settings = append(info.Settings, debug.BuildSetting{Key: key, Value: value}) } @@ -38,7 +38,7 @@ index 1549800..f41fb2c 100644 // setBuildInfo gathers build information and sets it into // p.Internal.BuildInfo, which will later be formatted as a string and embedded // in the binary. setBuildInfo should only be called on a main package with no -@@ -2384,7 +2395,7 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { +@@ -2421,7 +2432,7 @@ func (p *Package) setBuildInfo(ctx context.Context, f *modfetch.Fetcher, autoVCS if gcflags := BuildGcflags.String(); gcflags != "" && cfg.BuildContext.Compiler == "gc" { appendSetting("-gcflags", gcflags) } @@ -47,7 +47,7 @@ index 1549800..f41fb2c 100644 // https://go.dev/issue/52372: only include ldflags if -trimpath is not set, // since it can include system paths through various linker flags (notably // -extar, -extld, and -extldflags). -@@ -2427,7 +2438,7 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { +@@ -2467,7 +2478,7 @@ func (p *Package) setBuildInfo(ctx context.Context, f *modfetch.Fetcher, autoVCS // subset of flags that are known not to be paths? if cfg.BuildContext.CgoEnabled && !cfg.BuildTrimpath { for _, name := range []string{"CGO_CFLAGS", "CGO_CPPFLAGS", "CGO_CXXFLAGS", "CGO_LDFLAGS"} { @@ -56,3 +56,6 @@ index 1549800..f41fb2c 100644 } } appendSetting("GOARCH", cfg.BuildContext.GOARCH) +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0010-cmd-go-clear-GOROOT-for-func-ldShared-when-trimpath-.patch b/meta-balena-common/recipes-devtools/go/go/0010-cmd-go-clear-GOROOT-for-func-ldShared-when-trimpath-.patch new file mode 100644 index 0000000000..33e91bb04e --- /dev/null +++ b/meta-balena-common/recipes-devtools/go/go/0010-cmd-go-clear-GOROOT-for-func-ldShared-when-trimpath-.patch @@ -0,0 +1,48 @@ +From c4215b5ca69a7626d97cf9b7ebc460c2b5b9148b Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Fri, 28 Feb 2025 19:13:18 -0800 +Subject: [PATCH 10/11] cmd/go: clear GOROOT for func ldShared when -trimpath + is used + +In commit [cmd: remove support for GOROOT_FINAL][1], it clear GOROOT +for func ld when -trimpath is used. [2] + +This commit do the same thing for func ldShared, otherwise run go_bootstrap +with -trimpath does not remove build path directory from the generated share +libarary + + $ ./make.bash --target-only --no-banner std + $ go_bootstrap install -linkshared -buildmode=shared -trimpath std + $ grep "$(pwd)" ./pkg/linux_amd64_dynlink/libstd.so + Binary file ./pkg/linux_amd64_dynlink/libstd.so matches + +[1] https://github.com/golang/go/commit/507d1b22f4b58ac68841582d0c2c0ab6b20e5a98 +[2] https://github.com/golang/go/commit/507d1b22f4b58ac68841582d0c2c0ab6b20e5a98#diff-cab5921f94f2667bb0bc1b935d2d46b4c03541b4351b33438ab7290b94dea212R669 + +Upstream-Status: Submitted [https://go-review.googlesource.com/c/go/+/653895] + +Signed-off-by: Hongxu Jia +--- + src/cmd/go/internal/work/gc.go | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/cmd/go/internal/work/gc.go b/src/cmd/go/internal/work/gc.go +index 3a173efee8..8b7a44e031 100644 +--- a/src/cmd/go/internal/work/gc.go ++++ b/src/cmd/go/internal/work/gc.go +@@ -717,6 +717,12 @@ func (gcToolchain) ldShared(b *Builder, root *Action, toplevelactions []*Action, + // the output file path is recorded in the .gnu.version_d section. + dir, targetPath := filepath.Split(targetPath) + ++ // When -trimpath is used, GOROOT is cleared ++ if cfg.BuildTrimpath { ++ cfgChangedEnv = append(cfgChangedEnv, "GOROOT=") ++ } else { ++ cfgChangedEnv = append(cfgChangedEnv, "GOROOT="+cfg.GOROOT) ++ } + return b.Shell(root).run(dir, targetPath, cfgChangedEnv, cfg.BuildToolexec, base.Tool("link"), "-o", targetPath, "-importcfg", importcfg, ldflags) + } + +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch b/meta-balena-common/recipes-devtools/go/go/0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch new file mode 100644 index 0000000000..dda0f2bb71 --- /dev/null +++ b/meta-balena-common/recipes-devtools/go/go/0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch @@ -0,0 +1,55 @@ +From 6d265b008e3d106b2706645e5a88cd8e2fb98953 Mon Sep 17 00:00:00 2001 +From: Dirk Müller +Date: Wed, 09 Mar 2022 17:47:23 +0100 +Subject: [PATCH 11/11] cmd/link: stop forcing binutils-gold dependency on + aarch64 + +The bfd linker appears to be working just fine at least in version +2.41 or above. Reject the known broken one instead, which +avoids an architecture specific linker dependency that +is cumbersome for distributions. + +Fixes #22040. + +Change-Id: I9f377e47c22ef20497479c0978c053ed5de46a38 + +Upstream-Status: Submitted [https://go-review.googlesource.com/c/go/+/391115] +--- + src/cmd/link/internal/ld/lib.go | 21 --------------------- + 1 file changed, 21 deletions(-) + +diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go +index dfc72e02c0..2a2a304113 100644 +--- a/src/cmd/link/internal/ld/lib.go ++++ b/src/cmd/link/internal/ld/lib.go +@@ -1701,27 +1701,6 @@ func (ctxt *Link) hostlink() { + // Use lld to avoid errors from default linker (issue #38838) + altLinker = "lld" + } +- +- if ctxt.Arch.InFamily(sys.ARM64) && buildcfg.GOOS == "linux" { +- // On ARM64, the GNU linker will fail with +- // -znocopyreloc if it thinks a COPY relocation is +- // required. Switch to gold. +- // https://sourceware.org/bugzilla/show_bug.cgi?id=19962 +- // https://go.dev/issue/22040 +- altLinker = "gold" +- +- // If gold is not installed, gcc will silently switch +- // back to ld.bfd. So we parse the version information +- // and provide a useful error if gold is missing. +- name, args := flagExtld[0], flagExtld[1:] +- args = append(args, "-fuse-ld=gold", "-Wl,--version") +- cmd := exec.Command(name, args...) +- if out, err := cmd.CombinedOutput(); err == nil { +- if !bytes.Contains(out, []byte("GNU gold")) { +- log.Fatalf("ARM64 external linker must be gold (issue #15696, 22040), but is not: %s", out) +- } +- } +- } + } + if ctxt.Arch.Family == sys.ARM64 && buildcfg.GOOS == "freebsd" { + // Switch to ld.bfd on freebsd/arm64. +-- +2.25.1 + diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-22870.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-22870.patch deleted file mode 100644 index 6ed394c8e5..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-22870.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 25177ecde0922c50753c043579d17828b7ee88e7 Mon Sep 17 00:00:00 2001 -From: Damien Neil -Date: Wed, 26 Feb 2025 16:08:57 -0800 -Subject: [PATCH] all: updated vendored x/net with security fix - -0b6d719 [internal-branch.go1.23-vendor] proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts - -Fixes CVE-2025-22870 -For #71985 - -Change-Id: Ib72c96bd0ab44d9ed2ac1428e0a9fc245464b3fc -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2141 -Commit-Queue: Damien Neil -Reviewed-by: Roland Shoemaker -Reviewed-by: Neal Patel -Reviewed-on: https://go-review.googlesource.com/c/go/+/654695 -Reviewed-by: Damien Neil -Reviewed-by: Michael Pratt -LUCI-TryBot-Result: Go LUCI -Auto-Submit: Junyang Shao - -CVE: CVE-2025-22870 - -Upstream-Status: Backport [https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7] - -Signed-off-by: Archana Polampalli ---- - src/cmd/internal/moddeps/moddeps_test.go | 1 + - src/vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go -index 3d4c99e..ffaa16c 100644 ---- a/src/cmd/internal/moddeps/moddeps_test.go -+++ b/src/cmd/internal/moddeps/moddeps_test.go -@@ -33,6 +33,7 @@ import ( - // See issues 36852, 41409, and 43687. - // (Also see golang.org/issue/27348.) - func TestAllDependencies(t *testing.T) { -+ t.Skip("TODO(#71985) 1.23.7 contains unreleased changes from vendored modules") - goBin := testenv.GoToolPath(t) - - // Ensure that all packages imported within GOROOT -diff --git a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go -index c3bd9a1..864961c 100644 ---- a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go -+++ b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go -@@ -14,6 +14,7 @@ import ( - "errors" - "fmt" - "net" -+ "net/netip" - "net/url" - "os" - "strings" -@@ -180,8 +181,10 @@ func (cfg *config) useProxy(addr string) bool { - if host == "localhost" { - return false - } -- ip := net.ParseIP(host) -- if ip != nil { -+ nip, err := netip.ParseAddr(host) -+ var ip net.IP -+ if err == nil { -+ ip = net.IP(nip.AsSlice()) - if ip.IsLoopback() { - return false - } -@@ -363,6 +366,9 @@ type domainMatch struct { - } - - func (m domainMatch) match(host, port string, ip net.IP) bool { -+ if ip != nil { -+ return false -+ } - if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) { - return m.port == "" || m.port == port - } --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-22871.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-22871.patch deleted file mode 100644 index 2750178a42..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-22871.patch +++ /dev/null @@ -1,172 +0,0 @@ -From 15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931 Mon Sep 17 00:00:00 2001 -From: Damien Neil -Date: Wed, 26 Feb 2025 13:40:00 -0800 -Subject: [PATCH] [release-branch.go1.23] net/http: reject newlines in - chunk-size lines - -Unlike request headers, where we are allowed to leniently accept -a bare LF in place of a CRLF, chunked bodies must always use CRLF -line terminators. We were already enforcing this for chunk-data lines; -do so for chunk-size lines as well. Also reject bare CRs anywhere -other than as part of the CRLF terminator. - -Fixes CVE-2025-22871 -Fixes #72010 -For #71988 - -Change-Id: Ib0e21af5a8ba28c2a1ca52b72af8e2265ec79e4a -Reviewed-on: https://go-review.googlesource.com/c/go/+/652998 -Reviewed-by: Jonathan Amsterdam -LUCI-TryBot-Result: Go LUCI -(cherry picked from commit d31c805535f3fde95646ee4d87636aaaea66847b) -Reviewed-on: https://go-review.googlesource.com/c/go/+/657216 - -Upstream-Status: Backport [https://github.com/golang/go/commit/15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931] -CVE: CVE-2025-22871 -Signed-off-by: Hitendra Prajapati ---- - src/net/http/internal/chunked.go | 19 +++++++++-- - src/net/http/internal/chunked_test.go | 27 +++++++++++++++ - src/net/http/serve_test.go | 49 +++++++++++++++++++++++++++ - 3 files changed, 92 insertions(+), 3 deletions(-) - -diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go -index 196b5d8..0b08a97 100644 ---- a/src/net/http/internal/chunked.go -+++ b/src/net/http/internal/chunked.go -@@ -164,6 +164,19 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) { - } - return nil, err - } -+ -+ // RFC 9112 permits parsers to accept a bare \n as a line ending in headers, -+ // but not in chunked encoding lines. See https://www.rfc-editor.org/errata/eid7633, -+ // which explicitly rejects a clarification permitting \n as a chunk terminator. -+ // -+ // Verify that the line ends in a CRLF, and that no CRs appear before the end. -+ if idx := bytes.IndexByte(p, '\r'); idx == -1 { -+ return nil, errors.New("chunked line ends with bare LF") -+ } else if idx != len(p)-2 { -+ return nil, errors.New("invalid CR in chunked line") -+ } -+ p = p[:len(p)-2] // trim CRLF -+ - if len(p) >= maxLineLength { - return nil, ErrLineTooLong - } -@@ -171,14 +184,14 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) { - } - - func trimTrailingWhitespace(b []byte) []byte { -- for len(b) > 0 && isASCIISpace(b[len(b)-1]) { -+ for len(b) > 0 && isOWS(b[len(b)-1]) { - b = b[:len(b)-1] - } - return b - } - --func isASCIISpace(b byte) bool { -- return b == ' ' || b == '\t' || b == '\n' || b == '\r' -+func isOWS(b byte) bool { -+ return b == ' ' || b == '\t' - } - - var semi = []byte(";") -diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go -index af79711..312f173 100644 ---- a/src/net/http/internal/chunked_test.go -+++ b/src/net/http/internal/chunked_test.go -@@ -280,6 +280,33 @@ func TestChunkReaderByteAtATime(t *testing.T) { - } - } - -+func TestChunkInvalidInputs(t *testing.T) { -+ for _, test := range []struct { -+ name string -+ b string -+ }{{ -+ name: "bare LF in chunk size", -+ b: "1\na\r\n0\r\n", -+ }, { -+ name: "extra LF in chunk size", -+ b: "1\r\r\na\r\n0\r\n", -+ }, { -+ name: "bare LF in chunk data", -+ b: "1\r\na\n0\r\n", -+ }, { -+ name: "bare LF in chunk extension", -+ b: "1;\na\r\n0\r\n", -+ }} { -+ t.Run(test.name, func(t *testing.T) { -+ r := NewChunkedReader(strings.NewReader(test.b)) -+ got, err := io.ReadAll(r) -+ if err == nil { -+ t.Fatalf("unexpectedly parsed invalid chunked data:\n%q", got) -+ } -+ }) -+ } -+} -+ - type funcReader struct { - f func(iteration int) ([]byte, error) - i int -diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go -index 0c76f1b..0e8af02 100644 ---- a/src/net/http/serve_test.go -+++ b/src/net/http/serve_test.go -@@ -6980,3 +6980,52 @@ func testDisableContentLength(t *testing.T, mode testMode) { - t.Fatal(err) - } - } -+ -+func TestInvalidChunkedBodies(t *testing.T) { -+ for _, test := range []struct { -+ name string -+ b string -+ }{{ -+ name: "bare LF in chunk size", -+ b: "1\na\r\n0\r\n\r\n", -+ }, { -+ name: "bare LF at body end", -+ b: "1\r\na\r\n0\r\n\n", -+ }} { -+ t.Run(test.name, func(t *testing.T) { -+ reqc := make(chan error) -+ ts := newClientServerTest(t, http1Mode, HandlerFunc(func(w ResponseWriter, r *Request) { -+ got, err := io.ReadAll(r.Body) -+ if err == nil { -+ t.Logf("read body: %q", got) -+ } -+ reqc <- err -+ })).ts -+ -+ serverURL, err := url.Parse(ts.URL) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ conn, err := net.Dial("tcp", serverURL.Host) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if _, err := conn.Write([]byte( -+ "POST / HTTP/1.1\r\n" + -+ "Host: localhost\r\n" + -+ "Transfer-Encoding: chunked\r\n" + -+ "Connection: close\r\n" + -+ "\r\n" + -+ test.b)); err != nil { -+ t.Fatal(err) -+ } -+ conn.(*net.TCPConn).CloseWrite() -+ -+ if err := <-reqc; err == nil { -+ t.Errorf("server handler: io.ReadAll(r.Body) succeeded, want error") -+ } -+ }) -+ } -+} --- -2.25.1 - diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-4673.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-4673.patch deleted file mode 100644 index 5ca4fec3dc..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-4673.patch +++ /dev/null @@ -1,68 +0,0 @@ -From b897e97c36cb62629a458bc681723ca733404e32 Mon Sep 17 00:00:00 2001 -From: Neal Patel -Date: Wed, 21 May 2025 14:11:44 -0400 -Subject: [PATCH] net/http: strip sensitive proxy headers from redirect - requests - -Similarly to Authentication entries, Proxy-Authentication entries should be stripped to ensure sensitive information is not leaked on redirects outside of the original domain. - -https://fetch.spec.whatwg.org/#authentication-entries - -Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue. - -Updates golang/go#73816 -Fixes golang/go#73905 -Fixes CVE-2025-4673 - -Change-Id: I1615f31977a2fd014fbc12aae43f82692315a6d0 -Reviewed-on: https://go-review.googlesource.com/c/go/+/679255 -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Michael Knyszek - -CVE: CVE-2025-4673 - -Upstream-Status: Backport [https://github.com/golang/go/commit/b897e97c36cb62629a458bc681723ca733404e32] - -Signed-off-by: Praveen Kumar ---- - src/net/http/client.go | 3 ++- - src/net/http/client_test.go | 3 +++ - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/net/http/client.go b/src/net/http/client.go -index 23f4d81..e07616b 100644 ---- a/src/net/http/client.go -+++ b/src/net/http/client.go -@@ -805,7 +805,8 @@ func (c *Client) makeHeadersCopier(ireq *Request) func(req *Request, stripSensit - for k, vv := range ireqhdr { - sensitive := false - switch CanonicalHeaderKey(k) { -- case "Authorization", "Www-Authenticate", "Cookie", "Cookie2": -+ case "Authorization", "Www-Authenticate", "Cookie", "Cookie2", -+ "Proxy-Authorization", "Proxy-Authenticate": - sensitive = true - } - if !(sensitive && stripSensitiveHeaders) { -diff --git a/src/net/http/client_test.go b/src/net/http/client_test.go -index 641d7ff..97150bd 100644 ---- a/src/net/http/client_test.go -+++ b/src/net/http/client_test.go -@@ -1541,6 +1541,8 @@ func testClientStripHeadersOnRepeatedRedirect(t *testing.T, mode testMode) { - if r.Host+r.URL.Path != "a.example.com/" { - if h := r.Header.Get("Authorization"); h != "" { - t.Errorf("on request to %v%v, Authorization=%q, want no header", r.Host, r.URL.Path, h) -+ } else if h := r.Header.Get("Proxy-Authorization"); h != "" { -+ t.Errorf("on request to %v%v, Proxy-Authorization=%q, want no header", r.Host, r.URL.Path, h) - } - } - // Follow a chain of redirects from a to b and back to a. -@@ -1569,6 +1571,7 @@ func testClientStripHeadersOnRepeatedRedirect(t *testing.T, mode testMode) { - req, _ := NewRequest("GET", proto+"://a.example.com/", nil) - req.Header.Add("Cookie", "foo=bar") - req.Header.Add("Authorization", "secretpassword") -+ req.Header.Add("Proxy-Authorization", "secretpassword") - res, err := c.Do(req) - if err != nil { - t.Fatal(err) --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-4674.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-4674.patch deleted file mode 100644 index bc6e438652..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-4674.patch +++ /dev/null @@ -1,332 +0,0 @@ -From e9d2c032b14c17083be0f8f0c822565199d2994f Mon Sep 17 00:00:00 2001 -From: Roland Shoemaker -Date: Mon, 9 Jun 2025 11:23:46 -0700 -Subject: [PATCH] [release-branch.go1.23] cmd/go: disable support for multiple - vcs in one module - -Removes the somewhat redundant vcs.FromDir, "allowNesting" argument, -which was always enabled, and disallow multiple VCS metadata folders -being present in a single directory. This makes VCS injection attacks -much more difficult. - -Also adds a GODEBUG, allowmultiplevcs, which re-enables this behavior. - -Thanks to RyotaK (https://ryotak.net) of GMO Flatt Security Inc for -reporting this issue. - -Updates #74380 -Fixes #74382 -Fixes CVE-2025-4674 - -CVE: CVE-2025-4674 - -Upstream-Status: Backport [https://github.com/golang/go/commit/e9d2c032b14c17083be0f8f0c822565199d2994f] - -Change-Id: I2db79f2baacfacfec331ee7c6978c4057d483eba -Reviewed-on: https://go-review.googlesource.com/c/go/+/686337 -LUCI-TryBot-Result: Go LUCI -Reviewed-by: David Chase -Reviewed-by: Carlos Amedee -Commit-Queue: Carlos Amedee - -Signed-off-by: Archana Polampalli ---- - doc/godebug.md | 4 ++ - src/cmd/go/internal/load/pkg.go | 14 ++--- - src/cmd/go/internal/vcs/vcs.go | 28 ++++++---- - src/cmd/go/internal/vcs/vcs_test.go | 2 +- - src/cmd/go/testdata/script/test_multivcs.txt | 54 +++++++++++++++++++ - .../script/version_buildvcs_nested.txt | 20 +++++-- - src/internal/godebugs/godebugs_test.go | 3 +- - src/internal/godebugs/table.go | 1 + - src/runtime/metrics/doc.go | 5 ++ - 9 files changed, 108 insertions(+), 23 deletions(-) - create mode 100644 src/cmd/go/testdata/script/test_multivcs.txt - -diff --git a/doc/godebug.md b/doc/godebug.md -index fb3f32f..ae4f057 100644 ---- a/doc/godebug.md -+++ b/doc/godebug.md -@@ -126,6 +126,10 @@ for example, - see the [runtime documentation](/pkg/runtime#hdr-Environment_Variables) - and the [go command documentation](/cmd/go#hdr-Build_and_test_caching). - -+Go 1.23.11 disabled build information stamping when multiple VCS are detected due -+to concerns around VCS injection attacks. This behavior can be renabled with the -+setting `allowmultiplevcs=1`. -+ - ### Go 1.22 - - Go 1.22 adds a configurable limit to control the maximum acceptable RSA key size -diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go -index f41fb2c..428780e 100644 ---- a/src/cmd/go/internal/load/pkg.go -+++ b/src/cmd/go/internal/load/pkg.go -@@ -2465,7 +2465,6 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { - var repoDir string - var vcsCmd *vcs.Cmd - var err error -- const allowNesting = true - - wantVCS := false - switch cfg.BuildBuildvcs { -@@ -2485,7 +2484,7 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { - // (so the bootstrap toolchain packages don't even appear to be in GOROOT). - goto omitVCS - } -- repoDir, vcsCmd, err = vcs.FromDir(base.Cwd(), "", allowNesting) -+ repoDir, vcsCmd, err = vcs.FromDir(base.Cwd(), "") - if err != nil && !errors.Is(err, os.ErrNotExist) { - setVCSError(err) - return -@@ -2508,10 +2507,11 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { - } - if repoDir != "" && vcsCmd.Status != nil { - // Check that the current directory, package, and module are in the same -- // repository. vcs.FromDir allows nested Git repositories, but nesting -- // is not allowed for other VCS tools. The current directory may be outside -- // p.Module.Dir when a workspace is used. -- pkgRepoDir, _, err := vcs.FromDir(p.Dir, "", allowNesting) -+ // repository. vcs.FromDir disallows nested VCS and multiple VCS in the -+ // same repository, unless the GODEBUG allowmultiplevcs is set. The -+ // current directory may be outside p.Module.Dir when a workspace is -+ // used. -+ pkgRepoDir, _, err := vcs.FromDir(p.Dir, "") - if err != nil { - setVCSError(err) - return -@@ -2523,7 +2523,7 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { - } - goto omitVCS - } -- modRepoDir, _, err := vcs.FromDir(p.Module.Dir, "", allowNesting) -+ modRepoDir, _, err := vcs.FromDir(p.Module.Dir, "") - if err != nil { - setVCSError(err) - return -diff --git a/src/cmd/go/internal/vcs/vcs.go b/src/cmd/go/internal/vcs/vcs.go -index 8550f2a..89d9f0e 100644 ---- a/src/cmd/go/internal/vcs/vcs.go -+++ b/src/cmd/go/internal/vcs/vcs.go -@@ -8,6 +8,7 @@ import ( - "bytes" - "errors" - "fmt" -+ "internal/godebug" - "internal/lazyregexp" - "internal/singleflight" - "io/fs" -@@ -831,11 +832,13 @@ type vcsPath struct { - schemelessRepo bool // if true, the repo pattern lacks a scheme - } - -+var allowmultiplevcs = godebug.New("allowmultiplevcs") -+ - // FromDir inspects dir and its parents to determine the - // version control system and code repository to use. - // If no repository is found, FromDir returns an error - // equivalent to os.ErrNotExist. --func FromDir(dir, srcRoot string, allowNesting bool) (repoDir string, vcsCmd *Cmd, err error) { -+func FromDir(dir, srcRoot string) (repoDir string, vcsCmd *Cmd, err error) { - // Clean and double-check that dir is in (a subdirectory of) srcRoot. - dir = filepath.Clean(dir) - if srcRoot != "" { -@@ -849,21 +852,28 @@ func FromDir(dir, srcRoot string, allowNesting bool) (repoDir string, vcsCmd *Cm - for len(dir) > len(srcRoot) { - for _, vcs := range vcsList { - if isVCSRoot(dir, vcs.RootNames) { -- // Record first VCS we find. -- // If allowNesting is false (as it is in GOPATH), keep looking for -- // repositories in parent directories and report an error if one is -- // found to mitigate VCS injection attacks. - if vcsCmd == nil { -+ // Record first VCS we find. - vcsCmd = vcs - repoDir = dir -- if allowNesting { -+ if allowmultiplevcs.Value() == "1" { -+ allowmultiplevcs.IncNonDefault() - return repoDir, vcsCmd, nil - } -+ // If allowmultiplevcs is not set, keep looking for -+ // repositories in current and parent directories and report -+ // an error if one is found to mitigate VCS injection -+ // attacks. -+ continue -+ } -+ if vcsCmd == vcsGit && vcs == vcsGit { -+ // Nested Git is allowed, as this is how things like -+ // submodules work. Git explicitly protects against -+ // injection against itself. - continue - } -- // Otherwise, we have one VCS inside a different VCS. -- return "", nil, fmt.Errorf("directory %q uses %s, but parent %q uses %s", -- repoDir, vcsCmd.Cmd, dir, vcs.Cmd) -+ return "", nil, fmt.Errorf("multiple VCS detected: %s in %q, and %s in %q", -+ vcsCmd.Cmd, repoDir, vcs.Cmd, dir) - } - } - -diff --git a/src/cmd/go/internal/vcs/vcs_test.go b/src/cmd/go/internal/vcs/vcs_test.go -index 2ce85ea..06e63c2 100644 ---- a/src/cmd/go/internal/vcs/vcs_test.go -+++ b/src/cmd/go/internal/vcs/vcs_test.go -@@ -239,7 +239,7 @@ func TestFromDir(t *testing.T) { - } - - wantRepoDir := filepath.Dir(dir) -- gotRepoDir, gotVCS, err := FromDir(dir, tempDir, false) -+ gotRepoDir, gotVCS, err := FromDir(dir, tempDir) - if err != nil { - t.Errorf("FromDir(%q, %q): %v", dir, tempDir, err) - continue -diff --git a/src/cmd/go/testdata/script/test_multivcs.txt b/src/cmd/go/testdata/script/test_multivcs.txt -new file mode 100644 -index 0000000..538cbf7 ---- /dev/null -+++ b/src/cmd/go/testdata/script/test_multivcs.txt -@@ -0,0 +1,54 @@ -+# To avoid VCS injection attacks, we should not accept multiple different VCS metadata -+# folders within a single module (either in the same directory, or nested in different -+# directories.) -+# -+# This behavior should be disabled by setting the allowmultiplevcs GODEBUG. -+ -+[short] skip -+[!git] skip -+ -+cd samedir -+ -+exec git init . -+ -+# Without explicitly requesting buildvcs, the go command should silently continue -+# without determining the correct VCS. -+go test -c -o $devnull . -+ -+# If buildvcs is explicitly requested, we expect the go command to fail -+! go test -buildvcs -c -o $devnull . -+stderr '^error obtaining VCS status: multiple VCS detected:' -+ -+env GODEBUG=allowmultiplevcs=1 -+go test -buildvcs -c -o $devnull . -+ -+env GODEBUG= -+cd ../nested -+exec git init . -+# cd a -+go test -c -o $devnull ./a -+! go test -buildvcs -c -o $devnull ./a -+stderr '^error obtaining VCS status: multiple VCS detected:' -+# allowmultiplevcs doesn't disable the check that the current directory, package, and -+# module are in the same repository. -+env GODEBUG=allowmultiplevcs=1 -+! go test -buildvcs -c -o $devnull ./a -+stderr '^error obtaining VCS status: main package is in repository' -+ -+-- samedir/go.mod -- -+module example -+ -+go 1.18 -+-- samedir/example.go -- -+package main -+-- samedir/.bzr/test -- -+hello -+ -+-- nested/go.mod -- -+module example -+ -+go 1.18 -+-- nested/a/example.go -- -+package main -+-- nested/a/.bzr/test -- -+hello -diff --git a/src/cmd/go/testdata/script/version_buildvcs_nested.txt b/src/cmd/go/testdata/script/version_buildvcs_nested.txt -index 6dab847..22cd71c 100644 ---- a/src/cmd/go/testdata/script/version_buildvcs_nested.txt -+++ b/src/cmd/go/testdata/script/version_buildvcs_nested.txt -@@ -9,25 +9,35 @@ cd root - go mod init example.com/root - exec git init - --# Nesting repositories in parent directories are ignored, as the current --# directory main package, and containing main module are in the same repository. --# This is an error in GOPATH mode (to prevent VCS injection), but for modules, --# we assume users have control over repositories they've checked out. -+ -+# Nesting repositories in parent directories are an error, to prevent VCS injection. -+# This can be disabled with the allowmultiplevcs GODEBUG. - mkdir hgsub - cd hgsub - exec hg init - cp ../../main.go main.go - ! go build -+stderr '^error obtaining VCS status: multiple VCS detected: hg in ".