OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2019-03-27T09:42:52+00:00 2019-03-27T09:42:52+00:00 Vadim Kochan vadim4j@gmail.com 2019-03-01T12:33:42+00:00 urn:sha1:6cfd314ed39e03e10d10b939ea54ecca3ddf9ce6 It is possible to generate one-line config for the package just by normalize it to the form: BR2_PACKAGE_${pkg_replaced-to_and_uppercase} it simplifes a bit of testing package where no additional config options are needed. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit a946813dd581ac2e1aea6745edad2bc7ce44e6aa) Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-03-01T11:37:48+00:00 James Hilliard james.hilliard1@gmail.com 2019-02-24T03:01:36+00:00 urn:sha1:f13b843e710b570f77abd13ea990f61fe2800f52 Some python packages seem to use underscores in inconsistent ways. We can attempt to normalize these by always using dashes for the buildroot name and attempting to autodetect the correct metadata name format. Signed-off-by: James Hilliard <james.hilliard1@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-02-12T20:27:35+00:00 Peter Korsgaard peter@korsgaard.com 2019-02-11T22:22:02+00:00 urn:sha1:a83e30ad63e00d6c81a6409161c2d3010d98d373 For details, see https://github.com/snyk/zip-slip-vulnerability Older python versions do not validate that the extracted files are inside the target directory. Detect and error out on evil paths before extracting .zip / .tar file. Given the scope of this (zip issue was fixed in python 2.7.4, released 2013-04-06, scanpypi is only used by a developer when adding a new python package), the security impact is fairly minimal, but it is good to get it fixed anyway. Reported-by: Bas van Schaik <security-reports@semmle.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-02-06T15:30:39+00:00 Peter Korsgaard peter@korsgaard.com 2019-02-06T15:11:14+00:00 urn:sha1:a11d61e104bb01146b032c461a12a7340e23cae2 Now that Qt4 is removed, these fixups can be removed as well. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> 2019-02-05T19:24:57+00:00 Ricardo Martincoski ricardo.martincoski@gmail.com 2019-01-27T18:59:43+00:00 urn:sha1:b03fa5d96f54847ce338f0a30839d2ad67d2c4da For the general case, appending values to variables is OK and also a good practice, like this: |PACKAGE_VAR = value1 |ifeq ... |PACKAGE_VAR += value2 or this, when the above is not possible: |PACKAGE_VAR = value1 |ifeq ... |PACKAGE_VAR := $(PACKAGE_VAR), value2 But this override is an error: |PACKAGE_VAR = value1 |PACKAGE_VAR = value2 as well this one: |ifeq ... |PACKAGE_VAR += value1 |endif |PACKAGE_VAR = value2 And this override is error-prone: |PACKAGE_VAR = value1 |ifeq ... |PACKAGE_VAR = value2 Create a check function to warn about overridden variables. Some variables are likely to have a default value that gets overridden in a conditional, so ignore them. The name of such variables end in _ARCH, _CPU, _SITE, _SOURCE or _VERSION. After ignoring these variable names, there are a few exceptions to this rule in the tree. For them use the comment that disables the check. Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com> Cc: Simon Dawson <spdawson@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: Titouan Christophe <titouan.christophe@railnova.eu> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-01-29T15:38:41+00:00 Ricardo Martincoski ricardo.martincoski@gmail.com 2019-01-27T18:59:42+00:00 urn:sha1:fe7a5d7120a50866315c6b02ce07ad10d32dcc8c Currently check-package only knows about ifeq/ifneq. Add code to handle ifdef/ifndef as well. Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-01-29T15:37:47+00:00 Ricardo Martincoski ricardo.martincoski@gmail.com 2019-01-27T18:59:41+00:00 urn:sha1:4a6c5ab2c31f732802a7ac643ca6335821d6d38f Currently any exceptions for a check function need to be coded into the check-package script itself. Create a pattern that can be used in a comment to make check-package ignore one or more warning types in the line immediately below: # check-package Indent, VariableWithBraces Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-01-16T22:14:25+00:00 Ricardo Martincoski ricardo.martincoski@gmail.com 2018-08-11T03:48:27+00:00 urn:sha1:02b165dc71fa1aafe04ba0c69281d3ae4c0c974b This script currently uses "/usr/bin/env python" as shebang but it does not really support Python3. Instead of limiting the script to Python2, fix it to support both versions. So change all imports to absolute imports because Python3 follows PEP328 and dropped implicit relative imports. In order to avoid errors when decoding files with the default 'utf-8' codec, use errors="surrogateescape" when opening files, the docs for open() states: "This is useful for processing files in an unknown encoding.". This argument is not compatible with Python2 open() so import 'six' to use it only when running in Python3. As a consequence the file handler becomes explicit, so use it to close() the file after it got processed. This "surrogateescape" is a simple alternative to the complete solution of opening files with "rb" and changing all functions in the lib*.py files to use bytes objects instead of strings. The only case we can have non-ascii/non-utf-8 files being checked by the script are for patch files when the upstream file to be patched is not ascii or utf-8. There is currently one case in the tree: package/urg/0002-urg-gcc6-fix-narrowing-conversion.patch. Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com> Cc: Arnout Vandecappelle <arnout@mind.be> Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Tested-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-01-04T12:23:41+00:00 Peter Korsgaard peter@korsgaard.com 2019-01-03T10:56:56+00:00 urn:sha1:45aabcddc5668b926078d43decc5fc5e59d43788 Commit 62d5558f76a (utils/get-developers: make it callable from elsewhere than the toplevel directory) tried to fix this by passing in the toplevel directory when the DEVELOPERS file is parsed. Unfortunately this is not enough, as E.G. also the paths listed in the patches are relative to the toplevel directory, causing it to not match the entries in the DEVELOPERS file. In concept this can be fixed by also passing the toplevel directory to the Developers class, but the simplest solution is just to chdir to the toplevel Buildroot directory before calling any of the getdeveloperlib functions. This does require us to finish parsing command line arguments (which opens the provided patch files) to not get into trouble with relative paths to patches before chdir'ing / initializing getdeveloperlib. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-01-04T12:23:33+00:00 Peter Korsgaard peter@korsgaard.com 2019-01-03T10:56:55+00:00 urn:sha1:74fbc205048f949477dfb85d24e9c8a3a8390be2 This reverts commit 62d5558f76a790d1c1b3a1834f1736dc86b6e34f. This actually does not work, as patches contain paths relative to the toplevel directory as well. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>