| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
The package name in the line above was moved from host-python to
host-python3, but the same change in the error message was forgotten.
Fixes: 8d02a8a6e3891da78c8c ("host-python-scons: switch to python3")
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20200517135513.3257-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the keys provided by the currently active key provider via PKCS#11
instead of key files placed in the platform config directory. In order
to make sure the new mechanics are used after a BSP update the rauc.key
file is no longer allowed to exist in the platformconfig directory.
Note: requires genimage v13 or later and ptx-code-signing-dev 0.4 or
later
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-14-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now only kernel and fdt are signed by mkimage. If a ramdisk is
used sign it also.
Unfortunately quotes are not usable in the alternative value of
variable paramater substitution ${parameter:+alt_value}:
https://stackoverflow.com/questions/40995523/bash-variable-expansion-var-in-here-document-removing-double-quotes
Thus use printf as a workaround.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-11-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Having multiple "object=" occurrences in a single PKCS#11 URI does not
work for all cases, at least not for opensc-pkcs11. Thus u-boot's
PKCS#11 handling was patched to avoid overriding the object name when
it is already specified. The patch was sent upstream.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-10-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
It helps debugging failing mkimage calls.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-9-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-8-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Key providers now take care of calling the CA helpers. This makes sure
the CA is already present in pem format. Use that instead of extracting
and converting the certs here again. Thus HOST_EXTRACT_CERT is no longer
a dependency of template-barebox-imx-habv4.
Note: requires ptx-code-signing-dev 0.4 or later
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-7-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
These helpers allow key providers to append certificates to their CA.
'cs_get_ca <role>' then returns the path to the keyring allowing rules
and other helpers to retrieve it easily.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-5-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
srktool's help text states "certificate filenames must be separated by
a ',' with no spaces". Line continuating using "\" with the next line
being indented leads to a space being inserted between the SRK2
certificate and the SRK3 certificate.
srktool does not fail, but ignores everything after the space silently.
Thus only the first two certicates end up in the fuse file and table.
Fix this by specifying all certs on a single line.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-4-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-3-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
| |
These packages don't need chrpath, pkg-config, etc. anyways.
And this way the build fails faster if something is missing.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Improve the error message for the real download.
Stop without error for 'dryrun'. This is used for urlcheck and should not
fail.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
When ptxd_lib_setup_target_wrapper() is used while building toolchains,
then g++ (for the first stage cross-compiler) and gdb are not available.
Also, remove existing files and links when they are not available for the
current toolchain.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
| |
The first-stage cross-compiler during the toolchain build needs this,
because it is build without g++.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it possible to create the icecc environment later during
building. This can be used by toolchain builds to generate the target
environment after building the cross-compiler.
Note: Using echo to set ICECC_VERSION= is ok here. If there is no
environment then ICECC_VERSION points to a non-existing file and icecc will
be disabled later.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
| |
This just moves the code. No functional changes. This makes it possible to
overwrite the wrapper and icecc setup in the BSP if necessary.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of always building the index with the default md5sum, the index
will now be built with sha256, iff the target opkg package is
configured to support sha256.
Also, the ipkg support in ipkg-push has been removed, and it now always
uses the opkg tools instead. The name is kept, since everything else is
still using the 'ipkg' naming scheme though.
Message-Id: <20200417095414.9278-1-sfalsig@veritystudios.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default a lot of gcc switches are stored in DW_AT_producer. This
includes '-fdirectives-only' and other options that are added by icecc. As
a result, the DW_AT_producer is different for locally and remotely compiled
objects. This produces a different build ID.
Add '-gno-record-gcc-switches' to the command-line when icecc is enabled.
In this case, only the compiler version is stored in DW_AT_producer.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
The pattern is only there to parse ptxconfig etc.
Processing it in other files confuses the parser and produces strange
effects, e.g. for the <PKG>_CFGHASH.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
For example make 3.82 from CentOS 7 does not support $(file ..).
Provide a (slower) fallback for those cases.
For some things use ptx/file as fallback. However, this is very slow, so it
cannot be called for every PTXCONF variable. So fallback to the old, less
optimal handling in that case.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Nothing here needs make, so write it directly to the hash list.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The are some subtle issues with the code that are fixed here.
If multiple packages have the same patches, e.g. host and target, then the
patches where added twice. Deduplicate the directories to to avoid
searching twice.
Search with '-L' to follow any symlinks. We want the real content here.
Use the correct way to iterate over the list. Otherwise the order depends
on the awk version.
Don't search the current directory if no patches are found.
Don't sort the config files. The order is stable and sorting may changes
depending on the paths for PTXdist and BSP.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
git-ptx-patches needs the tags to match git commit to sections in the
series file. When rebasing across tags, those tags are lost and
git-ptx-patches does not work correctly any more.