*hgsub", and git in ".*root"$' -+stderr '^\tUse -buildvcs=false to disable VCS stamping.$' -+env GODEBUG=allowmultiplevcs=1 -+! go build - stderr '^error obtaining VCS status: main module is in repository ".*root" but current directory is in repository ".*hgsub"$' - stderr '^\tUse -buildvcs=false to disable VCS stamping.$' - go build -buildvcs=false -+env GODEBUG= - go mod init example.com/root/hgsub -+! go build -+stderr '^error obtaining VCS status: multiple VCS detected: hg in ".*hgsub", and git in ".*root"$' -+stderr '^\tUse -buildvcs=false to disable VCS stamping.$' -+env GODEBUG=allowmultiplevcs=1 - go build -+env GODEBUG= - cd .. - - # It's an error to build a package from a nested Git repository if the package - # is in a separate repository from the current directory or from the module --# root directory. -+# root directory. Otherwise nested Git repositories are allowed, as this is -+# how Git implements submodules (and protects against Git based VCS injection.) - mkdir gitsub - cd gitsub - exec git init -diff --git a/src/internal/godebugs/godebugs_test.go b/src/internal/godebugs/godebugs_test.go -index a1cb8d4..b3784eb 100644 ---- a/src/internal/godebugs/godebugs_test.go -+++ b/src/internal/godebugs/godebugs_test.go -@@ -39,7 +39,8 @@ func TestAll(t *testing.T) { - if info.Old != "" && info.Changed == 0 { - t.Errorf("Name=%s has Old, missing Changed", info.Name) - } -- if !strings.Contains(doc, "`"+info.Name+"`") { -+ if !strings.Contains(doc, "`"+info.Name+"`") && -+ !strings.Contains(doc, "`"+info.Name+"=") { - t.Errorf("Name=%s not documented in doc/godebug.md", info.Name) - } - } -diff --git a/src/internal/godebugs/table.go b/src/internal/godebugs/table.go -index 11c5b7d..33dcd81 100644 ---- a/src/internal/godebugs/table.go -+++ b/src/internal/godebugs/table.go -@@ -25,6 +25,7 @@ type Info struct { - // Note: After adding entries to this table, update the list in doc/godebug.md as well. - // (Otherwise the test in this package will fail.) - var All = []Info{ -+ {Name: "allowmultiplevcs", Package: "cmd/go"}, - {Name: "execerrdot", Package: "os/exec"}, - {Name: "gocachehash", Package: "cmd/go"}, - {Name: "gocachetest", Package: "cmd/go"}, -diff --git a/src/runtime/metrics/doc.go b/src/runtime/metrics/doc.go -index 85f256d..517ec0e 100644 ---- a/src/runtime/metrics/doc.go -+++ b/src/runtime/metrics/doc.go -@@ -230,6 +230,11 @@ Below is the full list of supported metrics, ordered lexicographically. - /gc/stack/starting-size:bytes - The stack size of new goroutines. - -+ /godebug/non-default-behavior/allowmultiplevcs:events -+ The number of non-default behaviors executed by the cmd/go -+ package due to a non-default GODEBUG=allowmultiplevcs=... -+ setting. -+ - /godebug/non-default-behavior/execerrdot:events - The number of non-default behaviors executed by the os/exec - package due to a non-default GODEBUG=execerrdot=... setting. --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47906.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-47906.patch deleted file mode 100644 index 88895f496d..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47906.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 8fa31a2d7d9e60c50a3a94080c097b6e65773f4b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= -Date: Mon, 30 Jun 2025 16:58:59 +0200 -Subject: [PATCH] [release-branch.go1.23] os/exec: fix incorrect expansion of - "", "." and ".." in LookPath Fix incorrect expansion of "" and "." when $PATH - contains an executable file or, on Windows, a parent directory of a %PATH% - element contains an file with the same name as the %PATH% element but with - one of the %PATHEXT% extension (ex: C:\utils\bin is in PATH, and - C:\utils\bin.exe exists). - -Fix incorrect expansion of ".." when $PATH contains an element which is -an the concatenation of the path to an executable file (or on Windows -a path that can be expanded to an executable by appending a %PATHEXT% -extension), a path separator and a name. - -"", "." and ".." are now rejected early with ErrNotFound. - -Fixes CVE-2025-47906 -Fixes #74803 - -Change-Id: Ie50cc0a660fce8fbdc952a7f2e05c36062dcb50e -Reviewed-on: https://go-review.googlesource.com/c/go/+/685755 -LUCI-TryBot-Result: Go LUCI -Auto-Submit: Damien Neil -Reviewed-by: Roland Shoemaker -Reviewed-by: Damien Neil -(cherry picked from commit e0b07dc) -Reviewed-on: https://go-review.googlesource.com/c/go/+/691855 -Reviewed-by: Michael Knyszek - -CVE: CVE-2025-47906 - -Upstream-Status: Backport [https://github.com/golang/go/commit/8fa31a2d7d9e60c50a3a94080c097b6e65773f4b] - -Signed-off-by: Archana Polampalli ---- - src/os/exec/dot_test.go | 56 +++++++++++++++++++++++++++++++++++++++ - src/os/exec/exec.go | 10 +++++++ - src/os/exec/lp_plan9.go | 4 +++ - src/os/exec/lp_unix.go | 4 +++ - src/os/exec/lp_windows.go | 7 +++++ - 5 files changed, 81 insertions(+) - -diff --git a/src/os/exec/dot_test.go b/src/os/exec/dot_test.go -index ed4bad2..86e9cbb 100644 ---- a/src/os/exec/dot_test.go -+++ b/src/os/exec/dot_test.go -@@ -178,4 +178,60 @@ func TestLookPath(t *testing.T) { - } - } - }) -+ -+ checker := func(test string) func(t *testing.T) { -+ return func(t *testing.T) { -+ t.Helper() -+ t.Logf("PATH=%s", os.Getenv("PATH")) -+ p, err := LookPath(test) -+ if err == nil { -+ t.Errorf("%q: error expected, got nil", test) -+ } -+ if p != "" { -+ t.Errorf("%q: path returned should be \"\". Got %q", test, p) -+ } -+ } -+ } -+ -+ // Reference behavior for the next test -+ t.Run(pathVar+"=$OTHER2", func(t *testing.T) { -+ t.Run("empty", checker("")) -+ t.Run("dot", checker(".")) -+ t.Run("dotdot1", checker("abc/..")) -+ t.Run("dotdot2", checker("..")) -+ }) -+ -+ // Test the behavior when PATH contains an executable file which is not a directory -+ t.Run(pathVar+"=exe", func(t *testing.T) { -+ // Inject an executable file (not a directory) in PATH. -+ // Use our own binary os.Args[0]. -+ testenv.MustHaveExec(t) -+ exe, err := os.Executable() -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ t.Setenv(pathVar, exe) -+ t.Run("empty", checker("")) -+ t.Run("dot", checker(".")) -+ t.Run("dotdot1", checker("abc/..")) -+ t.Run("dotdot2", checker("..")) -+ }) -+ -+ // Test the behavior when PATH contains an executable file which is not a directory -+ t.Run(pathVar+"=exe/xx", func(t *testing.T) { -+ // Inject an executable file (not a directory) in PATH. -+ // Use our own binary os.Args[0]. -+ testenv.MustHaveExec(t) -+ exe, err := os.Executable() -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ t.Setenv(pathVar, filepath.Join(exe, "xx")) -+ t.Run("empty", checker("")) -+ t.Run("dot", checker(".")) -+ t.Run("dotdot1", checker("abc/..")) -+ t.Run("dotdot2", checker("..")) -+ }) - } -diff --git a/src/os/exec/exec.go b/src/os/exec/exec.go -index b8ef5a0..2c7f510 100644 ---- a/src/os/exec/exec.go -+++ b/src/os/exec/exec.go -@@ -1310,3 +1310,13 @@ func addCriticalEnv(env []string) []string { - // Code should use errors.Is(err, ErrDot), not err == ErrDot, - // to test whether a returned error err is due to this condition. - var ErrDot = errors.New("cannot run executable found relative to current directory") -+ -+// validateLookPath excludes paths that can't be valid -+// executable names. See issue #74466 and CVE-2025-47906. -+func validateLookPath(s string) error { -+ switch s { -+ case "", ".", "..": -+ return ErrNotFound -+ } -+ return nil -+} -diff --git a/src/os/exec/lp_plan9.go b/src/os/exec/lp_plan9.go -index dffdbac..39f3d33 100644 ---- a/src/os/exec/lp_plan9.go -+++ b/src/os/exec/lp_plan9.go -@@ -36,6 +36,10 @@ func findExecutable(file string) error { - // As of Go 1.19, LookPath will instead return that path along with an error satisfying - // errors.Is(err, ErrDot). See the package documentation for more details. - func LookPath(file string) (string, error) { -+ if err := validateLookPath(file); err != nil { -+ return "", &Error{file, err} -+ } -+ - // skip the path lookup for these prefixes - skip := []string{"/", "#", "./", "../"} - -diff --git a/src/os/exec/lp_unix.go b/src/os/exec/lp_unix.go -index 3787132..2543525 100644 ---- a/src/os/exec/lp_unix.go -+++ b/src/os/exec/lp_unix.go -@@ -54,6 +54,10 @@ func LookPath(file string) (string, error) { - // (only bypass the path if file begins with / or ./ or ../) - // but that would not match all the Unix shells. - -+ if err := validateLookPath(file); err != nil { -+ return "", &Error{file, err} -+ } -+ - if strings.Contains(file, "/") { - err := findExecutable(file) - if err == nil { -diff --git a/src/os/exec/lp_windows.go b/src/os/exec/lp_windows.go -index 698a97c..e0b74e3 100644 ---- a/src/os/exec/lp_windows.go -+++ b/src/os/exec/lp_windows.go -@@ -68,6 +68,9 @@ func findExecutable(file string, exts []string) (string, error) { - // As of Go 1.19, LookPath will instead return that path along with an error satisfying - // errors.Is(err, ErrDot). See the package documentation for more details. - func LookPath(file string) (string, error) { -+ if err := validateLookPath(file); err != nil { -+ return "", &Error{file, err} -+ } - return lookPath(file, pathExt()) - } - -@@ -81,6 +84,10 @@ func LookPath(file string) (string, error) { - // "C:\foo\example.com" would be returned as-is even if the - // program is actually "C:\foo\example.com.exe". - func lookExtensions(path, dir string) (string, error) { -+ if err := validateLookPath(path); err != nil { -+ return "", &Error{path, err} -+ } -+ - if filepath.Base(path) == path { - path = "." + string(filepath.Separator) + path - } --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47907-pre.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-47907-pre.patch deleted file mode 100644 index dafa878e73..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47907-pre.patch +++ /dev/null @@ -1,233 +0,0 @@ -From c23579f031ecd09bf37c644723b33736dffa8b92 Mon Sep 17 00:00:00 2001 -From: Damien Neil -Date: Tue, 23 Jan 2024 15:59:47 -0800 -Subject: [PATCH 1/2] database/sql: avoid clobbering driver-owned memory in - RawBytes - -Depending on the query, a RawBytes can contain memory owned by the -driver or by database/sql: - -If the driver provides the column as a []byte, -RawBytes aliases that []byte. - -If the driver provides the column as any other type, -RawBytes contains memory allocated by database/sql. -Prior to this CL, Rows.Scan will reuse existing capacity in a -RawBytes to permit a single allocation to be reused across rows. - -When a RawBytes is reused across queries, this can result -in database/sql writing to driver-owned memory. - -Add a buffer to Rows to store RawBytes data, and reuse this -buffer across calls to Rows.Scan. - -Fixes #65201 - -Change-Id: Iac640174c7afa97eeb39496f47dec202501b2483 -Reviewed-on: https://go-review.googlesource.com/c/go/+/557917 -Reviewed-by: Brad Fitzpatrick -Reviewed-by: Roland Shoemaker -LUCI-TryBot-Result: Go LUCI - -CVE: CVE-2025-47907 - -Upstream-Status: Backport [https://github.com/golang/go/commit/c23579f031ecd09bf37c644723b33736dffa8b92] - -Signed-off-by: Praveen Kumar ---- - src/database/sql/convert.go | 8 +++--- - src/database/sql/convert_test.go | 12 ++++++-- - src/database/sql/sql.go | 34 +++++++++++++++++++++++ - src/database/sql/sql_test.go | 47 ++++++++++++++++++++++++++++++++ - 4 files changed, 94 insertions(+), 7 deletions(-) - -diff --git a/src/database/sql/convert.go b/src/database/sql/convert.go -index cca5d15..999b8f1 100644 ---- a/src/database/sql/convert.go -+++ b/src/database/sql/convert.go -@@ -237,7 +237,7 @@ func convertAssignRows(dest, src any, rows *Rows) error { - if d == nil { - return errNilPtr - } -- *d = append((*d)[:0], s...) -+ *d = rows.setrawbuf(append(rows.rawbuf(), s...)) - return nil - } - case []byte: -@@ -285,7 +285,7 @@ func convertAssignRows(dest, src any, rows *Rows) error { - if d == nil { - return errNilPtr - } -- *d = s.AppendFormat((*d)[:0], time.RFC3339Nano) -+ *d = rows.setrawbuf(s.AppendFormat(rows.rawbuf(), time.RFC3339Nano)) - return nil - } - case decimalDecompose: -@@ -366,8 +366,8 @@ func convertAssignRows(dest, src any, rows *Rows) error { - } - case *RawBytes: - sv = reflect.ValueOf(src) -- if b, ok := asBytes([]byte(*d)[:0], sv); ok { -- *d = RawBytes(b) -+ if b, ok := asBytes(rows.rawbuf(), sv); ok { -+ *d = rows.setrawbuf(b) - return nil - } - case *bool: -diff --git a/src/database/sql/convert_test.go b/src/database/sql/convert_test.go -index 6d09fa1..f94db8e 100644 ---- a/src/database/sql/convert_test.go -+++ b/src/database/sql/convert_test.go -@@ -354,9 +354,10 @@ func TestRawBytesAllocs(t *testing.T) { - {"time", time.Unix(2, 5).UTC(), "1970-01-01T00:00:02.000000005Z"}, - } - -- buf := make(RawBytes, 10) -+ var buf RawBytes -+ rows := &Rows{} - test := func(name string, in any, want string) { -- if err := convertAssign(&buf, in); err != nil { -+ if err := convertAssignRows(&buf, in, rows); err != nil { - t.Fatalf("%s: convertAssign = %v", name, err) - } - match := len(buf) == len(want) -@@ -375,6 +376,7 @@ func TestRawBytesAllocs(t *testing.T) { - - n := testing.AllocsPerRun(100, func() { - for _, tt := range tests { -+ rows.raw = rows.raw[:0] - test(tt.name, tt.in, tt.want) - } - }) -@@ -383,7 +385,11 @@ func TestRawBytesAllocs(t *testing.T) { - // and gc. With 32-bit words there are more convT2E allocs, and - // with gccgo, only pointers currently go in interface data. - // So only care on amd64 gc for now. -- measureAllocs := runtime.GOARCH == "amd64" && runtime.Compiler == "gc" -+ measureAllocs := false -+ switch runtime.GOARCH { -+ case "amd64", "arm64": -+ measureAllocs = runtime.Compiler == "gc" -+ } - - if n > 0.5 && measureAllocs { - t.Fatalf("allocs = %v; want 0", n) -diff --git a/src/database/sql/sql.go b/src/database/sql/sql.go -index 4f1197d..da0f52c 100644 ---- a/src/database/sql/sql.go -+++ b/src/database/sql/sql.go -@@ -2936,6 +2936,13 @@ type Rows struct { - // not to be called concurrently. - lastcols []driver.Value - -+ // raw is a buffer for RawBytes that persists between Scan calls. -+ // This is used when the driver returns a mismatched type that requires -+ // a cloning allocation. For example, if the driver returns a *string and -+ // the user is scanning into a *RawBytes, we need to copy the string. -+ // The raw buffer here lets us reuse the memory for that copy across Scan calls. -+ raw []byte -+ - // closemuScanHold is whether the previous call to Scan kept closemu RLock'ed - // without unlocking it. It does that when the user passes a *RawBytes scan - // target. In that case, we need to prevent awaitDone from closing the Rows -@@ -3130,6 +3137,32 @@ func (rs *Rows) Err() error { - return rs.lasterrOrErrLocked(nil) - } - -+// rawbuf returns the buffer to append RawBytes values to. -+// This buffer is reused across calls to Rows.Scan. -+// -+// Usage: -+// -+// rawBytes = rows.setrawbuf(append(rows.rawbuf(), value...)) -+func (rs *Rows) rawbuf() []byte { -+ if rs == nil { -+ // convertAssignRows can take a nil *Rows; for simplicity handle it here -+ return nil -+ } -+ return rs.raw -+} -+ -+// setrawbuf updates the RawBytes buffer with the result of appending a new value to it. -+// It returns the new value. -+func (rs *Rows) setrawbuf(b []byte) RawBytes { -+ if rs == nil { -+ // convertAssignRows can take a nil *Rows; for simplicity handle it here -+ return RawBytes(b) -+ } -+ off := len(rs.raw) -+ rs.raw = b -+ return RawBytes(rs.raw[off:]) -+} -+ - var errRowsClosed = errors.New("sql: Rows are closed") - var errNoRows = errors.New("sql: no Rows available") - -@@ -3337,6 +3370,7 @@ func (rs *Rows) Scan(dest ...any) error { - - if scanArgsContainRawBytes(dest) { - rs.closemuScanHold = true -+ rs.raw = rs.raw[:0] - } else { - rs.closemu.RUnlock() - } -diff --git a/src/database/sql/sql_test.go b/src/database/sql/sql_test.go -index c38a348..c3b4822 100644 ---- a/src/database/sql/sql_test.go -+++ b/src/database/sql/sql_test.go -@@ -4531,6 +4531,53 @@ func TestNilErrorAfterClose(t *testing.T) { - } - } - -+// Issue #65201. -+// -+// If a RawBytes is reused across multiple queries, -+// subsequent queries shouldn't overwrite driver-owned memory from previous queries. -+func TestRawBytesReuse(t *testing.T) { -+ db := newTestDB(t, "people") -+ defer closeDB(t, db) -+ -+ if _, err := db.Exec("USE_RAWBYTES"); err != nil { -+ t.Fatal(err) -+ } -+ -+ var raw RawBytes -+ -+ // The RawBytes in this query aliases driver-owned memory. -+ rows, err := db.Query("SELECT|people|name|") -+ if err != nil { -+ t.Fatal(err) -+ } -+ rows.Next() -+ rows.Scan(&raw) // now raw is pointing to driver-owned memory -+ name1 := string(raw) -+ rows.Close() -+ -+ // The RawBytes in this query does not alias driver-owned memory. -+ rows, err = db.Query("SELECT|people|age|") -+ if err != nil { -+ t.Fatal(err) -+ } -+ rows.Next() -+ rows.Scan(&raw) // this must not write to the driver-owned memory in raw -+ rows.Close() -+ -+ // Repeat the first query. Nothing should have changed. -+ rows, err = db.Query("SELECT|people|name|") -+ if err != nil { -+ t.Fatal(err) -+ } -+ rows.Next() -+ rows.Scan(&raw) // raw points to driver-owned memory again -+ name2 := string(raw) -+ rows.Close() -+ if name1 != name2 { -+ t.Fatalf("Scan read name %q, want %q", name2, name1) -+ } -+} -+ - // badConn implements a bad driver.Conn, for TestBadDriver. - // The Exec method panics. - type badConn struct{} --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47907.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-47907.patch deleted file mode 100644 index a556c3dd68..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47907.patch +++ /dev/null @@ -1,328 +0,0 @@ -From 8a924caaf348fdc366bab906424616b2974ad4e9 Mon Sep 17 00:00:00 2001 -From: Damien Neil -Date: Wed, 23 Jul 2025 14:26:54 -0700 -Subject: [PATCH 2/2] database/sql: avoid closing Rows while scan is in - progress - -A database/sql/driver.Rows can return database-owned data -from Rows.Next. The driver.Rows documentation doesn't explicitly -document the lifetime guarantees for this data, but a reasonable -expectation is that the caller of Next should only access it -until the next call to Rows.Close or Rows.Next. - -Avoid violating that constraint when a query is cancelled while -a call to database/sql.Rows.Scan (note the difference between -the two different Rows types!) is in progress. We previously -took care to avoid closing a driver.Rows while the user has -access to driver-owned memory via a RawData, but we could still -close a driver.Rows while a Scan call was in the process of -reading previously-returned driver-owned data. - -Update the fake DB used in database/sql tests to invalidate -returned data to help catch other places we might be -incorrectly retaining it. - -Updates #74831 -Fixes #74832 - -Change-Id: Ice45b5fad51b679c38e3e1d21ef39156b56d6037 -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2540 -Reviewed-by: Roland Shoemaker -Reviewed-by: Neal Patel -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2601 -Reviewed-on: https://go-review.googlesource.com/c/go/+/693558 -TryBot-Bypass: Dmitri Shuralyov -Reviewed-by: Mark Freeman -Reviewed-by: Dmitri Shuralyov -Auto-Submit: Dmitri Shuralyov - -CVE: CVE-2025-47907 - -Upstream-Status: Backport [https://github.com/golang/go/commit/8a924caaf348fdc366bab906424616b2974ad4e9] - -Signed-off-by: Praveen Kumar ---- - src/database/sql/convert.go | 2 -- - src/database/sql/fakedb_test.go | 47 ++++++++++++-------------- - src/database/sql/sql.go | 26 ++++++-------- - src/database/sql/sql_test.go | 60 ++++++++++++++++++++++++++++++--- - 4 files changed, 89 insertions(+), 46 deletions(-) - -diff --git a/src/database/sql/convert.go b/src/database/sql/convert.go -index 999b8f1..2869a3b 100644 ---- a/src/database/sql/convert.go -+++ b/src/database/sql/convert.go -@@ -324,7 +324,6 @@ func convertAssignRows(dest, src any, rows *Rows) error { - if rows == nil { - return errors.New("invalid context to convert cursor rows, missing parent *Rows") - } -- rows.closemu.Lock() - *d = Rows{ - dc: rows.dc, - releaseConn: func(error) {}, -@@ -340,7 +339,6 @@ func convertAssignRows(dest, src any, rows *Rows) error { - parentCancel() - } - } -- rows.closemu.Unlock() - return nil - } - } -diff --git a/src/database/sql/fakedb_test.go b/src/database/sql/fakedb_test.go -index c6c3172..95c0fa3 100644 ---- a/src/database/sql/fakedb_test.go -+++ b/src/database/sql/fakedb_test.go -@@ -5,6 +5,7 @@ - package sql - - import ( -+ "bytes" - "context" - "database/sql/driver" - "errors" -@@ -15,7 +16,6 @@ import ( - "strconv" - "strings" - "sync" -- "sync/atomic" - "testing" - "time" - ) -@@ -91,8 +91,6 @@ func (cc *fakeDriverCtx) OpenConnector(name string) (driver.Connector, error) { - type fakeDB struct { - name string - -- useRawBytes atomic.Bool -- - mu sync.Mutex - tables map[string]*table - badConn bool -@@ -700,8 +698,6 @@ func (c *fakeConn) PrepareContext(ctx context.Context, query string) (driver.Stm - switch cmd { - case "WIPE": - // Nothing -- case "USE_RAWBYTES": -- c.db.useRawBytes.Store(true) - case "SELECT": - stmt, err = c.prepareSelect(stmt, parts) - case "CREATE": -@@ -805,9 +801,6 @@ func (s *fakeStmt) ExecContext(ctx context.Context, args []driver.NamedValue) (d - case "WIPE": - db.wipe() - return driver.ResultNoRows, nil -- case "USE_RAWBYTES": -- s.c.db.useRawBytes.Store(true) -- return driver.ResultNoRows, nil - case "CREATE": - if err := db.createTable(s.table, s.colName, s.colType); err != nil { - return nil, err -@@ -1090,10 +1083,9 @@ type rowsCursor struct { - errPos int - err error - -- // a clone of slices to give out to clients, indexed by the -- // original slice's first byte address. we clone them -- // just so we're able to corrupt them on close. -- bytesClone map[*byte][]byte -+ // Data returned to clients. -+ // We clone and stash it here so it can be invalidated by Close and Next. -+ driverOwnedMemory [][]byte - - // Every operation writes to line to enable the race detector - // check for data races. -@@ -1110,9 +1102,19 @@ func (rc *rowsCursor) touchMem() { - rc.line++ - } - -+func (rc *rowsCursor) invalidateDriverOwnedMemory() { -+ for _, buf := range rc.driverOwnedMemory { -+ for i := range buf { -+ buf[i] = 'x' -+ } -+ } -+ rc.driverOwnedMemory = nil -+} -+ - func (rc *rowsCursor) Close() error { - rc.touchMem() - rc.parentMem.touchMem() -+ rc.invalidateDriverOwnedMemory() - rc.closed = true - return rc.closeErr - } -@@ -1143,6 +1145,8 @@ func (rc *rowsCursor) Next(dest []driver.Value) error { - if rc.posRow >= len(rc.rows[rc.posSet]) { - return io.EOF // per interface spec - } -+ // Corrupt any previously returned bytes. -+ rc.invalidateDriverOwnedMemory() - for i, v := range rc.rows[rc.posSet][rc.posRow].cols { - // TODO(bradfitz): convert to subset types? naah, I - // think the subset types should only be input to -@@ -1150,20 +1154,13 @@ func (rc *rowsCursor) Next(dest []driver.Value) error { - // a wider range of types coming out of drivers. all - // for ease of drivers, and to prevent drivers from - // messing up conversions or doing them differently. -- dest[i] = v -- -- if bs, ok := v.([]byte); ok && !rc.db.useRawBytes.Load() { -- if rc.bytesClone == nil { -- rc.bytesClone = make(map[*byte][]byte) -- } -- clone, ok := rc.bytesClone[&bs[0]] -- if !ok { -- clone = make([]byte, len(bs)) -- copy(clone, bs) -- rc.bytesClone[&bs[0]] = clone -- } -- dest[i] = clone -+ if bs, ok := v.([]byte); ok { -+ // Clone []bytes and stash for later invalidation. -+ bs = bytes.Clone(bs) -+ rc.driverOwnedMemory = append(rc.driverOwnedMemory, bs) -+ v = bs - } -+ dest[i] = v - } - return nil - } -diff --git a/src/database/sql/sql.go b/src/database/sql/sql.go -index da0f52c..41130d9 100644 ---- a/src/database/sql/sql.go -+++ b/src/database/sql/sql.go -@@ -3357,37 +3357,33 @@ func (rs *Rows) Scan(dest ...any) error { - return fmt.Errorf("sql: Scan called without calling Next (closemuScanHold)") - } - rs.closemu.RLock() -- -- if rs.lasterr != nil && rs.lasterr != io.EOF { -+ rs.raw = rs.raw[:0] -+ err := rs.scanLocked(dest...) -+ if err == nil && scanArgsContainRawBytes(dest) { -+ rs.closemuScanHold = true -+ } else { - rs.closemu.RUnlock() -+ } -+ return err -+} -+func (rs *Rows) scanLocked(dest ...any) error { -+ if rs.lasterr != nil && rs.lasterr != io.EOF { - return rs.lasterr - } - if rs.closed { -- err := rs.lasterrOrErrLocked(errRowsClosed) -- rs.closemu.RUnlock() -- return err -- } -- -- if scanArgsContainRawBytes(dest) { -- rs.closemuScanHold = true -- rs.raw = rs.raw[:0] -- } else { -- rs.closemu.RUnlock() -+ return rs.lasterrOrErrLocked(errRowsClosed) - } - - if rs.lastcols == nil { -- rs.closemuRUnlockIfHeldByScan() - return errors.New("sql: Scan called without calling Next") - } - if len(dest) != len(rs.lastcols) { -- rs.closemuRUnlockIfHeldByScan() - return fmt.Errorf("sql: expected %d destination arguments in Scan, not %d", len(rs.lastcols), len(dest)) - } - - for i, sv := range rs.lastcols { - err := convertAssignRows(dest[i], sv, rs) - if err != nil { -- rs.closemuRUnlockIfHeldByScan() - return fmt.Errorf(`sql: Scan error on column index %d, name %q: %w`, i, rs.rowsi.Columns()[i], err) - } - } -diff --git a/src/database/sql/sql_test.go b/src/database/sql/sql_test.go -index c3b4822..ee65b1b 100644 ---- a/src/database/sql/sql_test.go -+++ b/src/database/sql/sql_test.go -@@ -5,6 +5,7 @@ - package sql - - import ( -+ "bytes" - "context" - "database/sql/driver" - "errors" -@@ -4411,10 +4412,6 @@ func testContextCancelDuringRawBytesScan(t *testing.T, mode string) { - db := newTestDB(t, "people") - defer closeDB(t, db) - -- if _, err := db.Exec("USE_RAWBYTES"); err != nil { -- t.Fatal(err) -- } -- - // cancel used to call close asynchronously. - // This test checks that it waits so as not to interfere with RawBytes. - ctx, cancel := context.WithCancel(context.Background()) -@@ -4506,6 +4503,61 @@ func TestContextCancelBetweenNextAndErr(t *testing.T) { - } - } - -+type testScanner struct { -+ scanf func(src any) error -+} -+ -+func (ts testScanner) Scan(src any) error { return ts.scanf(src) } -+ -+func TestContextCancelDuringScan(t *testing.T) { -+ db := newTestDB(t, "people") -+ defer closeDB(t, db) -+ -+ ctx, cancel := context.WithCancel(context.Background()) -+ defer cancel() -+ -+ scanStart := make(chan any) -+ scanEnd := make(chan error) -+ scanner := &testScanner{ -+ scanf: func(src any) error { -+ scanStart <- src -+ return <-scanEnd -+ }, -+ } -+ -+ // Start a query, and pause it mid-scan. -+ want := []byte("Alice") -+ r, err := db.QueryContext(ctx, "SELECT|people|name|name=?", string(want)) -+ if err != nil { -+ t.Fatal(err) -+ } -+ if !r.Next() { -+ t.Fatalf("r.Next() = false, want true") -+ } -+ go func() { -+ r.Scan(scanner) -+ }() -+ got := <-scanStart -+ defer close(scanEnd) -+ gotBytes, ok := got.([]byte) -+ if !ok { -+ t.Fatalf("r.Scan returned %T, want []byte", got) -+ } -+ if !bytes.Equal(gotBytes, want) { -+ t.Fatalf("before cancel: r.Scan returned %q, want %q", gotBytes, want) -+ } -+ -+ // Cancel the query. -+ // Sleep to give it a chance to finish canceling. -+ cancel() -+ time.Sleep(10 * time.Millisecond) -+ -+ // Cancelling the query should not have changed the result. -+ if !bytes.Equal(gotBytes, want) { -+ t.Fatalf("after cancel: r.Scan result is now %q, want %q", gotBytes, want) -+ } -+} -+ - func TestNilErrorAfterClose(t *testing.T) { - db := newTestDB(t, "people") - defer closeDB(t, db) --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47912.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-47912.patch deleted file mode 100644 index bc63b323ca..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-47912.patch +++ /dev/null @@ -1,226 +0,0 @@ -From d6d2f7bf76718f1db05461cd912ae5e30d7b77ea Mon Sep 17 00:00:00 2001 -From: Ethan Lee -Date: Fri, 29 Aug 2025 17:35:55 +0000 -Subject: [PATCH] [release-branch.go1.24] net/url: enforce stricter parsing of - - bracketed IPv6 hostnames - Previously, url.Parse did not enforce validation - of hostnames within square brackets. - RFC 3986 stipulates that only IPv6 - hostnames can be embedded within square brackets in a URL. - Now, the - parsing logic should strictly enforce that only IPv6 hostnames can be - resolved when in square brackets. IPv4, IPv4-mapped addresses and other - input will be rejected. - Update url_test to add test cases that cover the - above scenarios. - -Thanks to Enze Wang, Jingcheng Yang and Zehui Miao of Tsinghua -University for reporting this issue. - -Fixes CVE-2025-47912 -Fixes #75678 -Fixes #75712 - -Change-Id: Iaa41432bf0ee86de95a39a03adae5729e4deb46c -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2680 -Reviewed-by: Damien Neil -Reviewed-by: Roland Shoemaker -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2968 -Reviewed-by: Nicholas Husin -Reviewed-on: https://go-review.googlesource.com/c/go/+/709838 -TryBot-Bypass: Michael Pratt -Reviewed-by: Carlos Amedee -Auto-Submit: Michael Pratt - -CVE: CVE-2025-47912 - -Upstream-Status: Backport [https://github.com/golang/go/commit/d6d2f7bf76718f1db05461cd912ae5e30d7b77ea] - -Signed-off-by: Archana Polampalli ---- - src/go/build/deps_test.go | 9 ++++++--- - src/net/url/url.go | 42 +++++++++++++++++++++++++++++---------- - src/net/url/url_test.go | 39 ++++++++++++++++++++++++++++++++++++ - 3 files changed, 77 insertions(+), 13 deletions(-) - -diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 7ce8d34..9f2663f 100644 ---- a/src/go/build/deps_test.go -+++ b/src/go/build/deps_test.go -@@ -209,7 +209,6 @@ var depsRules = ` - internal/types/errors, - mime/quotedprintable, - net/internal/socktest, -- net/url, - runtime/trace, - text/scanner, - text/tabwriter; -@@ -252,6 +251,12 @@ var depsRules = ` - FMT - < text/template/parse; - -+ internal/bytealg, internal/itoa, math/bits, slices, strconv, unique -+ < net/netip; -+ -+ FMT, net/netip -+ < net/url; -+ - net/url, text/template/parse - < text/template - < internal/lazytemplate; -@@ -367,8 +372,6 @@ var depsRules = ` - internal/godebug - < internal/intern; - -- internal/bytealg, internal/intern, internal/itoa, math/bits, sort, strconv -- < net/netip; - - # net is unavoidable when doing any networking, - # so large dependencies must be kept out. -diff --git a/src/net/url/url.go b/src/net/url/url.go -index f362958..d2ae032 100644 ---- a/src/net/url/url.go -+++ b/src/net/url/url.go -@@ -13,6 +13,7 @@ package url - import ( - "errors" - "fmt" -+ "net/netip" - "path" - "sort" - "strconv" -@@ -621,40 +622,61 @@ func parseAuthority(authority string) (user *Userinfo, host string, err error) { - // parseHost parses host as an authority without user - // information. That is, as host[:port]. - func parseHost(host string) (string, error) { -- if strings.HasPrefix(host, "[") { -+ if openBracketIdx := strings.LastIndex(host, "["); openBracketIdx != -1 { - // Parse an IP-Literal in RFC 3986 and RFC 6874. - // E.g., "[fe80::1]", "[fe80::1%25en0]", "[fe80::1]:80". -- i := strings.LastIndex(host, "]") -- if i < 0 { -+ closeBracketIdx := strings.LastIndex(host, "]") -+ if closeBracketIdx < 0 { - return "", errors.New("missing ']' in host") - } -- colonPort := host[i+1:] -+ -+ colonPort := host[closeBracketIdx+1:] - if !validOptionalPort(colonPort) { - return "", fmt.Errorf("invalid port %q after host", colonPort) - } -+ unescapedColonPort, err := unescape(colonPort, encodeHost) -+ if err != nil { -+ return "", err -+ } - -+ hostname := host[openBracketIdx+1 : closeBracketIdx] -+ var unescapedHostname string - // RFC 6874 defines that %25 (%-encoded percent) introduces - // the zone identifier, and the zone identifier can use basically - // any %-encoding it likes. That's different from the host, which - // can only %-encode non-ASCII bytes. - // We do impose some restrictions on the zone, to avoid stupidity - // like newlines. -- zone := strings.Index(host[:i], "%25") -- if zone >= 0 { -- host1, err := unescape(host[:zone], encodeHost) -+ zoneIdx := strings.Index(hostname, "%25") -+ if zoneIdx >= 0 { -+ hostPart, err := unescape(hostname[:zoneIdx], encodeHost) - if err != nil { - return "", err - } -- host2, err := unescape(host[zone:i], encodeZone) -+ zonePart, err := unescape(hostname[zoneIdx:], encodeZone) - if err != nil { - return "", err - } -- host3, err := unescape(host[i:], encodeHost) -+ unescapedHostname = hostPart + zonePart -+ } else { -+ var err error -+ unescapedHostname, err = unescape(hostname, encodeHost) - if err != nil { - return "", err - } -- return host1 + host2 + host3, nil - } -+ -+ // Per RFC 3986, only a host identified by a valid -+ // IPv6 address can be enclosed by square brackets. -+ // This excludes any IPv4 or IPv4-mapped addresses. -+ addr, err := netip.ParseAddr(unescapedHostname) -+ if err != nil { -+ return "", fmt.Errorf("invalid host: %w", err) -+ } -+ if addr.Is4() || addr.Is4In6() { -+ return "", errors.New("invalid IPv6 host") -+ } -+ return "[" + unescapedHostname + "]" + unescapedColonPort, nil - } else if i := strings.LastIndex(host, ":"); i != -1 { - colonPort := host[i:] - if !validOptionalPort(colonPort) { -diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go -index 4aa20bb..fef236e 100644 ---- a/src/net/url/url_test.go -+++ b/src/net/url/url_test.go -@@ -383,6 +383,16 @@ var urltests = []URLTest{ - }, - "", - }, -+ // valid IPv6 host with port and path -+ { -+ "https://[2001:db8::1]:8443/test/path", -+ &URL{ -+ Scheme: "https", -+ Host: "[2001:db8::1]:8443", -+ Path: "/test/path", -+ }, -+ "", -+ }, - // host subcomponent; IPv6 address with zone identifier in RFC 6874 - { - "http://[fe80::1%25en0]/", // alphanum zone identifier -@@ -707,6 +717,24 @@ var parseRequestURLTests = []struct { - // RFC 6874. - {"http://[fe80::1%en0]/", false}, - {"http://[fe80::1%en0]:8080/", false}, -+ -+ // Tests exercising RFC 3986 compliance -+ {"https://[1:2:3:4:5:6:7:8]", true}, // full IPv6 address -+ {"https://[2001:db8::a:b:c:d]", true}, // compressed IPv6 address -+ {"https://[fe80::1%25eth0]", true}, // link-local address with zone ID (interface name) -+ {"https://[fe80::abc:def%254]", true}, // link-local address with zone ID (interface index) -+ {"https://[2001:db8::1]/path", true}, // compressed IPv6 address with path -+ {"https://[fe80::1%25eth0]/path?query=1", true}, // link-local with zone, path, and query -+ -+ {"https://[::ffff:192.0.2.1]", false}, -+ {"https://[:1] ", false}, -+ {"https://[1:2:3:4:5:6:7:8:9]", false}, -+ {"https://[1::1::1]", false}, -+ {"https://[1:2:3:]", false}, -+ {"https://[ffff::127.0.0.4000]", false}, -+ {"https://[0:0::test.com]:80", false}, -+ {"https://[2001:db8::test.com]", false}, -+ {"https://[test.com]", false}, - } - - func TestParseRequestURI(t *testing.T) { -@@ -1635,6 +1663,17 @@ func TestParseErrors(t *testing.T) { - {"cache_object:foo", true}, - {"cache_object:foo/bar", true}, - {"cache_object/:foo/bar", false}, -+ -+ {"http://[192.168.0.1]/", true}, // IPv4 in brackets -+ {"http://[192.168.0.1]:8080/", true}, // IPv4 in brackets with port -+ {"http://[::ffff:192.168.0.1]/", true}, // IPv4-mapped IPv6 in brackets -+ {"http://[::ffff:192.168.0.1]:8080/", true}, // IPv4-mapped IPv6 in brackets with port -+ {"http://[::ffff:c0a8:1]/", true}, // IPv4-mapped IPv6 in brackets (hex) -+ {"http://[not-an-ip]/", true}, // invalid IP string in brackets -+ {"http://[fe80::1%foo]/", true}, // invalid zone format in brackets -+ {"http://[fe80::1", true}, // missing closing bracket -+ {"http://fe80::1]/", true}, // missing opening bracket -+ {"http://[test.com]/", true}, // domain name in brackets - } - for _, tt := range tests { - u, err := Parse(tt.in) --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58185.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-58185.patch deleted file mode 100644 index 63250614ce..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58185.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1 Mon Sep 17 00:00:00 2001 -From: Nicholas Husin -Date: Wed, 3 Sep 2025 09:30:56 -0400 -Subject: [PATCH] [release-branch.go1.24] encoding/asn1: prevent memory - exhaustion when parsing using internal/saferio - -Within parseSequenceOf, -reflect.MakeSlice is being used to pre-allocate a slice that is needed in -order to fully validate the given DER payload. The size of the slice -allocated are also multiple times larger than the input DER: - -- When using asn1.Unmarshal directly, the allocated slice is ~28x - larger. -- When passing in DER using x509.ParseCertificateRequest, the allocated - slice is ~48x larger. -- When passing in DER using ocsp.ParseResponse, the allocated slice is - ~137x larger. - -As a result, a malicious actor can craft a big empty DER payload, -resulting in an unnecessary large allocation of memories. This can be a -way to cause memory exhaustion. - -To prevent this, we now use SliceCapWithSize within internal/saferio to -enforce a memory allocation cap. - -Thanks to Jakub Ciolek for reporting this issue. - -For #75671 -Fixes #75704 -Fixes CVE-2025-58185 - -Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428 -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2700 -Reviewed-by: Roland Shoemaker -Reviewed-by: Damien Neil -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2984 -Reviewed-by: Nicholas Husin -Reviewed-on: https://go-review.googlesource.com/c/go/+/709841 -Reviewed-by: Carlos Amedee -Auto-Submit: Michael Pratt -TryBot-Bypass: Michael Pratt - -CVE: CVE-2025-58185 - -Upstream-Status: Backport [https://github.com/golang/go/commit/5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1] - -Signed-off-by: Archana Polampalli ---- - src/encoding/asn1/asn1.go | 10 ++++++++- - src/encoding/asn1/asn1_test.go | 38 ++++++++++++++++++++++++++++++++++ - 2 files changed, 47 insertions(+), 1 deletion(-) - -diff --git a/src/encoding/asn1/asn1.go b/src/encoding/asn1/asn1.go -index 781ab87..16c7138 100644 ---- a/src/encoding/asn1/asn1.go -+++ b/src/encoding/asn1/asn1.go -@@ -22,6 +22,7 @@ package asn1 - import ( - "errors" - "fmt" -+ "internal/saferio" - "math" - "math/big" - "reflect" -@@ -643,10 +644,17 @@ func parseSequenceOf(bytes []byte, sliceType reflect.Type, elemType reflect.Type - offset += t.length - numElements++ - } -- ret = reflect.MakeSlice(sliceType, numElements, numElements) -+ elemSize := uint64(elemType.Size()) -+ safeCap := saferio.SliceCapWithSize(elemSize, uint64(numElements)) -+ if safeCap < 0 { -+ err = SyntaxError{fmt.Sprintf("%s slice too big: %d elements of %d bytes", elemType.Kind(), numElements, elemSize)} -+ return -+ } -+ ret = reflect.MakeSlice(sliceType, 0, safeCap) - params := fieldParameters{} - offset := 0 - for i := 0; i < numElements; i++ { -+ ret = reflect.Append(ret, reflect.Zero(elemType)) - offset, err = parseField(ret.Index(i), bytes, offset, params) - if err != nil { - return -diff --git a/src/encoding/asn1/asn1_test.go b/src/encoding/asn1/asn1_test.go -index 9a605e2..249d4e4 100644 ---- a/src/encoding/asn1/asn1_test.go -+++ b/src/encoding/asn1/asn1_test.go -@@ -7,10 +7,12 @@ package asn1 - import ( - "bytes" - "encoding/hex" -+ "errors" - "fmt" - "math" - "math/big" - "reflect" -+ "runtime" - "strings" - "testing" - "time" -@@ -1175,3 +1177,39 @@ func BenchmarkObjectIdentifierString(b *testing.B) { - _ = oidPublicKeyRSA.String() - } - } -+ -+func TestParsingMemoryConsumption(t *testing.T) { -+ // Craft a syntatically valid, but empty, ~10 MB DER bomb. A successful -+ // unmarshal of this bomb should yield ~280 MB. However, the parsing should -+ // fail due to the empty content; and, in such cases, we want to make sure -+ // that we do not unnecessarily allocate memories. -+ derBomb := make([]byte, 10_000_000) -+ for i := range derBomb { -+ derBomb[i] = 0x30 -+ } -+ derBomb = append([]byte{0x30, 0x83, 0x98, 0x96, 0x80}, derBomb...) -+ -+ var m runtime.MemStats -+ runtime.GC() -+ runtime.ReadMemStats(&m) -+ memBefore := m.TotalAlloc -+ -+ var out []struct { -+ Id []int -+ Critical bool `asn1:"optional"` -+ Value []byte -+ } -+ _, err := Unmarshal(derBomb, &out) -+ if !errors.As(err, &SyntaxError{}) { -+ t.Fatalf("Incorrect error result: want (%v), but got (%v) instead", &SyntaxError{}, err) -+ } -+ -+ runtime.ReadMemStats(&m) -+ memDiff := m.TotalAlloc - memBefore -+ -+ // Ensure that the memory allocated does not exceed 10<<21 (~20 MB) when -+ // the parsing fails. -+ if memDiff > 10<<21 { -+ t.Errorf("Too much memory allocated while parsing DER: %v MiB", memDiff/1024/1024) -+ } -+} --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58187.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-58187.patch deleted file mode 100644 index d3b7dd5264..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58187.patch +++ /dev/null @@ -1,349 +0,0 @@ -From f334417e71f8b078ad64035bddb6df7f8910da6c Mon Sep 17 00:00:00 2001 -From: Neal Patel -Date: Mon, 15 Sep 2025 16:31:22 -0400 -Subject: [PATCH] [release-branch.go1.24] crypto/x509: improve domain name - verification - -Don't use domainToReverseLabels to check if domain names are -valid, since it is not particularly performant, and can contribute to DoS -vectors. Instead just iterate over the name and enforce the properties we -care about. - -This also enforces that DNS names, both in SANs and name constraints, -are valid. We previously allowed invalid SANs, because some -intermediates had these weird names (see #23995), but there are -currently no trusted intermediates that have this property, and since we -target the web PKI, supporting this particular case is not a high -priority. - -Thank you to Jakub Ciolek for reporting this issue. - -Fixes CVE-2025-58187 -For #75681 -Fixes #75714 - -Change-Id: I6ebce847dcbe5fc63ef2f9a74f53f11c4c56d3d1 -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2820 -Reviewed-by: Damien Neil -Reviewed-by: Roland Shoemaker -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2982 -Reviewed-by: Nicholas Husin -Reviewed-on: https://go-review.googlesource.com/c/go/+/709839 -Auto-Submit: Michael Pratt -Reviewed-by: Carlos Amedee -TryBot-Bypass: Michael Pratt - -CVE: CVE-2025-58187 - -Upstream-Status: Backport [https://github.com/golang/go/commit/f334417e71f8b078ad64035bddb6df7f8910da6c] - -Signed-off-by: Archana Polampalli ---- - src/crypto/x509/name_constraints_test.go | 66 ++------------------ - src/crypto/x509/parser.go | 77 ++++++++++++++---------- - src/crypto/x509/parser_test.go | 43 +++++++++++++ - src/crypto/x509/verify.go | 1 + - 4 files changed, 95 insertions(+), 92 deletions(-) - -diff --git a/src/crypto/x509/name_constraints_test.go b/src/crypto/x509/name_constraints_test.go -index 78263fc..9aaa6d7 100644 ---- a/src/crypto/x509/name_constraints_test.go -+++ b/src/crypto/x509/name_constraints_test.go -@@ -1456,63 +1456,7 @@ var nameConstraintsTests = []nameConstraintsTest{ - expectedError: "incompatible key usage", - }, - -- // An invalid DNS SAN should be detected only at validation time so -- // that we can process CA certificates in the wild that have invalid SANs. -- // See https://github.com/golang/go/issues/23995 -- -- // #77: an invalid DNS or mail SAN will not be detected if name constraint -- // checking is not triggered. -- { -- roots: make([]constraintsSpec, 1), -- intermediates: [][]constraintsSpec{ -- { -- {}, -- }, -- }, -- leaf: leafSpec{ -- sans: []string{"dns:this is invalid", "email:this @ is invalid"}, -- }, -- }, -- -- // #78: an invalid DNS SAN will be detected if any name constraint checking -- // is triggered. -- { -- roots: []constraintsSpec{ -- { -- bad: []string{"uri:"}, -- }, -- }, -- intermediates: [][]constraintsSpec{ -- { -- {}, -- }, -- }, -- leaf: leafSpec{ -- sans: []string{"dns:this is invalid"}, -- }, -- expectedError: "cannot parse dnsName", -- }, -- -- // #79: an invalid email SAN will be detected if any name constraint -- // checking is triggered. -- { -- roots: []constraintsSpec{ -- { -- bad: []string{"uri:"}, -- }, -- }, -- intermediates: [][]constraintsSpec{ -- { -- {}, -- }, -- }, -- leaf: leafSpec{ -- sans: []string{"email:this @ is invalid"}, -- }, -- expectedError: "cannot parse rfc822Name", -- }, -- -- // #80: if several EKUs are requested, satisfying any of them is sufficient. -+ // #77: if several EKUs are requested, satisfying any of them is sufficient. - { - roots: make([]constraintsSpec, 1), - intermediates: [][]constraintsSpec{ -@@ -1527,7 +1471,7 @@ var nameConstraintsTests = []nameConstraintsTest{ - requestedEKUs: []ExtKeyUsage{ExtKeyUsageClientAuth, ExtKeyUsageEmailProtection}, - }, - -- // #81: EKUs that are not asserted in VerifyOpts are not required to be -+ // #78: EKUs that are not asserted in VerifyOpts are not required to be - // nested. - { - roots: make([]constraintsSpec, 1), -@@ -1546,7 +1490,7 @@ var nameConstraintsTests = []nameConstraintsTest{ - }, - }, - -- // #82: a certificate without SANs and CN is accepted in a constrained chain. -+ // #79: a certificate without SANs and CN is accepted in a constrained chain. - { - roots: []constraintsSpec{ - { -@@ -1563,7 +1507,7 @@ var nameConstraintsTests = []nameConstraintsTest{ - }, - }, - -- // #83: a certificate without SANs and with a CN that does not parse as a -+ // #80: a certificate without SANs and with a CN that does not parse as a - // hostname is accepted in a constrained chain. - { - roots: []constraintsSpec{ -@@ -1582,7 +1526,7 @@ var nameConstraintsTests = []nameConstraintsTest{ - }, - }, - -- // #84: a certificate with SANs and CN is accepted in a constrained chain. -+ // #81: a certificate with SANs and CN is accepted in a constrained chain. - { - roots: []constraintsSpec{ - { -diff --git a/src/crypto/x509/parser.go b/src/crypto/x509/parser.go -index 812b0d2..9a3bcd6 100644 ---- a/src/crypto/x509/parser.go -+++ b/src/crypto/x509/parser.go -@@ -378,10 +378,14 @@ func parseSANExtension(der cryptobyte.String) (dnsNames, emailAddresses []string - if err := isIA5String(email); err != nil { - return errors.New("x509: SAN rfc822Name is malformed") - } -+ parsed, ok := parseRFC2821Mailbox(email) -+ if !ok || (ok && !domainNameValid(parsed.domain, false)) { -+ return errors.New("x509: SAN rfc822Name is malformed") -+ } - emailAddresses = append(emailAddresses, email) - case nameTypeDNS: - name := string(data) -- if err := isIA5String(name); err != nil { -+ if err := isIA5String(name); err != nil || (err == nil && !domainNameValid(name, false)) { - return errors.New("x509: SAN dNSName is malformed") - } - dnsNames = append(dnsNames, string(name)) -@@ -391,14 +395,9 @@ func parseSANExtension(der cryptobyte.String) (dnsNames, emailAddresses []string - return errors.New("x509: SAN uniformResourceIdentifier is malformed") - } - uri, err := url.Parse(uriStr) -- if err != nil { -+ if err != nil || (err == nil && uri.Host != "" && !domainNameValid(uri.Host, false)) { - return fmt.Errorf("x509: cannot parse URI %q: %s", uriStr, err) - } -- if len(uri.Host) > 0 { -- if _, ok := domainToReverseLabels(uri.Host); !ok { -- return fmt.Errorf("x509: cannot parse URI %q: invalid domain", uriStr) -- } -- } - uris = append(uris, uri) - case nameTypeIP: - switch len(data) { -@@ -538,15 +537,7 @@ func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandle - return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error()) - } - -- trimmedDomain := domain -- if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' { -- // constraints can have a leading -- // period to exclude the domain -- // itself, but that's not valid in a -- // normal domain name. -- trimmedDomain = trimmedDomain[1:] -- } -- if _, ok := domainToReverseLabels(trimmedDomain); !ok { -+ if !domainNameValid(domain, true) { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse dnsName constraint %q", domain) - } - dnsNames = append(dnsNames, domain) -@@ -587,12 +578,7 @@ func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandle - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint) - } - } else { -- // Otherwise it's a domain name. -- domain := constraint -- if len(domain) > 0 && domain[0] == '.' { -- domain = domain[1:] -- } -- if _, ok := domainToReverseLabels(domain); !ok { -+ if !domainNameValid(constraint, true) { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint) - } - } -@@ -608,15 +594,7 @@ func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandle - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q: cannot be IP address", domain) - } - -- trimmedDomain := domain -- if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' { -- // constraints can have a leading -- // period to exclude the domain itself, -- // but that's not valid in a normal -- // domain name. -- trimmedDomain = trimmedDomain[1:] -- } -- if _, ok := domainToReverseLabels(trimmedDomain); !ok { -+ if !domainNameValid(domain, true) { - return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q", domain) - } - uriDomains = append(uriDomains, domain) -@@ -1197,3 +1175,40 @@ func ParseRevocationList(der []byte) (*RevocationList, error) { - - return rl, nil - } -+ -+// domainNameValid does minimal domain