With this change, the commit list for an interactive rebase is filtered
before the editor is opened. 'exec' lines are inserted in the appropriate
places to recreate the tags.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
With the latest changes, some things where added to the hash file twice
when --progress was used. As a result, the hashes where different with and
without --progress.
Introduce a helper variable that determintes if make is called for the
first time and use it everywhere.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new option to generate permission metadata files.
The format of the files is defined by qemu: For each file or directory, an
additional file .virtfs_metadata/<filename> is created. It contains the
real ownership, permissions and information on special files (device nodes,
sockets, fifos).
With this extra data, qemu can use the nfsroot as a 9p filesystem and the
option 'security_model=mapped-file' to provide the correct ownership,
permissions etc. to the guest system.
The NFS server run by 'ptxdist nfsroot' will also use this data. This has
some advantages over the current fakeroot + permission fixup:
- A running fakeroot often gets confused if the underlying files are
changed. As a result, the wrong type or permissions may be used.
Handling everything inside the NFS server avoids this problem.
- The metadata of newly created files are preserved across NFS server
restarts.
- The NFS server starts faster because it is not necessary to change the
permissions of all files first
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
They are the same for all files, so they can be configured once for the
whole package. This avoids reading the PTXCONF_* variables many times and
saves a bit of time during targetinstall.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
evaluate PTXCONF_ variables in make before hashing them.
This way indirect changes are handled as well.
Rearange the rest to keep the hashes unchanged if possible.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
and riscv64
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
This is necessary to change ptxd_get_path() to allow filenames with '\'.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
Otherwise, additional strange errors are printed because ptxdist continues
with invalid values. Or ptxdist might ignore the error. This happend when
'install_glob' tried to install a file with whitespaces before the recent
ptxd_get_path() changes.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It breaks paths with '\', whitespace, etc. bacause the quoting is gone when
'ls' is called.
This means that no globing is expanded for the arguments. That should not
be a problem, because that should happen when ptxd_get_path is called.
Now IFS must be a newline because arguments can contain white-spaces
now. This ensures that the array is setup correctly.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
It enforces a dependency on host-system-python{,3} and chooses the
corresponding Python version when called as 'python'.
This makes it possible to use Python 3 for packages that support it but use
'python' to support both Python versions.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
It can cause strange errors, especially if QUILT_PATCHES is set: it
overwrites the environment variables.
Make sure no quiltrc is used to avoid this.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The behaviour of git-format-patch can be customized through user-defined
variables from the environment or from the user's .gitconfig, like
custom regexes for function context in diff hunk headers, or different
cleanup options. These things can lead to fuzz in generated patches
which cannot easily be reproduced by different users when re-exporting
existing patch stacks.
Create a wrapper to call git in a pristine environment in order to
minimize any differences between user environments, and use it to format
the patch stack.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'have' was deprecated upstream about 8 years ago. [0] Also, since it is
only available inside of /etc/bash_completion [1], using it makes it
harder to (re)load existing completions in a running shell:
$ . ~/.bash_completion.d/ptxdist
bash: have: command not found
Use '_have' instead, which does not have these problems.
[0]: https://github.com/scop/bash-completion/commit/20c05b43b6e44b
[1]: https://github.com/scop/bash-completion/blob/31b5cbc8016b18/bash_completion#L2158
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The prepare or image stages used to have a dependency on the config files
in the past. Changes in the config file are now handled by the pkghash so
the dependency was removed. Howerver, the dependency was often used to
provide an extra features:
Packages provide a target for the config to print a custom error message if
the config file was missing.
Reintroduce the dependency again but only if the the file is missing to
restore this feature.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This can happen if no config file is found, so print a specific error in
this case. There should have been some other bailout before in all other
cases but print a generic error anyways in case some error path was missed.
Without this config file setup fails without error message if no config is
found.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Building a barebox with i.MX HABv4 enabled requires some adjustments to
the rule file and the Kconfig dependencies. Add an extra template for
it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a package which generates a FIT image from the kernel image
and all selected device trees in PTXCONF_DTC_OFTREE_DTS. The image will
be signed if desired.
** Note **
Currently the U-Boot mkimage tool supports PKCS#11, but there is no way
to specify the PIN in an environment variable like it is done in many
other tools. This means you will be prompted for a PIN each time a
signed FIT image is being built.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds additional client specifications for the nfsroot mount.
The default value is the same as it was hardcoded before. This offers to
change this line without maintaining the whole file in a separate BSP.
The client specifications is part of the official export format which is
set right after the directory which is exported, for more information
lookup:
https://linux.die.net/man/8/unfsd
Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|