name validity checking. In particular it -+// enforces the following properties: -+// - names cannot have the trailing period -+// - names can only have a leading period if constraint is true -+// - names must be <= 253 characters -+// - names cannot have empty labels -+// - names cannot labels that are longer than 63 characters -+// -+// Note that this does not enforce the LDH requirements for domain names. -+func domainNameValid(s string, constraint bool) bool { -+ if len(s) == 0 && constraint { -+ return true -+ } -+ if len(s) == 0 || (!constraint && s[0] == '.') || s[len(s)-1] == '.' || len(s) > 253 { -+ return false -+ } -+ lastDot := -1 -+ if constraint && s[0] == '.' { -+ s = s[1:] -+ } -+ -+ for i := 0; i <= len(s); i++ { -+ if i == len(s) || s[i] == '.' { -+ labelLen := i -+ if lastDot >= 0 { -+ labelLen -= lastDot + 1 -+ } -+ if labelLen == 0 || labelLen > 63 { -+ return false -+ } -+ lastDot = i -+ } -+ } -+ -+ return true -+} -diff --git a/src/crypto/x509/parser_test.go b/src/crypto/x509/parser_test.go -index b31f9cd..a6cdfb8 100644 ---- a/src/crypto/x509/parser_test.go -+++ b/src/crypto/x509/parser_test.go -@@ -6,6 +6,7 @@ package x509 - - import ( - "encoding/asn1" -+ "strings" - "testing" - - cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1" -@@ -101,3 +102,45 @@ func TestParseASN1String(t *testing.T) { - }) - } - } -+ -+func TestDomainNameValid(t *testing.T) { -+ for _, tc := range []struct { -+ name string -+ dnsName string -+ constraint bool -+ valid bool -+ }{ -+ {"empty name, name", "", false, false}, -+ {"empty name, constraint", "", true, true}, -+ {"empty label, name", "a..a", false, false}, -+ {"empty label, constraint", "a..a", true, false}, -+ {"period, name", ".", false, false}, -+ {"period, constraint", ".", true, false}, // TODO(roland): not entirely clear if this is a valid constraint (require at least one label?) -+ {"valid, name", "a.b.c", false, true}, -+ {"valid, constraint", "a.b.c", true, true}, -+ {"leading period, name", ".a.b.c", false, false}, -+ {"leading period, constraint", ".a.b.c", true, true}, -+ {"trailing period, name", "a.", false, false}, -+ {"trailing period, constraint", "a.", true, false}, -+ {"bare label, name", "a", false, true}, -+ {"bare label, constraint", "a", true, true}, -+ {"254 char label, name", strings.Repeat("a.a", 84) + "aaa", false, false}, -+ {"254 char label, constraint", strings.Repeat("a.a", 84) + "aaa", true, false}, -+ {"253 char label, name", strings.Repeat("a.a", 84) + "aa", false, false}, -+ {"253 char label, constraint", strings.Repeat("a.a", 84) + "aa", true, false}, -+ {"64 char single label, name", strings.Repeat("a", 64), false, false}, -+ {"64 char single label, constraint", strings.Repeat("a", 64), true, false}, -+ {"63 char single label, name", strings.Repeat("a", 63), false, true}, -+ {"63 char single label, constraint", strings.Repeat("a", 63), true, true}, -+ {"64 char label, name", "a." + strings.Repeat("a", 64), false, false}, -+ {"64 char label, constraint", "a." + strings.Repeat("a", 64), true, false}, -+ {"63 char label, name", "a." + strings.Repeat("a", 63), false, true}, -+ {"63 char label, constraint", "a." + strings.Repeat("a", 63), true, true}, -+ } { -+ t.Run(tc.name, func(t *testing.T) { -+ if tc.valid != domainNameValid(tc.dnsName, tc.constraint) { -+ t.Errorf("domainNameValid(%q, %t) = %v; want %v", tc.dnsName, tc.constraint, !tc.valid, tc.valid) -+ } -+ }) -+ } -+} -diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go -index 2d2a271..4502d4c 100644 ---- a/src/crypto/x509/verify.go -+++ b/src/crypto/x509/verify.go -@@ -360,6 +360,7 @@ func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) { - // domainToReverseLabels converts a textual domain name like foo.example.com to - // the list of labels in reverse order, e.g. ["com", "example", "foo"]. - func domainToReverseLabels(domain string) (reverseLabels []string, ok bool) { -+ reverseLabels = make([]string, 0, strings.Count(domain, ".")+1) - for len(domain) > 0 { - if i := strings.LastIndexByte(domain, '.'); i == -1 { - reverseLabels = append(reverseLabels, domain) --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58188.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-58188.patch deleted file mode 100644 index 5787527414..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58188.patch +++ /dev/null @@ -1,194 +0,0 @@ -From f9f198ab05e3282cbf6b13251d47d9141981e401 Mon Sep 17 00:00:00 2001 -From: Neal Patel -Date: Thu, 11 Sep 2025 16:27:04 -0400 -Subject: [PATCH] [release-branch.go1.24] crypto/x509: mitigate DoS vector when - intermediate certificate contains DSA public key An attacker could craft an - intermediate X.509 certificate containing a DSA public key and can crash a - remote host with an unauthenticated call to any endpoint that verifies the - certificate chain. - -Thank you to Jakub Ciolek for reporting this issue. - -Fixes CVE-2025-58188 -For #75675 -Fixes #75702 - -Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088 -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780 -Reviewed-by: Damien Neil -Reviewed-by: Roland Shoemaker -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2964 -Reviewed-on: https://go-review.googlesource.com/c/go/+/709836 -TryBot-Bypass: Michael Pratt -Reviewed-by: Carlos Amedee -Auto-Submit: Michael Pratt - -CVE: CVE-2025-58188 - -Upstream-Status: Backport [https://github.com/golang/go/commit/f9f198ab05e3282cbf6b13251d47d9141981e401] - -Signed-off-by: Archana Polampalli ---- - src/crypto/x509/verify.go | 5 +- - src/crypto/x509/verify_test.go | 126 +++++++++++++++++++++++++++++++++ - 2 files changed, 130 insertions(+), 1 deletion(-) - -diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go -index 4502d4c..14cd23f 100644 ---- a/src/crypto/x509/verify.go -+++ b/src/crypto/x509/verify.go -@@ -868,7 +868,10 @@ func alreadyInChain(candidate *Certificate, chain []*Certificate) bool { - if !bytes.Equal(candidate.RawSubject, cert.RawSubject) { - continue - } -- if !candidate.PublicKey.(pubKeyEqual).Equal(cert.PublicKey) { -+ // We enforce the canonical encoding of SPKI (by only allowing the -+ // correct AI paremeter encodings in parseCertificate), so it's safe to -+ // directly compare the raw bytes. -+ if !bytes.Equal(candidate.RawSubjectPublicKeyInfo, cert.RawSubjectPublicKeyInfo) { - continue - } - var certSAN *pkix.Extension -diff --git a/src/crypto/x509/verify_test.go b/src/crypto/x509/verify_test.go -index 8a7a5f6..4a7d8da 100644 ---- a/src/crypto/x509/verify_test.go -+++ b/src/crypto/x509/verify_test.go -@@ -6,6 +6,7 @@ package x509 - - import ( - "crypto" -+ "crypto/dsa" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" -@@ -2811,3 +2812,128 @@ func TestVerifyNilPubKey(t *testing.T) { - t.Fatalf("buildChains returned unexpected error, got: %v, want %v", err, UnknownAuthorityError{}) - } - } -+func TestCertificateChainSignedByECDSA(t *testing.T) { -+ caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) -+ if err != nil { -+ t.Fatal(err) -+ } -+ root := &Certificate{ -+ SerialNumber: big.NewInt(1), -+ Subject: pkix.Name{CommonName: "X"}, -+ NotBefore: time.Now().Add(-time.Hour), -+ NotAfter: time.Now().Add(365 * 24 * time.Hour), -+ IsCA: true, -+ KeyUsage: KeyUsageCertSign | KeyUsageCRLSign, -+ BasicConstraintsValid: true, -+ } -+ caDER, err := CreateCertificate(rand.Reader, root, root, &caKey.PublicKey, caKey) -+ if err != nil { -+ t.Fatal(err) -+ } -+ root, err = ParseCertificate(caDER) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) -+ leaf := &Certificate{ -+ SerialNumber: big.NewInt(42), -+ Subject: pkix.Name{CommonName: "leaf"}, -+ NotBefore: time.Now().Add(-10 * time.Minute), -+ NotAfter: time.Now().Add(24 * time.Hour), -+ KeyUsage: KeyUsageDigitalSignature, -+ ExtKeyUsage: []ExtKeyUsage{ExtKeyUsageServerAuth}, -+ BasicConstraintsValid: true, -+ } -+ leafDER, err := CreateCertificate(rand.Reader, leaf, root, &leafKey.PublicKey, caKey) -+ if err != nil { -+ t.Fatal(err) -+ } -+ leaf, err = ParseCertificate(leafDER) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ inter, err := ParseCertificate(dsaSelfSignedCNX(t)) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ inters := NewCertPool() -+ inters.AddCert(root) -+ inters.AddCert(inter) -+ -+ wantErr := "certificate signed by unknown authority" -+ _, err = leaf.Verify(VerifyOptions{Intermediates: inters, Roots: NewCertPool()}) -+ if !strings.Contains(err.Error(), wantErr) { -+ t.Errorf("got %v, want %q", err, wantErr) -+ } -+} -+ -+// dsaSelfSignedCNX produces DER-encoded -+// certificate with the properties: -+// -+// Subject=Issuer=CN=X -+// DSA SPKI -+// Matching inner/outer signature OIDs -+// Dummy ECDSA signature -+func dsaSelfSignedCNX(t *testing.T) []byte { -+ t.Helper() -+ var params dsa.Parameters -+ if err := dsa.GenerateParameters(¶ms, rand.Reader, dsa.L1024N160); err != nil { -+ t.Fatal(err) -+ } -+ -+ var dsaPriv dsa.PrivateKey -+ dsaPriv.Parameters = params -+ if err := dsa.GenerateKey(&dsaPriv, rand.Reader); err != nil { -+ t.Fatal(err) -+ } -+ dsaPub := &dsaPriv.PublicKey -+ -+ type dsaParams struct{ P, Q, G *big.Int } -+ paramDER, err := asn1.Marshal(dsaParams{dsaPub.P, dsaPub.Q, dsaPub.G}) -+ if err != nil { -+ t.Fatal(err) -+ } -+ yDER, err := asn1.Marshal(dsaPub.Y) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ spki := publicKeyInfo{ -+ Algorithm: pkix.AlgorithmIdentifier{ -+ Algorithm: oidPublicKeyDSA, -+ Parameters: asn1.RawValue{FullBytes: paramDER}, -+ }, -+ PublicKey: asn1.BitString{Bytes: yDER, BitLength: 8 * len(yDER)}, -+ } -+ -+ rdn := pkix.Name{CommonName: "X"}.ToRDNSequence() -+ b, err := asn1.Marshal(rdn) -+ if err != nil { -+ t.Fatal(err) -+ } -+ rawName := asn1.RawValue{FullBytes: b} -+ -+ algoIdent := pkix.AlgorithmIdentifier{Algorithm: oidSignatureDSAWithSHA256} -+ tbs := tbsCertificate{ -+ Version: 0, -+ SerialNumber: big.NewInt(1002), -+ SignatureAlgorithm: algoIdent, -+ Issuer: rawName, -+ Validity: validity{NotBefore: time.Now().Add(-time.Hour), NotAfter: time.Now().Add(24 * time.Hour)}, -+ Subject: rawName, -+ PublicKey: spki, -+ } -+ c := certificate{ -+ TBSCertificate: tbs, -+ SignatureAlgorithm: algoIdent, -+ SignatureValue: asn1.BitString{Bytes: []byte{0}, BitLength: 8}, -+ } -+ dsaDER, err := asn1.Marshal(c) -+ if err != nil { -+ t.Fatal(err) -+ } -+ return dsaDER -+} --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58189.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-58189.patch deleted file mode 100644 index 4908cf6400..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-58189.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 2e1e356e33b9c792a9643749a7626a1789197bb9 Mon Sep 17 00:00:00 2001 -From: Roland Shoemaker -Date: Mon, 29 Sep 2025 10:11:56 -0700 -Subject: [PATCH] crypto/tls: quote protocols in ALPN error message - -Quote the protocols sent by the client when returning the ALPN -negotiation error message. - -Fixes CVE-2025-58189 -Updates #75652 -Fixes #75660 - -Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330 -Reviewed-on: https://go-review.googlesource.com/c/go/+/707776 -Auto-Submit: Roland Shoemaker -Reviewed-by: Neal Patel -Reviewed-by: Nicholas Husin -Auto-Submit: Nicholas Husin -Reviewed-by: Nicholas Husin -TryBot-Bypass: Roland Shoemaker -Reviewed-by: Daniel McCarney -(cherry picked from commit 4e9006a716533fe1c7ee08df02dfc73078f7dc19) -Reviewed-on: https://go-review.googlesource.com/c/go/+/708096 -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Carlos Amedee - -CVE: CVE-2025-58189 - -Upstream-Status: Backport [https://github.com/golang/go/commit/2e1e356e33b9c792a9643749a7626a1789197bb9] - -Signed-off-by: Archana Polampalli ---- - src/crypto/tls/handshake_server.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go -index 4e84aa9..17b6891 100644 ---- a/src/crypto/tls/handshake_server.go -+++ b/src/crypto/tls/handshake_server.go -@@ -312,7 +312,7 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro - if http11fallback { - return "", nil - } -- return "", fmt.Errorf("tls: client requested unsupported application protocols (%s)", clientProtos) -+ return "", fmt.Errorf("tls: client requested unsupported application protocols (%q)", clientProtos) - } - - // supportsECDHE returns whether ECDHE key exchanges can be used with this --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-61723.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-61723.patch deleted file mode 100644 index b1664e701d..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-61723.patch +++ /dev/null @@ -1,223 +0,0 @@ -From 74d4d836b91318a8764b94bc2b4b66ff599eb5f2 Mon Sep 17 00:00:00 2001 -From: Roland Shoemaker -Date: Tue, 30 Sep 2025 11:16:56 -0700 -Subject: [PATCH] encoding/pem: make Decode complexity linear - -Because Decode scanned the input first for the first BEGIN line, and -then the first END line, the complexity of Decode is quadratic. If the -input contained a large number of BEGINs and then a single END right at -the end of the input, we would find the first BEGIN, and then scan the -entire input for the END, and fail to parse the block, so move onto the -next BEGIN, scan the entire input for the END, etc. - -Instead, look for the first END in the input, and then the first BEGIN -that precedes the found END. We then process the bytes between the BEGIN -and END, and move onto the bytes after the END for further processing. -This gives us linear complexity. - -Fixes CVE-2025-61723 -For #75676 -Fixes #75708 - -Change-Id: I813c4f63e78bca4054226c53e13865c781564ccf -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2921 -Reviewed-by: Nicholas Husin -Reviewed-by: Damien Neil -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2986 -Reviewed-on: https://go-review.googlesource.com/c/go/+/709842 -TryBot-Bypass: Michael Pratt -Auto-Submit: Michael Pratt -Reviewed-by: Carlos Amedee - -CVE: CVE-2025-61723 - -Upstream-Status: Backport [https://github.com/golang/go/commit/74d4d836b91318a8764b94bc2b4b66ff599eb5f2] - -Signed-off-by: Archana Polampalli ---- - src/encoding/pem/pem.go | 67 ++++++++++++++++++++---------------- - src/encoding/pem/pem_test.go | 13 +++---- - 2 files changed, 44 insertions(+), 36 deletions(-) - -diff --git a/src/encoding/pem/pem.go b/src/encoding/pem/pem.go -index 4b4f749..d365012 100644 ---- a/src/encoding/pem/pem.go -+++ b/src/encoding/pem/pem.go -@@ -37,7 +37,7 @@ type Block struct { - // line bytes. The remainder of the byte array (also not including the new line - // bytes) is also returned and this will always be smaller than the original - // argument. --func getLine(data []byte) (line, rest []byte) { -+func getLine(data []byte) (line, rest []byte, consumed int) { - i := bytes.IndexByte(data, '\n') - var j int - if i < 0 { -@@ -49,7 +49,7 @@ func getLine(data []byte) (line, rest []byte) { - i-- - } - } -- return bytes.TrimRight(data[0:i], " \t"), data[j:] -+ return bytes.TrimRight(data[0:i], " \t"), data[j:], j - } - - // removeSpacesAndTabs returns a copy of its input with all spaces and tabs -@@ -90,20 +90,32 @@ func Decode(data []byte) (p *Block, rest []byte) { - // pemStart begins with a newline. However, at the very beginning of - // the byte array, we'll accept the start string without it. - rest = data -+ - for { -- if bytes.HasPrefix(rest, pemStart[1:]) { -- rest = rest[len(pemStart)-1:] -- } else if _, after, ok := bytes.Cut(rest, pemStart); ok { -- rest = after -- } else { -+ // Find the first END line, and then find the last BEGIN line before -+ // the end line. This lets us skip any repeated BEGIN lines that don't -+ // have a matching END. -+ endIndex := bytes.Index(rest, pemEnd) -+ if endIndex < 0 { -+ return nil, data -+ } -+ endTrailerIndex := endIndex + len(pemEnd) -+ beginIndex := bytes.LastIndex(rest[:endIndex], pemStart[1:]) -+ if beginIndex < 0 || beginIndex > 0 && rest[beginIndex-1] != '\n' { - return nil, data - } -+ rest = rest[beginIndex+len(pemStart)-1:] -+ endIndex -= beginIndex + len(pemStart) - 1 -+ endTrailerIndex -= beginIndex + len(pemStart) - 1 - - var typeLine []byte -- typeLine, rest = getLine(rest) -+ var consumed int -+ typeLine, rest, consumed = getLine(rest) - if !bytes.HasSuffix(typeLine, pemEndOfLine) { - continue - } -+ endIndex -= consumed -+ endTrailerIndex -= consumed - typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)] - - p = &Block{ -@@ -117,7 +129,7 @@ func Decode(data []byte) (p *Block, rest []byte) { - if len(rest) == 0 { - return nil, data - } -- line, next := getLine(rest) -+ line, next, consumed := getLine(rest) - - key, val, ok := bytes.Cut(line, colon) - if !ok { -@@ -129,21 +141,13 @@ func Decode(data []byte) (p *Block, rest []byte) { - val = bytes.TrimSpace(val) - p.Headers[string(key)] = string(val) - rest = next -+ endIndex -= consumed -+ endTrailerIndex -= consumed - } - -- var endIndex, endTrailerIndex int -- -- // If there were no headers, the END line might occur -- // immediately, without a leading newline. -- if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) { -- endIndex = 0 -- endTrailerIndex = len(pemEnd) - 1 -- } else { -- endIndex = bytes.Index(rest, pemEnd) -- endTrailerIndex = endIndex + len(pemEnd) -- } -- -- if endIndex < 0 { -+ // If there were headers, there must be a newline between the headers -+ // and the END line, so endIndex should be >= 0. -+ if len(p.Headers) > 0 && endIndex < 0 { - continue - } - -@@ -163,21 +167,24 @@ func Decode(data []byte) (p *Block, rest []byte) { - } - - // The line must end with only whitespace. -- if s, _ := getLine(restOfEndLine); len(s) != 0 { -+ if s, _, _ := getLine(restOfEndLine); len(s) != 0 { - continue - } - -- base64Data := removeSpacesAndTabs(rest[:endIndex]) -- p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data))) -- n, err := base64.StdEncoding.Decode(p.Bytes, base64Data) -- if err != nil { -- continue -+ p.Bytes = []byte{} -+ if endIndex > 0 { -+ base64Data := removeSpacesAndTabs(rest[:endIndex]) -+ p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data))) -+ n, err := base64.StdEncoding.Decode(p.Bytes, base64Data) -+ if err != nil { -+ continue -+ } -+ p.Bytes = p.Bytes[:n] - } -- p.Bytes = p.Bytes[:n] - - // the -1 is because we might have only matched pemEnd without the - // leading newline if the PEM block was empty. -- _, rest = getLine(rest[endIndex+len(pemEnd)-1:]) -+ _, rest, _ = getLine(rest[endIndex+len(pemEnd)-1:]) - return p, rest - } - } -diff --git a/src/encoding/pem/pem_test.go b/src/encoding/pem/pem_test.go -index 56a7754..7025277 100644 ---- a/src/encoding/pem/pem_test.go -+++ b/src/encoding/pem/pem_test.go -@@ -34,7 +34,7 @@ var getLineTests = []GetLineTest{ - - func TestGetLine(t *testing.T) { - for i, test := range getLineTests { -- x, y := getLine([]byte(test.in)) -+ x, y, _ := getLine([]byte(test.in)) - if string(x) != test.out1 || string(y) != test.out2 { - t.Errorf("#%d got:%+v,%+v want:%s,%s", i, x, y, test.out1, test.out2) - } -@@ -46,6 +46,7 @@ func TestDecode(t *testing.T) { - if !reflect.DeepEqual(result, certificate) { - t.Errorf("#0 got:%#v want:%#v", result, certificate) - } -+ - result, remainder = Decode(remainder) - if !reflect.DeepEqual(result, privateKey) { - t.Errorf("#1 got:%#v want:%#v", result, privateKey) -@@ -68,7 +69,7 @@ func TestDecode(t *testing.T) { - } - - result, remainder = Decode(remainder) -- if result == nil || result.Type != "HEADERS" || len(result.Headers) != 1 { -+ if result == nil || result.Type != "VALID HEADERS" || len(result.Headers) != 1 { - t.Errorf("#5 expected single header block but got :%v", result) - } - -@@ -381,15 +382,15 @@ ZWAaUoVtWIQ52aKS0p19G99hhb+IVANC4akkdHV4SP8i7MVNZhfUmg== - - # This shouldn't be recognised because of the missing newline after the - headers. -------BEGIN HEADERS----- -+-----BEGIN INVALID HEADERS----- - Header: 1 -------END HEADERS----- -+-----END INVALID HEADERS----- - - # This should be valid, however. -------BEGIN HEADERS----- -+-----BEGIN VALID HEADERS----- - Header: 1 - -------END HEADERS-----`) -+-----END VALID HEADERS-----`) - - var certificate = &Block{Type: "CERTIFICATE", - Headers: map[string]string{}, --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go/CVE-2025-61724.patch b/meta-balena-common/recipes-devtools/go/go/CVE-2025-61724.patch deleted file mode 100644 index a91c24508e..0000000000 --- a/meta-balena-common/recipes-devtools/go/go/CVE-2025-61724.patch +++ /dev/null @@ -1,75 +0,0 @@ -From a402f4ad285514f5f3db90516d72047d591b307a Mon Sep 17 00:00:00 2001 -From: Damien Neil -Date: Tue, 30 Sep 2025 15:11:16 -0700 -Subject: [PATCH] net/textproto: avoid quadratic complexity in - Reader.ReadResponse - -Reader.ReadResponse constructed a response string from repeated -string concatenation, permitting a malicious sender to cause excessive -memory allocation and CPU consumption by sending a response consisting -of many short lines. - -Use a strings.Builder to construct the string instead. - -Thanks to Jakub Ciolek for reporting this issue. - -Fixes CVE-2025-61724 -For #75716 -Fixes #75717 - -Change-Id: I1a98ce85a21b830cb25799f9ac9333a67400d736 -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2940 -Reviewed-by: Roland Shoemaker -Reviewed-by: Nicholas Husin -Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2980 -Reviewed-by: Damien Neil -Reviewed-on: https://go-review.googlesource.com/c/go/+/709837 -Reviewed-by: Carlos Amedee -TryBot-Bypass: Michael Pratt -Auto-Submit: Michael Pratt - -CVE: CVE-2025-61724 - -Upstream-Status: Backport [https://github.com/golang/go/commit/a402f4ad285514f5f3db90516d72047d591b307a] - -Signed-off-by: Archana Polampalli ---- - src/net/textproto/reader.go | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go -index 7930211..0027efe 100644 ---- a/src/net/textproto/reader.go -+++ b/src/net/textproto/reader.go -@@ -283,8 +283,10 @@ func (r *Reader) ReadCodeLine(expectCode int) (code int, message string, err err - // - // An expectCode <= 0 disables the check of the status code. - func (r *Reader) ReadResponse(expectCode int) (code int, message string, err error) { -- code, continued, message, err := r.readCodeLine(expectCode) -+ code, continued, first, err := r.readCodeLine(expectCode) - multi := continued -+ var messageBuilder strings.Builder -+ messageBuilder.WriteString(first) - for continued { - line, err := r.ReadLine() - if err != nil { -@@ -295,12 +297,15 @@ func (r *Reader) ReadResponse(expectCode int) (code int, message string, err err - var moreMessage string - code2, continued, moreMessage, err = parseCodeLine(line, 0) - if err != nil || code2 != code { -- message += "\n" + strings.TrimRight(line, "\r\n") -+ messageBuilder.WriteByte('\n') -+ messageBuilder.WriteString(strings.TrimRight(line, "\r\n")) - continued = true - continue - } -- message += "\n" + moreMessage -+ messageBuilder.WriteByte('\n') -+ messageBuilder.WriteString(moreMessage) - } -+ message = messageBuilder.String() - if err != nil && multi && message != "" { - // replace one line error message with all lines (full message) - err = &Error{code, message} --- -2.40.0 diff --git a/meta-balena-common/recipes-devtools/go/go_1.22.12.bb b/meta-balena-common/recipes-devtools/go/go_1.26.1.bb similarity index 100% rename from meta-balena-common/recipes-devtools/go/go_1.22.12.bb rename to meta-balena-common/recipes-devtools/go/go_1.26.1.bb diff --git a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0001-configure-Dont-t-check-for-gnu-efi.patch b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0001-configure-Dont-t-check-for-gnu-efi.patch index 7ebff80cdd..871a2105d9 100644 --- a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0001-configure-Dont-t-check-for-gnu-efi.patch +++ b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0001-configure-Dont-t-check-for-gnu-efi.patch @@ -8,6 +8,7 @@ the configure fail. We explictly include the paths in our .bb recipe, so let's get rid of the check +Upstream-Status: Inappropriate [configuration] Signed-off-by: Ilias Apalodimas --- configure.ac | 15 +++++++-------- diff --git a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0002-docs-Don-t-build-man-pages.patch b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0002-docs-Don-t-build-man-pages.patch index df6abbc27b..6667aea93d 100644 --- a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0002-docs-Don-t-build-man-pages.patch +++ b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0002-docs-Don-t-build-man-pages.patch @@ -5,6 +5,7 @@ Subject: [PATCH 2/3] docs: Don't build man pages Man pages not needed on embedded targets +Upstream-Status: Inappropriate [configuration] Signed-off-by: Ilias Apalodimas --- docs/Makefile.am | 5 ----- diff --git a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0003-sbsign-add-x-option-to-avoid-overwrite-existing-sign.patch b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0003-sbsign-add-x-option-to-avoid-overwrite-existing-sign.patch index 7d35805f49..480091b79b 100644 --- a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0003-sbsign-add-x-option-to-avoid-overwrite-existing-sign.patch +++ b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool/0003-sbsign-add-x-option-to-avoid-overwrite-existing-sign.patch @@ -4,6 +4,7 @@ Date: Wed, 10 Mar 2021 15:53:21 +0200 Subject: [PATCH 3/3] sbsign: add -x option to avoid overwrite existing signature +Upstream-Status: Inappropriate [configuration] Signed-off-by: Lans Zhang Signed-off-by: Ilias Apalodimas --- diff --git a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool_git.bb b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool_git.bb index 0d608d278e..cb055cf571 100644 --- a/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool_git.bb +++ b/meta-balena-common/recipes-devtools/sbsigntool/sbsigntool_git.bb @@ -1,6 +1,6 @@ SUMMARY = "Utilities for signing UEFI binaries for use with secure boot" -LICENSE = "GPLv3" +LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "\ file://LICENSE.GPLv3;md5=9eef91148a9b14ec7f9df333daebc746 \ @@ -11,15 +11,15 @@ DEPENDS += "binutils openssl gnu-efi gnu-efi-native util-linux" DEPENDS += "binutils-native help2man-native coreutils-native openssl-native util-linux-native" SRC_URI = " \ - git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git;protocol=https;name=sbsigntools;branch=master \ + git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git;protocol=https;name=sbsigntools;branch=master;destsuffix=git \ git://github.com/rustyrussell/ccan.git;protocol=https;destsuffix=git/lib/ccan.git;name=ccan;branch=master \ - file://0001-configure-Dont-t-check-for-gnu-efi.patch \ - file://0002-docs-Don-t-build-man-pages.patch \ - file://0003-sbsign-add-x-option-to-avoid-overwrite-existing-sign.patch \ - file://0001-src-Makefile.am-Add-read_write_all.c-to-common_SOURC.patch \ - file://0001-fileio.c-initialize-local-variables-before-use-in-fu.patch \ - file://0001-Makefile.am-do-not-use-Werror.patch \ - file://0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch \ + file://0001-configure-Dont-t-check-for-gnu-efi.patch;striplevel=1 \ + file://0002-docs-Don-t-build-man-pages.patch;striplevel=1 \ + file://0003-sbsign-add-x-option-to-avoid-overwrite-existing-sign.patch;striplevel=1 \ + file://0001-src-Makefile.am-Add-read_write_all.c-to-common_SOURC.patch;striplevel=1 \ + file://0001-fileio.c-initialize-local-variables-before-use-in-fu.patch;striplevel=1 \ + file://0001-Makefile.am-do-not-use-Werror.patch;striplevel=1 \ + file://0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch;striplevel=1 \ " SRCREV_sbsigntools ?= "f12484869c9590682ac3253d583bf59b890bb826" SRCREV_ccan ?= "b1f28e17227f2320d07fe052a8a48942fe17caa5" @@ -27,7 +27,7 @@ SRCREV_FORMAT = "sbsigntools_ccan" PV = "0.9.4-git${SRCPV}" -S = "${WORKDIR}/git" +S = "${@d.getVar('UNPACKDIR') or d.getVar('WORKDIR')}/git" inherit autotools-brokensep pkgconfig @@ -57,31 +57,37 @@ EXTRA_OEMAKE += "\ -I${STAGING_INCDIR}/efi/${@efi_arch(d)}' \ " -do_configure:prepend() { - cd ${S} - - if [ ! -e lib/ccan ]; then +DEPENDS:append = " qemu-native" - # Use empty SCOREDIR because 'make scores' is not run. - # The default setting depends on (non-whitelisted) host tools. - sed -i -e 's#^\(SCOREDIR=\).*#\1#' lib/ccan.git/Makefile - - TMPDIR=lib lib/ccan.git/tools/create-ccan-tree \ - --build-type=automake lib/ccan \ +do_configure:prepend() { + # 1. Point QEMU to the target sysroot so it finds /lib/ld-linux-aarch64.so.1 + export QEMU_LD_PREFIX="${STAGING_DIR_TARGET}" + + # 2. Add the recipe-sysroot to the library path for the native probes + export LD_LIBRARY_PATH="${STAGING_DIR_TARGET}${libdir}:${STAGING_DIR_TARGET}${base_libdir}:${LD_LIBRARY_PATH}" + + if [ ! -e ${S}/lib/ccan ]; then + # Build the configurator natively + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} \ + ${S}/lib/ccan.git/tools/configurator/configurator.c \ + -o ${S}/lib/ccan.git/tools/configurator/configurator + + # Run the configurator. + # It will now use qemu-aarch64 (which Bitbake provides) + # and find the libraries thanks to QEMU_LD_PREFIX. + ${S}/lib/ccan.git/tools/configurator/configurator ${TARGET_PREFIX}gcc \ + ${TARGET_CC_ARCH} --sysroot=${STAGING_DIR_TARGET} \ + > ${S}/lib/ccan.git/config.h + + # Create the CCAN tree + TMPDIR=${S}/lib ${S}/lib/ccan.git/tools/create-ccan-tree \ + --build-type=automake ${S}/lib/ccan \ talloc read_write_all build_assert array_size endian fi - # Create generatable docs from git - ( - echo "Authors of sbsigntool:" - echo - git log --format='%an' | sort -u | sed 's,^,\t,' - ) > AUTHORS - - # Generate simple ChangeLog - git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog - - cd ${B} + # Metadata generation + git log --format='%an' | sort -u | sed 's,^,\t,' > ${S}/AUTHORS + git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ${S}/ChangeLog } BBCLASSEXTEND = "native nativesdk" diff --git a/meta-balena-common/recipes-kernel/linux/kernel-headers-test.bb b/meta-balena-common/recipes-kernel/linux/kernel-headers-test.bb index eda6a2c13b..44acabff6b 100644 --- a/meta-balena-common/recipes-kernel/linux/kernel-headers-test.bb +++ b/meta-balena-common/recipes-kernel/linux/kernel-headers-test.bb @@ -33,8 +33,8 @@ do_compile() { rm -rf ${B}/work mkdir -p ${B}/work cp ${DEPLOY_DIR_IMAGE}/kernel_modules_headers.tar.gz ${B}/work - cp "${WORKDIR}"/Dockerfile ${B}/work/ - cp -r "${WORKDIR}"/example_module ${B}/work/ + cp "${UNPACKDIR}"/Dockerfile ${B}/work/ + cp -r "${UNPACKDIR}"/example_module ${B}/work/ IMAGETAG="${PN}:$(date +%s)" DOCKER_API_VERSION=${BALENA_API_VERSION} docker build --tag ${IMAGETAG} --build-arg kernel_arch=${ARCH} --build-arg cross_compile_prefix=${DEBIAN_TUPLE} ${B}/work diff --git a/meta-balena-common/recipes-support/balena-config-vars/balena-config-vars.bb b/meta-balena-common/recipes-support/balena-config-vars/balena-config-vars.bb index de77f574e2..e96e51fbbc 100644 --- a/meta-balena-common/recipes-support/balena-config-vars/balena-config-vars.bb +++ b/meta-balena-common/recipes-support/balena-config-vars/balena-config-vars.bb @@ -14,7 +14,6 @@ SRC_URI = " \ file://os-sshkeys \ file://os-sshkeys.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -45,24 +44,24 @@ SYSTEMD_SERVICE:${PN} = " \ do_install() { root_bindmount_name=$(echo "${ROOT_HOME}" | sed 's|/|-|g') install -d ${D}${sbindir} - install -m 0755 ${WORKDIR}/balena-config-vars ${D}${sbindir}/ - install -m 0755 ${WORKDIR}/balena-config-defaults ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/balena-config-vars ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/balena-config-defaults ${D}${sbindir}/ sed -i -e 's:@@BALENA_NONENC_BOOT_MOUNT@@:${BALENA_NONENC_BOOT_MOUNT}:g' ${D}${sbindir}/balena-config-defaults sed -i -e 's:@@BALENA_NONENC_BOOT_LABEL@@:${BALENA_NONENC_BOOT_LABEL}:g' ${D}${sbindir}/balena-config-defaults sed -i -e 's:@@BALENA_BOOT_MOUNT@@:${BALENA_BOOT_MOUNT}:g' ${D}${sbindir}/balena-config-defaults sed -i -e 's:@@BALENA_BOOT_LABEL@@:${BALENA_BOOT_LABEL}:g' ${D}${sbindir}/balena-config-defaults - install -m 0755 ${WORKDIR}/os-networkmanager ${D}${sbindir}/ - install -m 0755 ${WORKDIR}/os-udevrules ${D}${sbindir}/ - install -m 0755 ${WORKDIR}/os-sshkeys ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/os-networkmanager ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/os-udevrules ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/os-sshkeys ${D}${sbindir}/ sed -i -e "s,@ROOT_HOME@,${ROOT_HOME},g" ${D}${sbindir}/os-sshkeys if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/config-json.path ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/config-json.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/os-networkmanager.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/os-udevrules.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/os-sshkeys.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/config-json.path ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/config-json.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/os-networkmanager.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/os-udevrules.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/os-sshkeys.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/balena-data-reset/balena-data-reset.bb b/meta-balena-common/recipes-support/balena-data-reset/balena-data-reset.bb index 94861420b4..87d26a61f4 100644 --- a/meta-balena-common/recipes-support/balena-data-reset/balena-data-reset.bb +++ b/meta-balena-common/recipes-support/balena-data-reset/balena-data-reset.bb @@ -6,7 +6,6 @@ SRC_URI = " \ file://balena-data-reset \ file://balena-data-reset.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -26,7 +25,7 @@ BALENA_DATA_MOUNT_POINT = "/mnt/data" do_install() { install -d ${D}${bindir}/ - install -m 0755 ${WORKDIR}/balena-data-reset ${D}${bindir}/ + install -m 0755 ${UNPACKDIR}/balena-data-reset ${D}${bindir}/ sed -i -e 's,@BALENA_DATA_MP@,${BALENA_DATA_MOUNT_POINT},g' \ ${D}${bindir}/balena-data-reset @@ -34,7 +33,7 @@ do_install() { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/balena-data-reset.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/balena-data-reset.service ${D}${systemd_unitdir}/system/ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ diff --git a/meta-balena-common/recipes-support/balena-hostname/balena-hostname.bb b/meta-balena-common/recipes-support/balena-hostname/balena-hostname.bb index dfdc3a3c7e..fe484b32f2 100644 --- a/meta-balena-common/recipes-support/balena-hostname/balena-hostname.bb +++ b/meta-balena-common/recipes-support/balena-hostname/balena-hostname.bb @@ -6,7 +6,6 @@ SRC_URI = " \ file://balena-hostname \ file://balena-hostname.service \ " -S = "${WORKDIR}" inherit allarch systemd balena-configurable @@ -20,11 +19,11 @@ RDEPENDS:${PN} = " \ do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/balena-hostname ${D}${bindir} + install -m 0775 ${UNPACKDIR}/balena-hostname ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-hostname.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-hostname.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/balena-info/balena-info.bb b/meta-balena-common/recipes-support/balena-info/balena-info.bb index 64d6bf2966..39122d8676 100644 --- a/meta-balena-common/recipes-support/balena-info/balena-info.bb +++ b/meta-balena-common/recipes-support/balena-info/balena-info.bb @@ -8,7 +8,6 @@ SRC_URI = " \ file://balena-info \ file://balena-info@.service \ " -S = "${WORKDIR}" inherit allarch @@ -23,12 +22,12 @@ do_build[noexec] = "1" do_install() { install -d ${D}${sbindir}/ - install -m 0755 ${WORKDIR}/balena-info ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/balena-info ${D}${sbindir}/ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/balena-info@.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/balena-info@.service ${D}${systemd_unitdir}/system/ # Enable services for ttydev in ${TTYS}; do diff --git a/meta-balena-common/recipes-support/balena-persistent-logs/balena-persistent-logs.bb b/meta-balena-common/recipes-support/balena-persistent-logs/balena-persistent-logs.bb index c7fbd4c1a6..ce60e4ee4c 100644 --- a/meta-balena-common/recipes-support/balena-persistent-logs/balena-persistent-logs.bb +++ b/meta-balena-common/recipes-support/balena-persistent-logs/balena-persistent-logs.bb @@ -6,7 +6,6 @@ SRC_URI = " \ file://balena-persistent-logs \ file://balena-persistent-logs.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -14,11 +13,11 @@ SYSTEMD_SERVICE:${PN} = "balena-persistent-logs.service" do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/balena-persistent-logs ${D}${bindir} + install -m 0775 ${UNPACKDIR}/balena-persistent-logs ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-persistent-logs.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-persistent-logs.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/balena-unique-key/balena-unique-key.bb b/meta-balena-common/recipes-support/balena-unique-key/balena-unique-key.bb index 5619421e64..94917c89db 100644 --- a/meta-balena-common/recipes-support/balena-unique-key/balena-unique-key.bb +++ b/meta-balena-common/recipes-support/balena-unique-key/balena-unique-key.bb @@ -7,7 +7,6 @@ SRC_URI = " \ file://balena-unique-key \ file://balena-device-uuid.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -36,11 +35,11 @@ do_install() { chmod 0600 ${D}/${ROOT_HOME}/.rnd install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/balena-unique-key ${D}${bindir} + install -m 0775 ${UNPACKDIR}/balena-unique-key ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/balena-device-uuid.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/balena-device-uuid.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/balena-units-conf/balena-units-conf.bb b/meta-balena-common/recipes-support/balena-units-conf/balena-units-conf.bb index a930f9fbdb..c5074d0594 100644 --- a/meta-balena-common/recipes-support/balena-units-conf/balena-units-conf.bb +++ b/meta-balena-common/recipes-support/balena-units-conf/balena-units-conf.bb @@ -19,8 +19,6 @@ SRC_URI = " \ file://gen-conf-unit \ " -S = "${WORKDIR}" - inherit allarch do_patch[noexec] = "1" @@ -39,16 +37,16 @@ do_test() { JQ="${STAGING_BINDIR_NATIVE}/jq" # Test parsing into configuration units JQ="${JQ}" \ - CONF_DIR=${WORKDIR}/tmp \ - CONFIG_PATH=${WORKDIR}/test-input.json \ - CACHED_CONFIG_PATH=${WORKDIR}/tmp/test-cache.json \ - UNITS_DIR=${WORKDIR}/tmp\ + CONF_DIR=${UNPACKDIR}/tmp \ + CONFIG_PATH=${UNPACKDIR}/test-input.json \ + CACHED_CONFIG_PATH=${UNPACKDIR}/tmp/test-cache.json \ + UNITS_DIR=${UNPACKDIR}/tmp\ STAGING_DIR=${STAGING_DIR_NATIVE} \ - /bin/sh "${WORKDIR}/os-config-json" + /bin/sh "${UNPACKDIR}/os-config-json" for i in 1 2 3 4 5; do - if [ -f "${WORKDIR}/tmp/unit$i.json" ]; then - cksum1=$(md5sum "${WORKDIR}/tmp/unit$i.json" | cut -d " " -f1) - cksum2=$(md5sum "${WORKDIR}/test-output$i.json" | cut -d " " -f1) + if [ -f "${UNPACKDIR}/tmp/unit$i.json" ]; then + cksum1=$(md5sum "${UNPACKDIR}/tmp/unit$i.json" | cut -d " " -f1) + cksum2=$(md5sum "${UNPACKDIR}/test-output$i.json" | cut -d " " -f1) if [ "${cksum1}" != "${cksum2}" ]; then bbfatal "[PARSING] os-config-json: Unexpected output for unit$i and test-output$i" fi @@ -59,46 +57,46 @@ do_test() { # Test modification of unit configuration tmpfile=$(mktemp) - "${JQ}" '.key_integer=10' "${WORKDIR}/test-input.json" > "${WORKDIR}/${tmpfile}" + "${JQ}" '.key_integer=10' "${UNPACKDIR}/test-input.json" > "${UNPACKDIR}/${tmpfile}" JQ="${JQ}" \ - CONF_DIR=${WORKDIR}/tmp \ - CONFIG_PATH=${WORKDIR}/${tmpfile} \ - CACHED_CONFIG_PATH=${WORKDIR}/tmp/test-cache.json \ - UNITS_DIR=${WORKDIR}/tmp\ + CONF_DIR=${UNPACKDIR}/tmp \ + CONFIG_PATH=${UNPACKDIR}/${tmpfile} \ + CACHED_CONFIG_PATH=${UNPACKDIR}/tmp/test-cache.json \ + UNITS_DIR=${UNPACKDIR}/tmp\ STAGING_DIR=${STAGING_DIR_NATIVE} \ - /bin/sh "${WORKDIR}/os-config-json" - cksum1=$(md5sum "${WORKDIR}/tmp/unit5.json" | cut -d " " -f1) - cksum2=$(md5sum "${WORKDIR}/test-output7.json" | cut -d " " -f1) + /bin/sh "${UNPACKDIR}/os-config-json" + cksum1=$(md5sum "${UNPACKDIR}/tmp/unit5.json" | cut -d " " -f1) + cksum2=$(md5sum "${UNPACKDIR}/test-output7.json" | cut -d " " -f1) if [ "${cksum1}" != "${cksum2}" ]; then bbfatal "[MODIFICATION] os-config-json: Unexpected output" fi # Test removal of value from configuration unit - "${JQ}" 'del(.key_object.one)' "${WORKDIR}/test-input.json" > "${WORKDIR}/${tmpfile}" + "${JQ}" 'del(.key_object.one)' "${UNPACKDIR}/test-input.json" > "${UNPACKDIR}/${tmpfile}" JQ="${JQ}" \ - CONF_DIR=${WORKDIR}/tmp \ - CONFIG_PATH=${WORKDIR}/${tmpfile} \ - CACHED_CONFIG_PATH=${WORKDIR}/tmp/test-cache.json \ - UNITS_DIR=${WORKDIR}/tmp\ + CONF_DIR=${UNPACKDIR}/tmp \ + CONFIG_PATH=${UNPACKDIR}/${tmpfile} \ + CACHED_CONFIG_PATH=${UNPACKDIR}/tmp/test-cache.json \ + UNITS_DIR=${UNPACKDIR}/tmp\ STAGING_DIR=${STAGING_DIR_NATIVE} \ - /bin/sh "${WORKDIR}/os-config-json" - cksum1=$(md5sum "${WORKDIR}/tmp/unit1.json" | cut -d " " -f1) - cksum2=$(md5sum "${WORKDIR}/test-output6.json" | cut -d " " -f1) + /bin/sh "${UNPACKDIR}/os-config-json" + cksum1=$(md5sum "${UNPACKDIR}/tmp/unit1.json" | cut -d " " -f1) + cksum2=$(md5sum "${UNPACKDIR}/test-output6.json" | cut -d " " -f1) if [ "${cksum1}" != "${cksum2}" ]; then bbfatal "[REMOVAL] os-config-json: Unexpected output" fi # Test removal of all values from configuration unit - "${JQ}" 'del(.key_nested.key_nested_child2_nested.key_child2_nested."0") | del(.key_object.one)' "${WORKDIR}/test-input.json" > "${WORKDIR}/${tmpfile}" + "${JQ}" 'del(.key_nested.key_nested_child2_nested.key_child2_nested."0") | del(.key_object.one)' "${UNPACKDIR}/test-input.json" > "${UNPACKDIR}/${tmpfile}" JQ="${JQ}" \ - CONF_DIR=${WORKDIR}/tmp \ - CONFIG_PATH=${WORKDIR}/${tmpfile} \ - CACHED_CONFIG_PATH=${WORKDIR}/tmp/test-cache.json \ - UNITS_DIR=${WORKDIR}/tmp\ + CONF_DIR=${UNPACKDIR}/tmp \ + CONFIG_PATH=${UNPACKDIR}/${tmpfile} \ + CACHED_CONFIG_PATH=${UNPACKDIR}/tmp/test-cache.json \ + UNITS_DIR=${UNPACKDIR}/tmp\ STAGING_DIR=${STAGING_DIR_NATIVE} \ - /bin/sh "${WORKDIR}/os-config-json" - if [ -f "${WORKDIR}/tmp/unit1.json" ]; then - contents=$(cat "${WORKDIR}/tmp/unit1.json") + /bin/sh "${UNPACKDIR}/os-config-json" + if [ -f "${UNPACKDIR}/tmp/unit1.json" ]; then + contents=$(cat "${UNPACKDIR}/tmp/unit1.json") if [ "${contents}" != "{}" ]; then bbfatal "[REMOVAL-ALL] os-config-json: Unexpected output" fi @@ -119,11 +117,11 @@ parse_conf_to_units() { do_install() { install -d ${D}${sbindir} - install -m 0755 ${WORKDIR}/os-config-json ${D}${sbindir}/ - install -m 0755 ${WORKDIR}/gen-conf-unit ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/os-config-json ${D}${sbindir}/ + install -m 0755 ${UNPACKDIR}/gen-conf-unit ${D}${sbindir}/ install -d ${D}${sysconfdir}/systemd - install -d ${WORKDIR}/tmp - install -c -m 0644 ${WORKDIR}/unit-conf.json ${STAGING_DIR_TARGET} - parse_conf_to_units "${WORKDIR}/unit-conf.json" "${D}/${sysconfdir}/systemd" - parse_conf_to_units "${WORKDIR}/test-conf.json" "${WORKDIR}/tmp" + install -d ${UNPACKDIR}/tmp + install -c -m 0644 ${UNPACKDIR}/unit-conf.json ${STAGING_DIR_TARGET} + parse_conf_to_units "${UNPACKDIR}/unit-conf.json" "${D}/${sysconfdir}/systemd" + parse_conf_to_units "${UNPACKDIR}/test-conf.json" "${UNPACKDIR}/tmp" } diff --git a/meta-balena-common/recipes-support/bindmount/bindmount_0.0.4.bb b/meta-balena-common/recipes-support/bindmount/bindmount_0.0.4.bb index 1a59b7c9a6..ece2ee5507 100644 --- a/meta-balena-common/recipes-support/bindmount/bindmount_0.0.4.bb +++ b/meta-balena-common/recipes-support/bindmount/bindmount_0.0.4.bb @@ -9,7 +9,7 @@ inherit balena_cargo # SRC_URI += "crate://crates.io/bindmount/0.0.4" SRC_URI += "git://git@github.com/balena-os/bindmount.git;branch=master;protocol=https" SRCREV = "82761d07cce8a61e09e2e37ba07477288c5683b6" -S = "${WORKDIR}/git" + CARGO_SRC_DIR="" PV:append = ".AUTOINC+f597fb0266" diff --git a/meta-balena-common/recipes-support/ca-certificates/ca-certificates_%.bbappend b/meta-balena-common/recipes-support/ca-certificates/ca-certificates_%.bbappend index b532662afb..15a1acc932 100644 --- a/meta-balena-common/recipes-support/ca-certificates/ca-certificates_%.bbappend +++ b/meta-balena-common/recipes-support/ca-certificates/ca-certificates_%.bbappend @@ -18,10 +18,10 @@ do_install:append:class-target () { # Add a service to regenerate CA chain on update install -d ${D}${bindir}/ - install -m 0755 ${WORKDIR}/extract-balena-ca ${D}${bindir}/ + install -m 0755 ${UNPACKDIR}/extract-balena-ca ${D}${bindir}/ install -d ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/extract-balena-ca.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/extract-balena-ca.service ${D}${systemd_unitdir}/system/ # Make update-ca-certificates use our directory instead of the non-existing default sed -i -e "s,^LOCALCERTSDIR=.*$,LOCALCERTSDIR=\$SYSROOT/usr/share/ca-certificates/balena," ${D}/usr/sbin/update-ca-certificates diff --git a/meta-balena-common/recipes-support/development-features/development-features.bb b/meta-balena-common/recipes-support/development-features/development-features.bb index 43337d834d..fccfe7a8ab 100644 --- a/meta-balena-common/recipes-support/development-features/development-features.bb +++ b/meta-balena-common/recipes-support/development-features/development-features.bb @@ -7,7 +7,6 @@ SRC_URI = " \ file://development-features.service \ file://development-features.target \ " -S = "${WORKDIR}" inherit allarch systemd balena-configurable @@ -22,13 +21,13 @@ do_build[noexec] = "1" do_install() { install -d ${D}${bindir}/ - install -m 0755 ${WORKDIR}/development-features ${D}${bindir}/ + install -m 0755 ${UNPACKDIR}/development-features ${D}${bindir}/ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/development-features.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/development-features.target ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/development-features.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/development-features.target ${D}${systemd_unitdir}/system/ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ diff --git a/meta-balena-common/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bb b/meta-balena-common/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bb index dd5ecc24cc..e3711b9bb4 100644 --- a/meta-balena-common/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bb +++ b/meta-balena-common/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bb @@ -3,7 +3,6 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" SRC_URI = "file://hostapp-update-hooks" -S = "${WORKDIR}" inherit allarch @@ -68,7 +67,8 @@ RDEPENDS:${PN} = " \ " RDEPENDS:${PN}:append = "${@oe.utils.conditional('SIGN_API','','',' os-helpers-sb',d)}" -RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'efi', ' efivar efitools-utils tcgtool', '',d)}" +# efitools needs more debugging, commenting this out for the purpose of checking blockers for nvidia builds +#RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'efi', ' efivar efitools-utils tcgtool', '',d)}" do_install() { mkdir -p ${D}${sysconfdir}/hostapp-update-hooks.d/ @@ -76,10 +76,10 @@ do_install() { mkdir -p ${D}${sysconfdir}/hostapp-update-hooks.d/$hdir done for h in ${HOSTAPP_HOOKS}; do - install -m 0755 $h ${D}${sysconfdir}/hostapp-update-hooks.d/"$h" + install -m 0755 ${UNPACKDIR}/$h ${D}${sysconfdir}/hostapp-update-hooks.d/"$h" done mkdir -p ${D}${bindir} - install -m 0755 hostapp-update-hooks ${D}${bindir}/hostapp-update-hooks-v2 + install -m 0755 ${UNPACKDIR}/hostapp-update-hooks ${D}${bindir}/hostapp-update-hooks-v2 ln -s -r ${D}${bindir}/hostapp-update-hooks-v2 ${D}${bindir}/hostapp-update-hooks sed -i -e 's:@BALENA_BOOT_FINGERPRINT@:${BALENA_BOOT_FINGERPRINT}:g;' \ diff --git a/meta-balena-common/recipes-support/lvm2/lvm2%.bbappend b/meta-balena-common/recipes-support/lvm2/lvm2%.bbappend new file mode 100644 index 0000000000..70ca4af3de --- /dev/null +++ b/meta-balena-common/recipes-support/lvm2/lvm2%.bbappend @@ -0,0 +1,11 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/lvm2:" + +SRC_URI += " \ + file://11-dm.rules \ +" + +do_install:append() { + install -m 444 -D "${UNPACKDIR}/11-dm.rules" "${D}${nonarch_base_libdir}/udev/rules.d/" +} + +FILES:${PN}:append = " ${nonarch_base_libdir}/udev/rules.d/11-dm.rules " diff --git a/meta-balena-common/recipes-support/lvm2/lvm2_%.bbappend b/meta-balena-common/recipes-support/lvm2/lvm2_%.bbappend deleted file mode 100644 index 4f85ae2a6b..0000000000 --- a/meta-balena-common/recipes-support/lvm2/lvm2_%.bbappend +++ /dev/null @@ -1,9 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:" - -SRC_URI += " \ - file://11-dm.rules \ -" - -do_install:append() { - install -m 444 -D "${WORKDIR}/11-dm.rules" "${D}${nonarch_base_libdir}/udev/rules.d/" -} diff --git a/meta-balena-common/recipes-support/os-extra-firmware/os-extra-firmware.bb b/meta-balena-common/recipes-support/os-extra-firmware/os-extra-firmware.bb index 22acc425b1..fdc3c1ff80 100644 --- a/meta-balena-common/recipes-support/os-extra-firmware/os-extra-firmware.bb +++ b/meta-balena-common/recipes-support/os-extra-firmware/os-extra-firmware.bb @@ -7,8 +7,6 @@ SRC_URI = " \ file://os-extra-firmware.service \ " -S = "${WORKDIR}" - RDEPENDS:${PN} += "balena-config-vars bash" inherit allarch systemd balena-configurable @@ -23,12 +21,12 @@ do_build[noexec] = "1" do_install() { install -d ${D}${bindir}/ - install -m 0755 ${WORKDIR}/os-extra-firmware ${D}${bindir}/ + install -m 0755 ${UNPACKDIR}/os-extra-firmware ${D}${bindir}/ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/os-extra-firmware.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/os-extra-firmware.service ${D}${systemd_unitdir}/system/ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/os-fan-profile/os-fan-profile.bb b/meta-balena-common/recipes-support/os-fan-profile/os-fan-profile.bb index 9c06c9d1b9..4a30f2e9ee 100644 --- a/meta-balena-common/recipes-support/os-fan-profile/os-fan-profile.bb +++ b/meta-balena-common/recipes-support/os-fan-profile/os-fan-profile.bb @@ -7,8 +7,6 @@ SRC_URI = " \ file://os-fan-profile.service \ " -S = "${WORKDIR}" - RDEPENDS:${PN} += "balena-config-vars bash" inherit allarch systemd balena-configurable @@ -23,12 +21,12 @@ do_build[noexec] = "1" do_install() { install -d ${D}${bindir}/ - install -m 0755 ${WORKDIR}/os-fan-profile ${D}${bindir}/ + install -m 0755 ${UNPACKDIR}/os-fan-profile ${D}${bindir}/ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/os-fan-profile.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/os-fan-profile.service ${D}${systemd_unitdir}/system/ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/os-helpers/os-helpers.bb b/meta-balena-common/recipes-support/os-helpers/os-helpers.bb index 1df8e7477f..d7da0004ae 100644 --- a/meta-balena-common/recipes-support/os-helpers/os-helpers.bb +++ b/meta-balena-common/recipes-support/os-helpers/os-helpers.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d9 DEPENDS = "time-native curl-native" RDEPENDS:${PN}-fs = "e2fsprogs-tune2fs mtools parted bash util-linux-fdisk zstd" RDEPENDS:${PN}-fs:append = "${@bb.utils.contains('MACHINE_FEATURES','raid',' mdadm','',d)}" -RDEPENDS:${PN}-tpm2 = "libtss2-tcti-device tpm2-tools tcgtool" +RDEPENDS:${PN}-tpm2:class-target = "libtss2-tcti-device tpm2-tools tcgtool" RDEPENDS:${PN}-config = "bash" RDEPENDS:${PN}-reboot = "bash jq" RDEPENDS:${PN}-api = "curl" @@ -26,7 +26,6 @@ SRC_URI = " \ file://os-helpers-sb \ file://safe_reboot \ " -S = "${WORKDIR}" inherit allarch @@ -45,16 +44,16 @@ PACKAGES = " \ do_install() { install -d ${D}${libexecdir} install -m 0775 \ - ${WORKDIR}/os-helpers-fs \ - ${WORKDIR}/os-helpers-logging \ - ${WORKDIR}/os-helpers-time \ - ${WORKDIR}/os-helpers-tpm2 \ - ${WORKDIR}/os-helpers-config \ - ${WORKDIR}/os-helpers-bootloader-config \ - ${WORKDIR}/os-helpers-api \ - ${WORKDIR}/os-helpers-efi \ - ${WORKDIR}/os-helpers-sb \ - ${WORKDIR}/safe_reboot \ + ${UNPACKDIR}/os-helpers-fs \ + ${UNPACKDIR}/os-helpers-logging \ + ${UNPACKDIR}/os-helpers-time \ + ${UNPACKDIR}/os-helpers-tpm2 \ + ${UNPACKDIR}/os-helpers-config \ + ${UNPACKDIR}/os-helpers-bootloader-config \ + ${UNPACKDIR}/os-helpers-api \ + ${UNPACKDIR}/os-helpers-efi \ + ${UNPACKDIR}/os-helpers-sb \ + ${UNPACKDIR}/safe_reboot \ ${D}${libexecdir} sed -i "s,@@BALENA_CONF_UNIT_STORE@@,${BALENA_CONF_UNIT_STORE},g" ${D}${libexecdir}/os-helpers-config sed -i -e "s,@@BALENA_FINGERPRINT_FILENAME@@,${BALENA_FINGERPRINT_FILENAME},g" -e "s,@@BALENA_FINGERPRINT_EXT@@,${BALENA_FINGERPRINT_EXT},g" ${D}${libexecdir}/os-helpers-fs @@ -80,7 +79,7 @@ do_test_api() { fi endpoint="https://api.${BALENA_API_ENV}" export CURL_CA_BUNDLE="${STAGING_DIR_NATIVE}/etc/ssl/certs/ca-certificates.crt" - . ${WORKDIR}/os-helpers-api + . ${UNPACKDIR}/os-helpers-api # GET 200 if ! api_get_request "${endpoint}/ping"; then bbwarn "${PN}: API request failed " diff --git a/meta-balena-common/recipes-support/os-power-mode/os-power-mode.bb b/meta-balena-common/recipes-support/os-power-mode/os-power-mode.bb index 87827dc45c..c1523beb62 100644 --- a/meta-balena-common/recipes-support/os-power-mode/os-power-mode.bb +++ b/meta-balena-common/recipes-support/os-power-mode/os-power-mode.bb @@ -7,8 +7,6 @@ SRC_URI = " \ file://os-power-mode.service \ " -S = "${WORKDIR}" - RDEPENDS:${PN} += "balena-config-vars bash" inherit allarch systemd balena-configurable @@ -23,12 +21,12 @@ do_build[noexec] = "1" do_install() { install -d ${D}${bindir}/ - install -m 0755 ${WORKDIR}/os-power-mode ${D}${bindir}/ + install -m 0755 ${UNPACKDIR}/os-power-mode ${D}${bindir}/ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/os-power-mode.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/os-power-mode.service ${D}${systemd_unitdir}/system/ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/resin-device-progress/resin-device-progress.bb b/meta-balena-common/recipes-support/resin-device-progress/resin-device-progress.bb index 157a82040b..1d71cd62b6 100644 --- a/meta-balena-common/recipes-support/resin-device-progress/resin-device-progress.bb +++ b/meta-balena-common/recipes-support/resin-device-progress/resin-device-progress.bb @@ -6,7 +6,6 @@ LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d9 PR = "r2" SRC_URI = "file://resin-device-progress" -S = "${WORKDIR}" inherit allarch @@ -20,5 +19,5 @@ RDEPENDS:${PN} = " \ do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/resin-device-progress ${D}${bindir}/resin-device-progress + install -m 0775 ${UNPACKDIR}/resin-device-progress ${D}${bindir}/resin-device-progress } diff --git a/meta-balena-common/recipes-support/resin-device-register/resin-device-register.bb b/meta-balena-common/recipes-support/resin-device-register/resin-device-register.bb index e39007d91b..aa63b14acf 100644 --- a/meta-balena-common/recipes-support/resin-device-register/resin-device-register.bb +++ b/meta-balena-common/recipes-support/resin-device-register/resin-device-register.bb @@ -9,7 +9,6 @@ SRC_URI = " \ file://resin-device-register \ file://resin-device-register.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -25,11 +24,11 @@ SYSTEMD_SERVICE:${PN} = "resin-device-register.service" do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/resin-device-register ${D}${bindir} + install -m 0775 ${UNPACKDIR}/resin-device-register ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/resin-device-register.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/resin-device-register.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/resin-expand/resin-filesystem-expand.bb b/meta-balena-common/recipes-support/resin-expand/resin-filesystem-expand.bb index 87ba97f2a4..e3cf96be46 100644 --- a/meta-balena-common/recipes-support/resin-expand/resin-filesystem-expand.bb +++ b/meta-balena-common/recipes-support/resin-expand/resin-filesystem-expand.bb @@ -6,7 +6,6 @@ SRC_URI = " \ file://resin-filesystem-expand \ file://resin-filesystem-expand.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -22,11 +21,11 @@ RDEPENDS:${PN} = " \ do_install() { install -d ${D}${bindir} - install -m 0775 ${WORKDIR}/resin-filesystem-expand ${D}${bindir} + install -m 0775 ${UNPACKDIR}/resin-filesystem-expand ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/resin-filesystem-expand.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/resin-filesystem-expand.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ diff --git a/meta-balena-common/recipes-support/resin-init/resin-init-board.bb b/meta-balena-common/recipes-support/resin-init/resin-init-board.bb index 8dd5db7fe9..1732ad7837 100644 --- a/meta-balena-common/recipes-support/resin-init/resin-init-board.bb +++ b/meta-balena-common/recipes-support/resin-init/resin-init-board.bb @@ -6,7 +6,6 @@ LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d9 PR = "r1" SRC_URI = "file://resin-init-board" -S = "${WORKDIR}" inherit allarch @@ -14,5 +13,5 @@ RDEPENDS:${PN} = "bash" do_install() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/resin-init-board ${D}${bindir} + install -m 0755 ${UNPACKDIR}/resin-init-board ${D}${bindir} } diff --git a/meta-balena-common/recipes-support/resin-init/resin-init-flasher-board.bb b/meta-balena-common/recipes-support/resin-init/resin-init-flasher-board.bb index 2403fff3fb..8a4e94072c 100644 --- a/meta-balena-common/recipes-support/resin-init/resin-init-flasher-board.bb +++ b/meta-balena-common/recipes-support/resin-init/resin-init-flasher-board.bb @@ -4,13 +4,12 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" SRC_URI = "file://resin-init-flasher-board" -S = "${WORKDIR}" - + inherit allarch RDEPENDS:${PN} = "bash" do_install() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/resin-init-flasher-board ${D}${bindir} + install -m 0755 ${UNPACKDIR}/resin-init-flasher-board ${D}${bindir} } diff --git a/meta-balena-common/recipes-support/resin-init/resin-init-flasher.bb b/meta-balena-common/recipes-support/resin-init/resin-init-flasher.bb index 1a57f83009..29ce644920 100644 --- a/meta-balena-common/recipes-support/resin-init/resin-init-flasher.bb +++ b/meta-balena-common/recipes-support/resin-init/resin-init-flasher.bb @@ -15,8 +15,6 @@ SRC_URI:append = " \ ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' file://balena-init-flasher-tpm', '',d)} \ " -S = "${WORKDIR}" - inherit allarch systemd SYSTEMD_SERVICE:${PN} = "resin-init-flasher.service" @@ -33,10 +31,11 @@ RDEPENDS:${PN} = " \ util-linux-lsblk \ " -RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'efi', ' efitools-utils efibootmgr efivar', '',d)}" -RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' os-helpers-tpm2', '',d)}" +# efitools build needs more debugging +#RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'efi', ' efitools-utils efibootmgr efivar', '',d)}" +#RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' os-helpers-tpm2', '',d)}" -RDEPENDS:${PN}:append = "${@oe.utils.conditional('SIGN_API','','',' cryptsetup dosfstools e2fsprogs-mke2fs lvm2-udevrules os-helpers-fs util-linux-mount util-linux-losetup openssl-bin',d)}" +RDEPENDS:${PN}:append = "${@oe.utils.conditional('SIGN_API','','',' cryptsetup dosfstools e2fsprogs-mke2fs lvm2 os-helpers-fs util-linux-mount util-linux-losetup openssl-bin',d)}" # This should be just fine BALENA_IMAGE ?= "balena-image-${MACHINE}.balenaos-img" @@ -52,11 +51,11 @@ do_install() { fi install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/resin-init-flasher ${D}${bindir} + install -m 0755 ${UNPACKDIR}/resin-init-flasher ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/resin-init-flasher.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/resin-init-flasher.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BASE_SBINDIR@,${base_sbindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ @@ -95,12 +94,12 @@ do_install() { if ${@bb.utils.contains('MACHINE_FEATURES','efi','true','false',d)}; then install -d ${D}${libexecdir} echo "INTERNAL_DEVICE_BOOTLOADER_CONFIG_LUKS=grub.cfg_internal_luks" >> ${D}/${sysconfdir}/resin-init-flasher.conf - install -m 0755 ${WORKDIR}/balena-init-flasher-efi ${D}${libexecdir}/balena-init-flasher-secureboot + install -m 0755 ${UNPACKDIR}/balena-init-flasher-efi ${D}${libexecdir}/balena-init-flasher-secureboot sed -i -e 's,@@KERNEL_IMAGETYPE@@,${KERNEL_IMAGETYPE},' ${D}${libexecdir}/balena-init-flasher-secureboot fi if ${@bb.utils.contains('MACHINE_FEATURES','tpm','true','false',d)}; then install -d ${D}${libexecdir} - install -m 0755 ${WORKDIR}/balena-init-flasher-tpm ${D}${libexecdir}/balena-init-flasher-diskenc + install -m 0755 ${UNPACKDIR}/balena-init-flasher-tpm ${D}${libexecdir}/balena-init-flasher-diskenc fi fi diff --git a/meta-balena-common/recipes-support/resin-init/resin-init.bb b/meta-balena-common/recipes-support/resin-init/resin-init.bb index 92fc0c613c..51da1c121f 100644 --- a/meta-balena-common/recipes-support/resin-init/resin-init.bb +++ b/meta-balena-common/recipes-support/resin-init/resin-init.bb @@ -9,7 +9,6 @@ SRC_URI = " \ file://resin-init \ file://resin-init.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -23,11 +22,11 @@ RDEPENDS:${PN} = " \ do_install() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/resin-init ${D}${bindir} + install -m 0755 ${UNPACKDIR}/resin-init ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/resin-init.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${UNPACKDIR}/resin-init.service ${D}${systemd_unitdir}/system sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@BASE_SBINDIR@,${base_sbindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ diff --git a/meta-balena-common/recipes-support/resin-mounts/resin-mounts.bb b/meta-balena-common/recipes-support/resin-mounts/resin-mounts.bb index fe578cc7b3..c98d3d4b02 100644 --- a/meta-balena-common/recipes-support/resin-mounts/resin-mounts.bb +++ b/meta-balena-common/recipes-support/resin-mounts/resin-mounts.bb @@ -57,7 +57,7 @@ do_install:prepend () { install -d ${D}/mnt/sysroot/inactive install -d ${D}${bindir} - install -m 755 ${WORKDIR}/resin-partition-mounter ${D}${bindir} + install -m 755 ${UNPACKDIR}/resin-partition-mounter ${D}${bindir} install -d ${D}${systemd_unitdir}/system if [ "x${SIGN_API}" != "x" ]; then @@ -75,5 +75,5 @@ do_install:prepend () { install -m 0644 $service ${D}${systemd_unitdir}/system/ fi done - install -m 0644 ${WORKDIR}/etc-fake-hwclock.mount ${D}${systemd_unitdir}/system/etc-fake\\x2dhwclock.mount + install -m 0644 ${UNPACKDIR}/etc-fake-hwclock.mount ${D}${systemd_unitdir}/system/etc-fake\\x2dhwclock.mount } diff --git a/meta-balena-common/recipes-support/resin-mounts/resin-mounts.inc b/meta-balena-common/recipes-support/resin-mounts/resin-mounts.inc index 53e8f64760..419525af69 100644 --- a/meta-balena-common/recipes-support/resin-mounts/resin-mounts.inc +++ b/meta-balena-common/recipes-support/resin-mounts/resin-mounts.inc @@ -3,10 +3,10 @@ LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d9 SRC_URI += "file://bind-path.service.in" -S = "${WORKDIR}" - inherit systemd allarch +S = "${UNPACKDIR}" + SYSTEMD_SERVICE:${PN} += "${@bindmounts_systemd_services(d)}" FILES:${PN} += " \ @@ -76,7 +76,7 @@ do_compile () { fi done } -do_compile[dirs] = "${WORKDIR}" +do_compile[dirs] = "${UNPACKDIR}" do_install () { install -d "${D}${sysconfdir}" diff --git a/meta-balena-common/recipes-support/resin-state-reset/resin-state-reset.bb b/meta-balena-common/recipes-support/resin-state-reset/resin-state-reset.bb index 8252748801..1f7d1da8a3 100644 --- a/meta-balena-common/recipes-support/resin-state-reset/resin-state-reset.bb +++ b/meta-balena-common/recipes-support/resin-state-reset/resin-state-reset.bb @@ -6,7 +6,6 @@ SRC_URI = " \ file://resin-state-reset \ file://resin-state-reset.service \ " -S = "${WORKDIR}" inherit allarch systemd @@ -26,7 +25,7 @@ BALENA_STATE_MOUNT_POINT = "/mnt/state" do_install() { install -d ${D}${bindir}/ - install -m 0755 ${WORKDIR}/resin-state-reset ${D}${bindir}/ + install -m 0755 ${UNPACKDIR}/resin-state-reset ${D}${bindir}/ sed -i -e 's,@BALENA_STATE_MP@,${BALENA_STATE_MOUNT_POINT},g' \ ${D}${bindir}/resin-state-reset @@ -34,7 +33,7 @@ do_install() { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system/ install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/resin-state-reset.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${UNPACKDIR}/resin-state-reset.service ${D}${systemd_unitdir}/system/ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ diff --git a/meta-balena-common/recipes-support/tcgtool/tcgtool_git.bb b/meta-balena-common/recipes-support/tcgtool/tcgtool_git.bb index 55604f0718..571496d48e 100644 --- a/meta-balena-common/recipes-support/tcgtool/tcgtool_git.bb +++ b/meta-balena-common/recipes-support/tcgtool/tcgtool_git.bb @@ -1,18 +1,25 @@ DESCRIPTION = "Pack efivar data for hashing to extend PCRs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" -SRC_URI = "git://github.com/balena-os/tcgtool.git;branch=master;protocol=https" + +SRC_URI = "git://github.com/balena-os/tcgtool.git;branch=master;protocol=https;destsuffix=git" SRCREV = "19dfadb6cff3a09eac8f7e542049cc451db5a05d" -S = "${WORKDIR}/git" +# Use the dynamic proxy: Picks UNPACKDIR on Wrynose, WORKDIR on Kirkstone. +# This avoids the fatal "UNPACKDIR = WORKDIR is not supported" error. +S = "${@d.getVar('UNPACKDIR') or d.getVar('WORKDIR')}/git" + +# Explicitly define the binary name to avoid PN conflicts +REAL_PN = "tcgtool" +# Standard build tasks using REAL_PN do_compile() { - oe_runmake ${PN} + oe_runmake ${REAL_PN} } do_install() { install -d ${D}${bindir} - install -m 755 ${B}/${PN} ${D}${bindir}/${PN} + install -m 755 ${B}/${REAL_PN} ${D}${bindir}/${REAL_PN} } BB_STRICT_CHECKSUM = "0" diff --git a/meta-balena-common/recipes-support/usb-modeswitch/files/use_local_libjim_static_library.patch b/meta-balena-common/recipes-support/usb-modeswitch/files/use_local_libjim_static_library.patch index 38084418f3..054243487b 100644 --- a/meta-balena-common/recipes-support/usb-modeswitch/files/use_local_libjim_static_library.patch +++ b/meta-balena-common/recipes-support/usb-modeswitch/files/use_local_libjim_static_library.patch @@ -1,3 +1,5 @@ +Upstream-Status: Inappropriate [oe-configuration] + Index: usb-modeswitch-2.6.1/Makefile =================================================================== --- usb-modeswitch-2.6.1.orig/Makefile diff --git a/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch-data_20191128.bb b/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch-data_20251207.bb similarity index 77% rename from meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch-data_20191128.bb rename to meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch-data_20251207.bb index 351fe44d70..3bced56f44 100644 --- a/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch-data_20191128.bb +++ b/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch-data_20251207.bb @@ -7,8 +7,7 @@ inherit allarch DEPENDS += "tcl-native" SRC_URI = "http://www.draisberghof.de/usb_modeswitch/${BP}.tar.bz2" -SRC_URI[md5sum] = "e8fce7eb949cbe16c61fb71bade4cc17" -SRC_URI[sha256sum] = "3f039b60791c21c7cb15c7986cac89650f076dc274798fa242231b910785eaf9" +SRC_URI[sha256sum] = "0bb12d64aee5e467c31af61a53fb828ff7aa59c54a82ca85eeede4c5690bfa66" do_install() { oe_runmake install DESTDIR=${D} RULESDIR=${D}/${nonarch_base_libdir}/udev/rules.d diff --git a/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch_2.6.1.bb b/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch_2.6.2.bb similarity index 60% rename from meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch_2.6.1.bb rename to meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch_2.6.2.bb index bcbb55a841..af2b5b6491 100644 --- a/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch_2.6.1.bb +++ b/meta-balena-common/recipes-support/usb-modeswitch/usb-modeswitch_2.6.2.bb @@ -1,24 +1,31 @@ SUMMARY = "A mode switching tool for controlling 'flip flop' (multiple device) USB gear" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=091556bd6d0154cd4c2d17a1bfc7380a" DEPENDS = "libusb1" SRC_URI = "http://www.draisberghof.de/usb_modeswitch/${BP}.tar.bz2" -SRC_URI[sha256sum] = "5195d9e136e52f658f19e9f93e4f982b1b67bffac197d0a455cd8c2cd245fa34" +SRC_URI[sha256sum] = "f7abd337784a9d1bd39cb8a587518aff6f2a43d916145eafd80b1b8b7146db66" inherit pkgconfig systemd SYSTEMD_SERVICE:${PN} = "usb_modeswitch@.service" -FILES:${PN} = "${bindir} ${sysconfdir} ${nonarch_base_libdir}/udev/usb_modeswitch ${sbindir} ${localstatedir}/lib/usb_modeswitch" +EXTRA_OEMAKE = "TCL=${bindir}/tclsh" + +FILES:${PN} = " \ + ${bindir} \ + ${sysconfdir} \ + ${nonarch_base_libdir}/udev/usb_modeswitch \ + ${sbindir} ${localstatedir}/lib/usb_modeswitch \ +" +RDEPENDS:${PN} = "tcl" RRECOMMENDS:${PN} = "usb-modeswitch-data" do_install() { - oe_runmake DESTDIR=${D} UDEVDIR=${D}${nonarch_base_libdir}/udev install-statlink + oe_runmake DESTDIR=${D} UDEVDIR=${D}/${nonarch_base_libdir}/udev install if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}/${systemd_unitdir}/system install -m 644 ${S}/usb_modeswitch@.service ${D}/${systemd_unitdir}/system fi - install -m 755 ${S}/usb_modeswitch_dispatcher ${D}/${sbindir} } diff --git a/meta-balena-common/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb b/meta-balena-common/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb index daafae33cb..d073b7abac 100644 --- a/meta-balena-common/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb +++ b/meta-balena-common/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb @@ -38,10 +38,10 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, do_install:append() { install -d "${D}${sysconfdir}/init.d" - install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" + install -m 0755 "${UNPACKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" install -d "${D}${sysconfdir}/default" - install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" + install -m 0644 "${UNPACKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" } FILES:${PN} += "${libdir}/systemd/system-preset \ diff --git a/meta-balena-common/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch b/meta-balena-common/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch index 450698ff64..46b244a427 100644 --- a/meta-balena-common/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch +++ b/meta-balena-common/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch @@ -2,7 +2,7 @@ revert configure: add checks for all tools used by make install Not appropriate for cross build env. -Upstream-Status: OE [inappropriate] +Upstream-Status: Inappropriate [OE specific] Signed-off-by: Armin Kuster Index: tpm2-tss-3.2.0/configure.ac diff --git a/meta-balena-dunfell/conf/distro/include/balena-os-yocto-version.inc b/meta-balena-dunfell/conf/distro/include/balena-os-yocto-version.inc index daa300b7ab..b0c829a3e9 100644 --- a/meta-balena-dunfell/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-balena-dunfell/conf/distro/include/balena-os-yocto-version.inc @@ -2,3 +2,4 @@ PREFERRED_VERSION_tpm2-tss = "3.0.3" # required now that we also support Scarthgap DISTRO_FEATURES:append = " usrmerge" +DISTRO_FEATURES_DEFAULT:remove = "x11" diff --git a/meta-balena-dunfell/conf/distro/include/sysvinit-compat.inc b/meta-balena-dunfell/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-balena-dunfell/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-balena-dunfell/conf/layer.conf b/meta-balena-dunfell/conf/layer.conf index 8134cf9550..bb1848baef 100644 --- a/meta-balena-dunfell/conf/layer.conf +++ b/meta-balena-dunfell/conf/layer.conf @@ -8,3 +8,6 @@ BBFILE_PATTERN_balena-dunfell := "^${LAYERDIR}/" BBFILE_PRIORITY_balena-dunfell = "1337" LAYERSERIES_COMPAT_balena-dunfell = "dunfell" + +# for compatibility with meta-balena-common +UNPACKDIR ??= "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-connectivity/balena-net-config/balena-net-config.bbappend b/meta-balena-dunfell/recipes-connectivity/balena-net-config/balena-net-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/balena-net-config/balena-net-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend b/meta-balena-dunfell/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend b/meta-balena-dunfell/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend b/meta-balena-dunfell/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-connectivity/libmbim/libmbim_%.bbappend b/meta-balena-dunfell/recipes-connectivity/libmbim/libmbim_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/libmbim/libmbim_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend b/meta-balena-dunfell/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-connectivity/libqmi/libqmi_%.bbappend b/meta-balena-dunfell/recipes-connectivity/libqmi/libqmi_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/libqmi/libqmi_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-connectivity/modemmanager/modemmanager_%.bbappend b/meta-balena-dunfell/recipes-connectivity/modemmanager/modemmanager_%.bbappend index 8fc63c52cb..3b9707804b 100644 --- a/meta-balena-dunfell/recipes-connectivity/modemmanager/modemmanager_%.bbappend +++ b/meta-balena-dunfell/recipes-connectivity/modemmanager/modemmanager_%.bbappend @@ -1,7 +1,4 @@ -# we do not use this file in any of our supported boards and we need to remove it to fix the following error: -# ERROR: modemmanager-1.24.2-r0 do_package_qa: QA Issue: /usr/share/ModemManager/modem-setup.available.d/0000 contained in package -# modemmanager requires 0000_modemmanager:, but no providers found in RDEPENDS_modemmanager? [file-rdeps] -# ERROR: modemmanager-1.24.2-r0 do_package_qa: QA run found fatal errors. Please consider fixing them. do_install_append() { rm ${D}${datadir}/ModemManager/modem-setup.available.d/0000:0000 } +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-connectivity/networkmanager/networkmanager_%.bbappend b/meta-balena-dunfell/recipes-connectivity/networkmanager/networkmanager_%.bbappend index 2ddfd8f056..042e0c3486 100644 --- a/meta-balena-dunfell/recipes-connectivity/networkmanager/networkmanager_%.bbappend +++ b/meta-balena-dunfell/recipes-connectivity/networkmanager/networkmanager_%.bbappend @@ -1,2 +1,2 @@ -# in dunfell libuuid is still provided by util-linux so let's remove the dependency to this package that was introduced sometime after dunfell DEPENDS_remove = "util-linux-libuuid" +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-connectivity/redsocks/redsocks_%.bbappend b/meta-balena-dunfell/recipes-connectivity/redsocks/redsocks_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-connectivity/redsocks/redsocks_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-containers/docker-disk/docker-disk.bbappend b/meta-balena-dunfell/recipes-containers/docker-disk/docker-disk.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-containers/docker-disk/docker-disk.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend b/meta-balena-dunfell/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-containers/hostapp-update/hostapp-update.bbappend b/meta-balena-dunfell/recipes-containers/hostapp-update/hostapp-update.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-containers/hostapp-update/hostapp-update.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend b/meta-balena-dunfell/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-containers/mobynit/mobynit_git.bbappend b/meta-balena-dunfell/recipes-containers/mobynit/mobynit_git.bbappend new file mode 100644 index 0000000000..c0c1a7c320 --- /dev/null +++ b/meta-balena-dunfell/recipes-containers/mobynit/mobynit_git.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/${BPN}/src/${GO_IMPORT}" diff --git a/meta-balena-dunfell/recipes-containers/tini/tini_0.14.0.bbappend b/meta-balena-dunfell/recipes-containers/tini/tini_0.14.0.bbappend index a966944e62..b9ced4d5ec 100644 --- a/meta-balena-dunfell/recipes-containers/tini/tini_0.14.0.bbappend +++ b/meta-balena-dunfell/recipes-containers/tini/tini_0.14.0.bbappend @@ -1,2 +1,4 @@ # Thud static PIE seems broken as binary gets into segfault at runtime SECURITY_CFLAGS_pn-${PN} += "${SECURITY_NOPIE_CFLAGS}" + +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-core/balena-rollback/balena-rollback.bbappend b/meta-balena-dunfell/recipes-core/balena-rollback/balena-rollback.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-core/balena-rollback/balena-rollback.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend b/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend b/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend b/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-core/os-config/os-config_%.bbappend b/meta-balena-dunfell/recipes-core/os-config/os-config_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-core/os-config/os-config_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-core/systemd/disk-watchdog.bbappend b/meta-balena-dunfell/recipes-core/systemd/disk-watchdog.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-core/systemd/disk-watchdog.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-core/upx/upx_git.bbappend b/meta-balena-dunfell/recipes-core/upx/upx_git.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-core/upx/upx_git.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-support/balena-config-vars/balena-config-vars.bbappend b/meta-balena-dunfell/recipes-support/balena-config-vars/balena-config-vars.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/balena-config-vars/balena-config-vars.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/balena-data-reset/balena-data-reset.bbappend b/meta-balena-dunfell/recipes-support/balena-data-reset/balena-data-reset.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/balena-data-reset/balena-data-reset.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/balena-hostname/balena-hostname.bbappend b/meta-balena-dunfell/recipes-support/balena-hostname/balena-hostname.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/balena-hostname/balena-hostname.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/balena-info/balena-info.bbappend b/meta-balena-dunfell/recipes-support/balena-info/balena-info.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/balena-info/balena-info.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend b/meta-balena-dunfell/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/balena-unique-key/balena-unique-key.bbappend b/meta-balena-dunfell/recipes-support/balena-unique-key/balena-unique-key.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/balena-unique-key/balena-unique-key.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/balena-units-conf/balena-units-conf.bbappend b/meta-balena-dunfell/recipes-support/balena-units-conf/balena-units-conf.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/balena-units-conf/balena-units-conf.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/bindmount/bindmount_%.bbappend b/meta-balena-dunfell/recipes-support/bindmount/bindmount_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-dunfell/recipes-support/bindmount/bindmount_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-dunfell/recipes-support/development-features/development-features.bbappend b/meta-balena-dunfell/recipes-support/development-features/development-features.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/development-features/development-features.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend b/meta-balena-dunfell/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/os-extra-firmware/os-extra-firmware.bbappend b/meta-balena-dunfell/recipes-support/os-extra-firmware/os-extra-firmware.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/os-extra-firmware/os-extra-firmware.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/os-fan-profile/os-fan-profile.bbappend b/meta-balena-dunfell/recipes-support/os-fan-profile/os-fan-profile.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/os-fan-profile/os-fan-profile.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/os-helpers/os-helpers.bbappend b/meta-balena-dunfell/recipes-support/os-helpers/os-helpers.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/os-helpers/os-helpers.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/os-power-mode/os-power-mode.bbappend b/meta-balena-dunfell/recipes-support/os-power-mode/os-power-mode.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/os-power-mode/os-power-mode.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-device-progress/resin-device-progress.bbappend b/meta-balena-dunfell/recipes-support/resin-device-progress/resin-device-progress.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-device-progress/resin-device-progress.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-device-register/resin-device-register.bbappend b/meta-balena-dunfell/recipes-support/resin-device-register/resin-device-register.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-device-register/resin-device-register.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-expand/resin-filesystem-expand.bbappend b/meta-balena-dunfell/recipes-support/resin-expand/resin-filesystem-expand.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-expand/resin-filesystem-expand.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-init/resin-init-board.bbappend b/meta-balena-dunfell/recipes-support/resin-init/resin-init-board.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-init/resin-init-board.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-init/resin-init-flasher-board.bbappend b/meta-balena-dunfell/recipes-support/resin-init/resin-init-flasher-board.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-init/resin-init-flasher-board.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-init/resin-init-flasher.bbappend b/meta-balena-dunfell/recipes-support/resin-init/resin-init-flasher.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-init/resin-init-flasher.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-init/resin-init.bbappend b/meta-balena-dunfell/recipes-support/resin-init/resin-init.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-init/resin-init.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-mounts/resin-mounts.bbappend b/meta-balena-dunfell/recipes-support/resin-mounts/resin-mounts.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-mounts/resin-mounts.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-dunfell/recipes-support/resin-state-reset/resin-state-reset.bbappend b/meta-balena-dunfell/recipes-support/resin-state-reset/resin-state-reset.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-dunfell/recipes-support/resin-state-reset/resin-state-reset.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-honister/conf/distro/include/balena-os-yocto-version.inc b/meta-balena-honister/conf/distro/include/balena-os-yocto-version.inc new file mode 100644 index 0000000000..78822c8b48 --- /dev/null +++ b/meta-balena-honister/conf/distro/include/balena-os-yocto-version.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_DEFAULT:remove = "x11" diff --git a/meta-balena-honister/conf/distro/include/sysvinit-compat.inc b/meta-balena-honister/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-balena-honister/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-balena-kirkstone/conf/distro/include/balena-os-yocto-version.inc b/meta-balena-kirkstone/conf/distro/include/balena-os-yocto-version.inc index 7ec1a3cb12..afa30c010c 100644 --- a/meta-balena-kirkstone/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-balena-kirkstone/conf/distro/include/balena-os-yocto-version.inc @@ -2,3 +2,4 @@ PREFERRED_VERSION_resolvconf = "1.91" # required now that we also support Scarthgap DISTRO_FEATURES:append = " usrmerge" +DISTRO_FEATURES_DEFAULT:remove = "x11" diff --git a/meta-balena-kirkstone/conf/distro/include/sysvinit-compat.inc b/meta-balena-kirkstone/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-balena-kirkstone/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-balena-kirkstone/conf/layer.conf b/meta-balena-kirkstone/conf/layer.conf index f5eb776fea..6c1720e72b 100644 --- a/meta-balena-kirkstone/conf/layer.conf +++ b/meta-balena-kirkstone/conf/layer.conf @@ -8,3 +8,6 @@ BBFILE_PATTERN_balena-kirkstone := "^${LAYERDIR}/" BBFILE_PRIORITY_balena-kirkstone = "1337" LAYERSERIES_COMPAT_balena-kirkstone = "kirkstone" + +# for compatibility with meta-balena-common +UNPACKDIR ??= "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-connectivity/balena-net-config/balena-net-config.bbappend b/meta-balena-kirkstone/recipes-connectivity/balena-net-config/balena-net-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/balena-net-config/balena-net-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend b/meta-balena-kirkstone/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend b/meta-balena-kirkstone/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend b/meta-balena-kirkstone/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-connectivity/libmbim/libmbim_%.bbappend b/meta-balena-kirkstone/recipes-connectivity/libmbim/libmbim_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/libmbim/libmbim_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend b/meta-balena-kirkstone/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-connectivity/libqmi/libqmi_%.bbappend b/meta-balena-kirkstone/recipes-connectivity/libqmi/libqmi_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/libqmi/libqmi_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-connectivity/modemmanager/modemmanager_%.bbappend b/meta-balena-kirkstone/recipes-connectivity/modemmanager/modemmanager_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/modemmanager/modemmanager_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-connectivity/networkmanager/networkmanager_%.bbappend b/meta-balena-kirkstone/recipes-connectivity/networkmanager/networkmanager_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/networkmanager/networkmanager_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-connectivity/redsocks/redsocks_%.bbappend b/meta-balena-kirkstone/recipes-connectivity/redsocks/redsocks_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-connectivity/redsocks/redsocks_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-containers/docker-disk/docker-disk.bbappend b/meta-balena-kirkstone/recipes-containers/docker-disk/docker-disk.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-containers/docker-disk/docker-disk.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend b/meta-balena-kirkstone/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-containers/hostapp-update/hostapp-update.bbappend b/meta-balena-kirkstone/recipes-containers/hostapp-update/hostapp-update.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-containers/hostapp-update/hostapp-update.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend b/meta-balena-kirkstone/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-containers/mobynit/mobynit_git.bbappend b/meta-balena-kirkstone/recipes-containers/mobynit/mobynit_git.bbappend new file mode 100644 index 0000000000..c0c1a7c320 --- /dev/null +++ b/meta-balena-kirkstone/recipes-containers/mobynit/mobynit_git.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/${BPN}/src/${GO_IMPORT}" diff --git a/meta-balena-kirkstone/recipes-containers/tini/tini_0.14.0.bbappend b/meta-balena-kirkstone/recipes-containers/tini/tini_0.14.0.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-containers/tini/tini_0.14.0.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-core/balena-rollback/balena-rollback.bbappend b/meta-balena-kirkstone/recipes-core/balena-rollback/balena-rollback.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-core/balena-rollback/balena-rollback.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend b/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend b/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend b/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-core/os-config/os-config_%.bbappend b/meta-balena-kirkstone/recipes-core/os-config/os-config_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-core/os-config/os-config_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-core/systemd/disk-watchdog.bbappend b/meta-balena-kirkstone/recipes-core/systemd/disk-watchdog.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-core/systemd/disk-watchdog.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-core/upx/upx_git.bbappend b/meta-balena-kirkstone/recipes-core/upx/upx_git.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-core/upx/upx_git.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-support/balena-config-vars/balena-config-vars.bbappend b/meta-balena-kirkstone/recipes-support/balena-config-vars/balena-config-vars.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/balena-config-vars/balena-config-vars.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/balena-data-reset/balena-data-reset.bbappend b/meta-balena-kirkstone/recipes-support/balena-data-reset/balena-data-reset.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/balena-data-reset/balena-data-reset.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/balena-hostname/balena-hostname.bbappend b/meta-balena-kirkstone/recipes-support/balena-hostname/balena-hostname.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/balena-hostname/balena-hostname.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/balena-info/balena-info.bbappend b/meta-balena-kirkstone/recipes-support/balena-info/balena-info.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/balena-info/balena-info.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend b/meta-balena-kirkstone/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/balena-unique-key/balena-unique-key.bbappend b/meta-balena-kirkstone/recipes-support/balena-unique-key/balena-unique-key.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/balena-unique-key/balena-unique-key.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/balena-units-conf/balena-units-conf.bbappend b/meta-balena-kirkstone/recipes-support/balena-units-conf/balena-units-conf.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/balena-units-conf/balena-units-conf.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/bindmount/bindmount_%.bbappend b/meta-balena-kirkstone/recipes-support/bindmount/bindmount_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/bindmount/bindmount_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-kirkstone/recipes-support/development-features/development-features.bbappend b/meta-balena-kirkstone/recipes-support/development-features/development-features.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/development-features/development-features.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend b/meta-balena-kirkstone/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/os-extra-firmware/os-extra-firmware.bbappend b/meta-balena-kirkstone/recipes-support/os-extra-firmware/os-extra-firmware.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/os-extra-firmware/os-extra-firmware.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/os-fan-profile/os-fan-profile.bbappend b/meta-balena-kirkstone/recipes-support/os-fan-profile/os-fan-profile.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/os-fan-profile/os-fan-profile.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/os-helpers/os-helpers.bbappend b/meta-balena-kirkstone/recipes-support/os-helpers/os-helpers.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/os-helpers/os-helpers.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/os-power-mode/os-power-mode.bbappend b/meta-balena-kirkstone/recipes-support/os-power-mode/os-power-mode.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/os-power-mode/os-power-mode.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-device-progress/resin-device-progress.bbappend b/meta-balena-kirkstone/recipes-support/resin-device-progress/resin-device-progress.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-device-progress/resin-device-progress.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-device-register/resin-device-register.bbappend b/meta-balena-kirkstone/recipes-support/resin-device-register/resin-device-register.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-device-register/resin-device-register.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-expand/resin-filesystem-expand.bbappend b/meta-balena-kirkstone/recipes-support/resin-expand/resin-filesystem-expand.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-expand/resin-filesystem-expand.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-init/resin-init-board.bbappend b/meta-balena-kirkstone/recipes-support/resin-init/resin-init-board.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-init/resin-init-board.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-init/resin-init-flasher-board.bbappend b/meta-balena-kirkstone/recipes-support/resin-init/resin-init-flasher-board.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-init/resin-init-flasher-board.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-init/resin-init-flasher.bbappend b/meta-balena-kirkstone/recipes-support/resin-init/resin-init-flasher.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-init/resin-init-flasher.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-init/resin-init.bbappend b/meta-balena-kirkstone/recipes-support/resin-init/resin-init.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-init/resin-init.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-mounts/resin-mounts.bbappend b/meta-balena-kirkstone/recipes-support/resin-mounts/resin-mounts.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-mounts/resin-mounts.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-kirkstone/recipes-support/resin-state-reset/resin-state-reset.bbappend b/meta-balena-kirkstone/recipes-support/resin-state-reset/resin-state-reset.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-kirkstone/recipes-support/resin-state-reset/resin-state-reset.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-rust/classes/balena_cargo_common.bbclass b/meta-balena-rust/classes/balena_cargo_common.bbclass index e8c0f95252..dfa0aaa55b 100644 --- a/meta-balena-rust/classes/balena_cargo_common.bbclass +++ b/meta-balena-rust/classes/balena_cargo_common.bbclass @@ -19,7 +19,7 @@ inherit ${@set_crate_fetcher(d)} inherit balena_rust-common # Where we download our registry and dependencies to -export CARGO_HOME = "${WORKDIR}/cargo_home" +export CARGO_HOME = "${@d.getVar('UNPACKDIR') or d.getVar('WORKDIR')}/cargo_home" # The pkg-config-rs library used by cargo build scripts disables itself when # cross compiling unless this is defined. We set up pkg-config appropriately diff --git a/meta-balena-rust/classes/crate-fetch.bbclass b/meta-balena-rust/classes/crate-fetch.bbclass index a7fa22b2a0..38991dcbee 100644 --- a/meta-balena-rust/classes/crate-fetch.bbclass +++ b/meta-balena-rust/classes/crate-fetch.bbclass @@ -6,12 +6,39 @@ # Adds support for following format in recipe SRC_URI: # crate:/// # - def import_crate(d): - import crate - if not getattr(crate, 'imported', False): - bb.fetch2.methods.append(crate.Crate()) - crate.imported = True + import sys + import os + import bb.utils + + # 1. Search all layers in BBPATH for the 'lib/crate.py' file + # This is the most robust way to find files within layers + crate_file = bb.utils.which(d.getVar('BBPATH'), 'lib/crate.py') + + if not crate_file: + # If not found, try a fallback: search for just 'crate.py' in case lib is implicit + crate_file = bb.utils.which(d.getVar('BBPATH'), 'crate.py') + + if crate_file: + libdir = os.path.dirname(crate_file) + if libdir not in sys.path: + sys.path.insert(0, libdir) + else: + # If we still can't find it, we'll print an error with the BBPATH for debugging + bb.fatal("Crate Fetcher: Could not find 'lib/crate.py' in BBPATH. " + "Check if meta-balena-rust is in bblayers.conf.") + + # 2. Perform the import + try: + import crate + if hasattr(crate, 'Crate'): + # Only append if not already present + if not any(isinstance(m, crate.Crate) for m in bb.fetch2.methods): + bb.fetch2.methods.append(crate.Crate()) + else: + bb.fatal("Crate fetcher error: Found 'crate' module at %s but it lacks 'Crate' class." % crate.__file__) + except ImportError: + bb.fatal("Crate fetcher error: Could not import 'crate' despite finding it at %s" % crate_file) python crate_import_handler() { import_crate(d) diff --git a/meta-balena-rust/conf/layer.conf b/meta-balena-rust/conf/layer.conf index e5fd3e59bb..a89ff9f15f 100644 --- a/meta-balena-rust/conf/layer.conf +++ b/meta-balena-rust/conf/layer.conf @@ -7,7 +7,7 @@ BBFILE_COLLECTIONS += "balena-rust" BBFILE_PATTERN_balena-rust := "^${LAYERDIR}/" BBFILE_PRIORITY_balena-rust = "1337" -LAYERSERIES_COMPAT_balena-rust = "honister kirkstone scarthgap" +LAYERSERIES_COMPAT_balena-rust = "honister kirkstone scarthgap wrynose" BALENA_DEPRECATED_YOCTO_LAYER ?= "0" diff --git a/meta-balena-rust/recipes-devtools/cargo/cargo-cross-canadian.inc b/meta-balena-rust/recipes-devtools/cargo/cargo-cross-canadian.inc index 7fc22a4128..2f1536c359 100644 --- a/meta-balena-rust/recipes-devtools/cargo/cargo-cross-canadian.inc +++ b/meta-balena-rust/recipes-devtools/cargo/cargo-cross-canadian.inc @@ -8,7 +8,7 @@ CARGO_RUST_TARGET_CCLD = "${RUST_BUILD_CCLD}" require recipes-devtools/rust/rust-common.inc require cargo.inc -CARGO = "${WORKDIR}/${CARGO_SNAPSHOT}/bin/cargo" +CARGO = "${UNPACKDIR}/${CARGO_SNAPSHOT}/bin/cargo" BASEDEPENDS:remove = "cargo-native" export RUST_TARGET_PATH="${WORKDIR}/targets/" @@ -29,7 +29,7 @@ inherit cross-canadian PN = "cargo-cross-canadian-${TRANSLATED_TARGET_ARCH}" python do_rust_gen_targets () { - wd = d.getVar('WORKDIR') + '/targets/' + wd = d.getVar('UNPACKDIR') + '/targets/' rust_gen_target(d, 'BUILD', wd, "", "generic", d.getVar('BUILD_ARCH')) rust_gen_target(d, 'HOST', wd, "", "generic", d.getVar('HOST_ARCH')) diff --git a/meta-balena-rust/recipes-devtools/cargo/cargo.inc b/meta-balena-rust/recipes-devtools/cargo/cargo.inc index 62a0cbf773..86610bc413 100644 --- a/meta-balena-rust/recipes-devtools/cargo/cargo.inc +++ b/meta-balena-rust/recipes-devtools/cargo/cargo.inc @@ -19,16 +19,16 @@ EXCLUDE_FROM_WORLD = "1" inherit balena_cargo pkgconfig do_cargo_setup_snapshot () { - ${WORKDIR}/rust-snapshot-components/${CARGO_SNAPSHOT}/install.sh --prefix="${WORKDIR}/${CARGO_SNAPSHOT}" --disable-ldconfig + ${UNPACKDIR}/rust-snapshot-components/${CARGO_SNAPSHOT}/install.sh --prefix="${UNPACKDIR}/${CARGO_SNAPSHOT}" --disable-ldconfig # Need to use uninative's loader if enabled/present since the library paths # are used internally by rust and result in symbol mismatches if we don't if [ ! -z "${UNINATIVE_LOADER}" -a -e "${UNINATIVE_LOADER}" ]; then - patchelf-uninative ${WORKDIR}/${CARGO_SNAPSHOT}/bin/cargo --set-interpreter ${UNINATIVE_LOADER} + patchelf-uninative ${UNPACKDIR}/${CARGO_SNAPSHOT}/bin/cargo --set-interpreter ${UNINATIVE_LOADER} fi } addtask cargo_setup_snapshot after do_unpack before do_configure -do_cargo_setup_snapshot[dirs] += "${WORKDIR}/${CARGO_SNAPSHOT}" +do_cargo_setup_snapshot[dirs] += "${UNPACKDIR}/${CARGO_SNAPSHOT}" do_cargo_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER" @@ -53,4 +53,4 @@ export LIBSSH2_SYS_USE_PKG_CONFIG = "1" # When building cargo-native we don't have cargo-native to use and depend on, # so we must use the locally set up snapshot to bootstrap the build. BASEDEPENDS:remove:class-native = "cargo-native" -CARGO:class-native = "${WORKDIR}/${CARGO_SNAPSHOT}/bin/cargo" +CARGO:class-native = "${UNPACKDIR}/${CARGO_SNAPSHOT}/bin/cargo" diff --git a/meta-balena-rust/recipes-devtools/rust/files/0001-bootstrap-replace-references-to-distutils.patch b/meta-balena-rust/recipes-devtools/rust/files/0001-bootstrap-replace-references-to-distutils.patch index d88201be30..7746cfd366 100644 --- a/meta-balena-rust/recipes-devtools/rust/files/0001-bootstrap-replace-references-to-distutils.patch +++ b/meta-balena-rust/recipes-devtools/rust/files/0001-bootstrap-replace-references-to-distutils.patch @@ -5,6 +5,8 @@ Subject: [PATCH 1/1] bootstrap: replace references to distutils Replace references to deprecated distutils package. +Upstream-Status: Inappropriate [configuration] + Signed-off-by: Joseph Kogut Signed-off-by: Joseph Kogut --- diff --git a/meta-balena-rust/recipes-devtools/rust/rust-source.inc b/meta-balena-rust/recipes-devtools/rust/rust-source.inc index fda26534e8..1eb2e601f6 100644 --- a/meta-balena-rust/recipes-devtools/rust/rust-source.inc +++ b/meta-balena-rust/recipes-devtools/rust/rust-source.inc @@ -1,7 +1,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${PV}-src.tar.xz;name=rust" SRC_URI[rust.sha256sum] = "6c00ef115c894c2645e60b5049a4f5dacf1dc0c993f3074f7ae4fdf4c755dd5e" -RUSTSRC = "${WORKDIR}/rustc-${PV}-src" +RUSTSRC = "${UNPACKDIR}/rustc-${PV}-src" UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-methods.html" UPSTREAM_CHECK_REGEX = "rustc-(?P\d+(\.\d+)+)-src" diff --git a/meta-balena-rust/recipes-devtools/rust/rust.inc b/meta-balena-rust/recipes-devtools/rust/rust.inc index d3017cdcb5..6a7f47871f 100644 --- a/meta-balena-rust/recipes-devtools/rust/rust.inc +++ b/meta-balena-rust/recipes-devtools/rust/rust.inc @@ -42,25 +42,25 @@ setup_cargo_environment () { include rust-common.inc do_rust_setup_snapshot () { - for installer in "${WORKDIR}/rust-snapshot-components/"*"/install.sh"; do - "${installer}" --prefix="${WORKDIR}/rust-snapshot" --disable-ldconfig + for installer in "${UNPACKDIR}/rust-snapshot-components/"*"/install.sh"; do + "${installer}" --prefix="${UNPACKDIR}/rust-snapshot" --disable-ldconfig done # Some versions of rust (e.g. 1.18.0) tries to find cargo in stage0/bin/cargo # and fail without it there. mkdir -p ${RUSTSRC}/build/${BUILD_SYS} - ln -sf ${WORKDIR}/rust-snapshot/ ${RUSTSRC}/build/${BUILD_SYS}/stage0 + ln -sf ${UNPACKDIR}/rust-snapshot/ ${RUSTSRC}/build/${BUILD_SYS}/stage0 # Need to use uninative's loader if enabled/present since the library paths # are used internally by rust and result in symbol mismatches if we don't if [ ! -z "${UNINATIVE_LOADER}" -a -e "${UNINATIVE_LOADER}" ]; then for bin in cargo rustc rustdoc; do - patchelf-uninative ${WORKDIR}/rust-snapshot/bin/$bin --set-interpreter ${UNINATIVE_LOADER} + patchelf-uninative ${UNPACKDIR}/rust-snapshot/bin/$bin --set-interpreter ${UNINATIVE_LOADER} done fi } addtask rust_setup_snapshot after do_unpack before do_configure -do_rust_setup_snapshot[dirs] += "${WORKDIR}/rust-snapshot" +do_rust_setup_snapshot[dirs] += "${UNPACKDIR}/rust-snapshot" do_rust_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER" python do_configure() { @@ -115,14 +115,14 @@ python do_configure() { config.set("build", "submodules", e(False)) config.set("build", "docs", e(False)) - rustc = d.expand("${WORKDIR}/rust-snapshot/bin/rustc") + rustc = d.expand("${UNPACKDIR}/rust-snapshot/bin/rustc") config.set("build", "rustc", e(rustc)) # Support for the profiler runtime to generate e.g. coverage report, # PGO etc. config.set("build", "profiler", e(True)) - cargo = d.expand("${WORKDIR}/rust-snapshot/bin/cargo") + cargo = d.expand("${UNPACKDIR}/rust-snapshot/bin/cargo") config.set("build", "cargo", e(cargo)) config.set("build", "vendor", e(True)) @@ -153,7 +153,7 @@ python do_configure() { f.write('changelog-seen = 2\n\n') config.write(f) - # set up ${WORKDIR}/cargo_home + # set up ${UNPACKDIR}/cargo_home bb.build.exec_func("setup_cargo_environment", d) } diff --git a/meta-balena-scarthgap/conf/distro/include/balena-os-yocto-version.inc b/meta-balena-scarthgap/conf/distro/include/balena-os-yocto-version.inc index 336a83e8c3..a1560d641f 100644 --- a/meta-balena-scarthgap/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-balena-scarthgap/conf/distro/include/balena-os-yocto-version.inc @@ -1,2 +1,3 @@ # required by systemd after scarthgap DISTRO_FEATURES:append = " usrmerge" +DISTRO_FEATURES_DEFAULT:remove = "x11" diff --git a/meta-balena-scarthgap/conf/distro/include/sysvinit-compat.inc b/meta-balena-scarthgap/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-balena-scarthgap/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-balena-scarthgap/conf/layer.conf b/meta-balena-scarthgap/conf/layer.conf index 6ae4e51895..f17a291b96 100644 --- a/meta-balena-scarthgap/conf/layer.conf +++ b/meta-balena-scarthgap/conf/layer.conf @@ -8,3 +8,6 @@ BBFILE_PATTERN_balena-scarthgap := "^${LAYERDIR}/" BBFILE_PRIORITY_balena-scarthgap = "1337" LAYERSERIES_COMPAT_balena-scarthgap = "scarthgap" + +# for compatibility with meta-balena-common +UNPACKDIR ??= "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-connectivity/balena-net-config/balena-net-config.bbappend b/meta-balena-scarthgap/recipes-connectivity/balena-net-config/balena-net-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/balena-net-config/balena-net-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend b/meta-balena-scarthgap/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/balena-net-connectivity-wait/balena-net-connectivity-wait.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend b/meta-balena-scarthgap/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/balena-ntp-config/balena-ntp-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend b/meta-balena-scarthgap/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/balena-proxy-config/balena-proxy-config.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-connectivity/libmbim/libmbim_%.bbappend b/meta-balena-scarthgap/recipes-connectivity/libmbim/libmbim_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/libmbim/libmbim_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend b/meta-balena-scarthgap/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/libnss-ato/libnss-ato_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-connectivity/libqmi/libqmi_%.bbappend b/meta-balena-scarthgap/recipes-connectivity/libqmi/libqmi_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/libqmi/libqmi_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-connectivity/modemmanager/modemmanager_%.bbappend b/meta-balena-scarthgap/recipes-connectivity/modemmanager/modemmanager_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/modemmanager/modemmanager_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-connectivity/networkmanager/networkmanager_%.bbappend b/meta-balena-scarthgap/recipes-connectivity/networkmanager/networkmanager_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/networkmanager/networkmanager_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-connectivity/redsocks/redsocks_%.bbappend b/meta-balena-scarthgap/recipes-connectivity/redsocks/redsocks_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-connectivity/redsocks/redsocks_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-containers/docker-disk/docker-disk.bbappend b/meta-balena-scarthgap/recipes-containers/docker-disk/docker-disk.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-containers/docker-disk/docker-disk.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend b/meta-balena-scarthgap/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-containers/hostapp-extensions-update/hostapp-extensions-update.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-containers/hostapp-update/hostapp-update.bbappend b/meta-balena-scarthgap/recipes-containers/hostapp-update/hostapp-update.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-containers/hostapp-update/hostapp-update.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend b/meta-balena-scarthgap/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-containers/mkfs-hostapp-native/mkfs-hostapp-native.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-containers/mobynit/mobynit_git.bbappend b/meta-balena-scarthgap/recipes-containers/mobynit/mobynit_git.bbappend new file mode 100644 index 0000000000..c0c1a7c320 --- /dev/null +++ b/meta-balena-scarthgap/recipes-containers/mobynit/mobynit_git.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/${BPN}/src/${GO_IMPORT}" diff --git a/meta-balena-scarthgap/recipes-containers/tini/tini_0.14.0.bbappend b/meta-balena-scarthgap/recipes-containers/tini/tini_0.14.0.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-containers/tini/tini_0.14.0.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-core/balena-rollback/balena-rollback.bbappend b/meta-balena-scarthgap/recipes-core/balena-rollback/balena-rollback.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-core/balena-rollback/balena-rollback.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend b/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-abroot_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend b/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-extrafw_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend b/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-core/initrdscripts/initramfs-module-mountboot_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-core/os-config/os-config_%.bbappend b/meta-balena-scarthgap/recipes-core/os-config/os-config_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-core/os-config/os-config_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-core/systemd/disk-watchdog.bbappend b/meta-balena-scarthgap/recipes-core/systemd/disk-watchdog.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-core/systemd/disk-watchdog.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-core/upx/upx_git.bbappend b/meta-balena-scarthgap/recipes-core/upx/upx_git.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-core/upx/upx_git.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-support/balena-config-vars/balena-config-vars.bbappend b/meta-balena-scarthgap/recipes-support/balena-config-vars/balena-config-vars.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/balena-config-vars/balena-config-vars.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/balena-data-reset/balena-data-reset.bbappend b/meta-balena-scarthgap/recipes-support/balena-data-reset/balena-data-reset.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/balena-data-reset/balena-data-reset.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/balena-hostname/balena-hostname.bbappend b/meta-balena-scarthgap/recipes-support/balena-hostname/balena-hostname.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/balena-hostname/balena-hostname.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/balena-info/balena-info.bbappend b/meta-balena-scarthgap/recipes-support/balena-info/balena-info.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/balena-info/balena-info.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend b/meta-balena-scarthgap/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/balena-persistent-logs/balena-persistent-logs.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/balena-unique-key/balena-unique-key.bbappend b/meta-balena-scarthgap/recipes-support/balena-unique-key/balena-unique-key.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/balena-unique-key/balena-unique-key.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/balena-units-conf/balena-units-conf.bbappend b/meta-balena-scarthgap/recipes-support/balena-units-conf/balena-units-conf.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/balena-units-conf/balena-units-conf.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/bindmount/bindmount_%.bbappend b/meta-balena-scarthgap/recipes-support/bindmount/bindmount_%.bbappend new file mode 100644 index 0000000000..5f5a075e73 --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/bindmount/bindmount_%.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}/git" diff --git a/meta-balena-scarthgap/recipes-support/development-features/development-features.bbappend b/meta-balena-scarthgap/recipes-support/development-features/development-features.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/development-features/development-features.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend b/meta-balena-scarthgap/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/os-extra-firmware/os-extra-firmware.bbappend b/meta-balena-scarthgap/recipes-support/os-extra-firmware/os-extra-firmware.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/os-extra-firmware/os-extra-firmware.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/os-fan-profile/os-fan-profile.bbappend b/meta-balena-scarthgap/recipes-support/os-fan-profile/os-fan-profile.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/os-fan-profile/os-fan-profile.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/os-helpers/os-helpers.bbappend b/meta-balena-scarthgap/recipes-support/os-helpers/os-helpers.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/os-helpers/os-helpers.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/os-power-mode/os-power-mode.bbappend b/meta-balena-scarthgap/recipes-support/os-power-mode/os-power-mode.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/os-power-mode/os-power-mode.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-device-progress/resin-device-progress.bbappend b/meta-balena-scarthgap/recipes-support/resin-device-progress/resin-device-progress.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-device-progress/resin-device-progress.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-device-register/resin-device-register.bbappend b/meta-balena-scarthgap/recipes-support/resin-device-register/resin-device-register.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-device-register/resin-device-register.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-expand/resin-filesystem-expand.bbappend b/meta-balena-scarthgap/recipes-support/resin-expand/resin-filesystem-expand.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-expand/resin-filesystem-expand.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-init/resin-init-board.bbappend b/meta-balena-scarthgap/recipes-support/resin-init/resin-init-board.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-init/resin-init-board.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-init/resin-init-flasher-board.bbappend b/meta-balena-scarthgap/recipes-support/resin-init/resin-init-flasher-board.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-init/resin-init-flasher-board.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-init/resin-init-flasher.bbappend b/meta-balena-scarthgap/recipes-support/resin-init/resin-init-flasher.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-init/resin-init-flasher.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-init/resin-init.bbappend b/meta-balena-scarthgap/recipes-support/resin-init/resin-init.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-init/resin-init.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-mounts/resin-mounts.bbappend b/meta-balena-scarthgap/recipes-support/resin-mounts/resin-mounts.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-mounts/resin-mounts.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-scarthgap/recipes-support/resin-state-reset/resin-state-reset.bbappend b/meta-balena-scarthgap/recipes-support/resin-state-reset/resin-state-reset.bbappend new file mode 100644 index 0000000000..8e05debd2a --- /dev/null +++ b/meta-balena-scarthgap/recipes-support/resin-state-reset/resin-state-reset.bbappend @@ -0,0 +1 @@ +S = "${WORKDIR}" diff --git a/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc b/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc index 0d256dc36b..5ce3ef5d52 100644 --- a/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc @@ -2,3 +2,4 @@ PREFERRED_VERSION_tpm2-tss = "3.0.3" PREFERRED_VERSION_libmbim = "1.24.2" PREFERRED_VERSION_libqmi = "1.26.0" PREFERRED_VERSION_modemmanager = "1.14.2" +DISTRO_FEATURES_DEFAULT_remove = "x11" diff --git a/meta-balena-thud/conf/distro/include/sysvinit-compat.inc b/meta-balena-thud/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-balena-thud/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-balena-warrior/conf/distro/include/balena-os-yocto-version.inc b/meta-balena-warrior/conf/distro/include/balena-os-yocto-version.inc index a9046557cc..59d98f188e 100644 --- a/meta-balena-warrior/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-balena-warrior/conf/distro/include/balena-os-yocto-version.inc @@ -2,3 +2,4 @@ PREFERRED_VERSION_tpm2-tss = "3.0.3" PREFERRED_VERSION_libmbim = "1.26.2" PREFERRED_VERSION_libqmi = "1.30.2" PREFERRED_VERSION_modemmanager = "1.18.4" +DISTRO_FEATURES_DEFAULT_remove = "x11" diff --git a/meta-balena-warrior/conf/distro/include/sysvinit-compat.inc b/meta-balena-warrior/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-balena-warrior/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-balena-wrynose/README.md b/meta-balena-wrynose/README.md new file mode 100644 index 0000000000..1689630a04 --- /dev/null +++ b/meta-balena-wrynose/README.md @@ -0,0 +1,11 @@ +# Balena.io layer for Poky Wrynose supported boards + +## Description +This repository enables building balena.io for scarthgap supported machines. + +## Layer dependencies + +This layer depends on: + +* URI: git://git.yoctoproject.org/poky + * branch: wrynose diff --git a/meta-balena-wrynose/classes/kernel-balena-noimage.bbclass b/meta-balena-wrynose/classes/kernel-balena-noimage.bbclass new file mode 100644 index 0000000000..2f76d9d21d --- /dev/null +++ b/meta-balena-wrynose/classes/kernel-balena-noimage.bbclass @@ -0,0 +1,9 @@ +# Don't trigger in the kernel image without initramfs +# Boards should: +# a) use kernel-image-initramfs and deploy in in the rootfs (ex bbb) +# b) use boot deployment using BALENA_BOOT_PARTITION_FILES mechanism to deploy +# the initramfs bundled kernel image +python __anonymous() { + kernel_image_type = d.getVar('KERNEL_IMAGETYPE') + d.appendVar('PACKAGE_EXCLUDE', ' kernel-image-%s-*' % kernel_image_type.lower()) +} diff --git a/meta-balena-wrynose/conf/distro/include/balena-os-yocto-version.inc b/meta-balena-wrynose/conf/distro/include/balena-os-yocto-version.inc new file mode 100644 index 0000000000..4e8e954048 --- /dev/null +++ b/meta-balena-wrynose/conf/distro/include/balena-os-yocto-version.inc @@ -0,0 +1,3 @@ +# required by systemd after scarthgap +DISTRO_FEATURES:append = " usrmerge" +DISTRO_FEATURES_DEFAULTS:remove = "x11" diff --git a/meta-balena-wrynose/conf/distro/include/sysvinit-compat.inc b/meta-balena-wrynose/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..804da4a627 --- /dev/null +++ b/meta-balena-wrynose/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_OPTED_OUT = "sysvinit" diff --git a/meta-balena-wrynose/conf/layer.conf b/meta-balena-wrynose/conf/layer.conf new file mode 100644 index 0000000000..87b56f2d08 --- /dev/null +++ b/meta-balena-wrynose/conf/layer.conf @@ -0,0 +1,11 @@ +BBPATH .= ":${LAYERDIR}" + +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ + ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "balena-wrynose" +BBFILE_PATTERN_balena-wrynose := "^${LAYERDIR}/" +BBFILE_PRIORITY_balena-wrynose = "1337" + +LAYERSERIES_COMPAT_balena-wrynose = "wrynose" + diff --git a/meta-balena-wrynose/recipes-containers/balena/balena_git.bbappend b/meta-balena-wrynose/recipes-containers/balena/balena_git.bbappend new file mode 100644 index 0000000000..36aa89e282 --- /dev/null +++ b/meta-balena-wrynose/recipes-containers/balena/balena_git.bbappend @@ -0,0 +1,6 @@ +# Fixes: QA Issue: File /usr/bin/balena-engine in package balena contains reference to TMPDIR [buildpaths +INSANE_SKIP:${PN} += " buildpaths " +do_compile:prepend() { + export GOFLAGS="-trimpath" +} + diff --git a/meta-balena-wrynose/recipes-containers/mobynit/mobynit_git.bbappend b/meta-balena-wrynose/recipes-containers/mobynit/mobynit_git.bbappend new file mode 100644 index 0000000000..0c28833186 --- /dev/null +++ b/meta-balena-wrynose/recipes-containers/mobynit/mobynit_git.bbappend @@ -0,0 +1,5 @@ +# Fixes ERROR: mobynit-git-r0 do_package_qa: QA Issue: File /boot/init in package mobynit contains reference to TMPDIR [buildpaths] +INSANE_SKIP:${PN} += " buildpaths " +do_compile:prepend() { + export GOFLAGS="-trimpath" +} diff --git a/meta-balena-wrynose/recipes-core/busybox/busybox_%.bbappend b/meta-balena-wrynose/recipes-core/busybox/busybox_%.bbappend new file mode 100644 index 0000000000..6489647d3c --- /dev/null +++ b/meta-balena-wrynose/recipes-core/busybox/busybox_%.bbappend @@ -0,0 +1,2 @@ +ALTERNATIVE:${PN} += "partprobe" +ALTERNATIVE_LINK_NAME[partprobe] = "${sbindir}/partprobe" diff --git a/meta-balena-wrynose/recipes-core/packagegroups/packagegroup-balena-connectivity.bbappend b/meta-balena-wrynose/recipes-core/packagegroups/packagegroup-balena-connectivity.bbappend new file mode 100644 index 0000000000..6bf7a31d2a --- /dev/null +++ b/meta-balena-wrynose/recipes-core/packagegroups/packagegroup-balena-connectivity.bbappend @@ -0,0 +1,19 @@ +CONNECTIVITY_FIRMWARES:append = " \ + linux-firmware-bcm43143 \ + linux-firmware-iwlwifi-135-6 \ + linux-firmware-iwlwifi-3160 \ + linux-firmware-iwlwifi-6000-4 \ + linux-firmware-iwlwifi-6000g2a-6 \ + linux-firmware-iwlwifi-6000g2b-6 \ + linux-firmware-iwlwifi-6050-5 \ + linux-firmware-iwlwifi-7260 \ + linux-firmware-iwlwifi-7265 \ + linux-firmware-iwlwifi-7265d \ + linux-firmware-iwlwifi-8000c \ + linux-firmware-iwlwifi-8265 \ + linux-firmware-iwlwifi-9260 \ + linux-firmware-rtl8188eu \ + linux-firmware-wl12xx \ + linux-firmware-wl18xx \ + wireless-regdb-static \ + " diff --git a/meta-balena-wrynose/recipes-core/plymouth/24.004.60/0001-fix_undefined_reference_when_no_udev.patch b/meta-balena-wrynose/recipes-core/plymouth/24.004.60/0001-fix_undefined_reference_when_no_udev.patch new file mode 100644 index 0000000000..610f1a98d5 --- /dev/null +++ b/meta-balena-wrynose/recipes-core/plymouth/24.004.60/0001-fix_undefined_reference_when_no_udev.patch @@ -0,0 +1,16 @@ +Upstream-Status: Inappropriate [configuration] +Index: plymouth-24.004.60/src/libply-splash-core/ply-device-manager.c +=================================================================== +--- plymouth-24.004.60.orig/src/libply-splash-core/ply-device-manager.c ++++ plymouth-24.004.60/src/libply-splash-core/ply-device-manager.c +@@ -1129,8 +1129,9 @@ create_devices_for_terminal_and_renderer + renderer = NULL; + return true; + } +- ++#ifdef HAVE_UDEV + add_input_devices_to_renderer (manager, renderer); ++#endif + } + } + diff --git a/meta-balena-wrynose/recipes-core/plymouth/plymouth_24.004.60.bbappend b/meta-balena-wrynose/recipes-core/plymouth/plymouth_24.004.60.bbappend new file mode 100644 index 0000000000..59d4accd4e --- /dev/null +++ b/meta-balena-wrynose/recipes-core/plymouth/plymouth_24.004.60.bbappend @@ -0,0 +1,7 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/24.004.60:" + +SRC_URI:append = " file://0001-fix_undefined_reference_when_no_udev.patch" + +PACKAGECONFIG:append = " systemd" + +EXTRA_OEMESON += " -Dlogo='/mnt/boot/splash/balena-logo.png'" diff --git a/meta-balena-wrynose/recipes-devtools/rust/rust-cross_1.62.0.bbappend b/meta-balena-wrynose/recipes-devtools/rust/rust-cross_1.62.0.bbappend new file mode 100644 index 0000000000..f210bfbb3c --- /dev/null +++ b/meta-balena-wrynose/recipes-devtools/rust/rust-cross_1.62.0.bbappend @@ -0,0 +1,18 @@ +# Bridge the PROVIDES so Balena's os-config, healthdog, etc., stay happy. +# We explicitly claim the names they are looking for. +PROVIDES = " \ + virtual/${TARGET_PREFIX}rust \ + virtual/aarch64-poky-linux-rust \ + virtual/aarch64-poky-linux-gnu-rust \ +" + +# Use the GENERIC virtual providers. +# 'virtual/cross-cc' is the internal alias for the C cross-compiler. +# 'virtual/compilerlibs' and 'virtual/libc' are the bare names we verified. +DEPENDS = " \ + virtual/cross-cc \ + virtual/compilerlibs \ + virtual/libc \ + coreutils-native \ +" + diff --git a/meta-resin-pyro/conf/distro/include/balena-os-yocto-version.inc b/meta-resin-pyro/conf/distro/include/balena-os-yocto-version.inc index 82b9ebc9ae..89bc1898db 100644 --- a/meta-resin-pyro/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-resin-pyro/conf/distro/include/balena-os-yocto-version.inc @@ -6,3 +6,4 @@ PREFERRED_VERSION_modemmanager = "1.14.2" PREFERRED_VERSION_tpm2-tss = "3.0.3" PREFERRED_VERSION_tpm2-tools = "5.0" PREFERRED_VERSION_networkmanager = "1.32.12" +DISTRO_FEATURES_DEFAULT_remove = "x11" diff --git a/meta-resin-pyro/conf/distro/include/sysvinit-compat.inc b/meta-resin-pyro/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-resin-pyro/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-resin-rocko/conf/distro/include/balena-os-yocto-version.inc b/meta-resin-rocko/conf/distro/include/balena-os-yocto-version.inc index 19cace5a02..b0679ece82 100644 --- a/meta-resin-rocko/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-resin-rocko/conf/distro/include/balena-os-yocto-version.inc @@ -1,3 +1,4 @@ include conf/distro/include/security_flags.inc PREFERRED_VERSION_tpm2-tss = "3.0.3" +DISTRO_FEATURES_DEFAULT_remove = "x11" diff --git a/meta-resin-rocko/conf/distro/include/sysvinit-compat.inc b/meta-resin-rocko/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-resin-rocko/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" diff --git a/meta-resin-sumo/conf/distro/include/balena-os-yocto-version.inc b/meta-resin-sumo/conf/distro/include/balena-os-yocto-version.inc index 82b9ebc9ae..89bc1898db 100644 --- a/meta-resin-sumo/conf/distro/include/balena-os-yocto-version.inc +++ b/meta-resin-sumo/conf/distro/include/balena-os-yocto-version.inc @@ -6,3 +6,4 @@ PREFERRED_VERSION_modemmanager = "1.14.2" PREFERRED_VERSION_tpm2-tss = "3.0.3" PREFERRED_VERSION_tpm2-tools = "5.0" PREFERRED_VERSION_networkmanager = "1.32.12" +DISTRO_FEATURES_DEFAULT_remove = "x11" diff --git a/meta-resin-sumo/conf/distro/include/sysvinit-compat.inc b/meta-resin-sumo/conf/distro/include/sysvinit-compat.inc new file mode 100644 index 0000000000..56f3a50ea4 --- /dev/null +++ b/meta-resin-sumo/conf/distro/include/sysvinit-compat.inc @@ -0,0 +1 @@ +DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"