When booting with 'console=<empty>' in the kernel command line (as e.g.
U-Boot does with silent flags in effect), opening /dev/console fails.
As per POSIX [0], when iany redirection fails, the shell running exec
shal exit in error. So, when 'console=<empty>' is specified.
/dev/console can't be opened, and the redirection fails, and /init is
killed.
That behaviour was fixed on the kernel side with commit 2bd3a997befc2
(Open /dev/console from rootfs), present since 2.6.34, released in May
2010, so any [dr]ecent kernel will have that fix.
Furthermore, busybox will fix things up anyway (in bb_sanitize_stdio()),
falling back to opening /dev/null if no console is availble. systemd
does a similar thing (in make_console_stdio()), and sysvinit again has
a similar approach (in console_init()).
The archealogy search turned up those relevant commits:
2011-08-04 10a130f91e initramfs/init: make sure that 0, 1, 2 fds are available
introduces the three exec redirections in initramfs
2011-09-06 3fac21ef8d cpio: fix boot with dynamic /dev
introduces the three exec redirections in cpio
2011-09-06 13a3afc536 fs/initramfs: refactor with fs/cpio
dropped the initramfs tweaks to reuse the cpio ones
2012-11-04 e1ebae700a fs/common: Create initial console device
introduces the /dev/console char,5,1 pseudo device creation in
cpio
2018-03-31 dec061adce fs/cpio: don't extend packages' permissions table
switched from the permission-table to a manual mknod to create
/dev/console
The redirections were added before we could guarantee there was a
/dev/console in the rootfs.
We're now guaranteed to have /dev/console in an initramfs, and any recent
kernel will automatically open /dev/console before spawning /init.
The three redirections are useless now, and cause harm under certain
conditions. Drop them.
[0] https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_20_01
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Cc: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr:
- extend commit log with the analysis done with Peter
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 98a6f1fc02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The reason why the external wireguard kernel module is not allowed with
kernel headers >= 5.6 is that wireguard is included in the upstream kernel
since 5.6 rather than some kind of (fixable) incompatibility issue. Adjust
the comment to make that clear.
While we're at it, drop the redundant !5.6 dependency on the kernel headers
dependency comment. If headers are older than 3.10, then they are also
older than 5.6, so the statement is redundant.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 74a865b1fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since wireguard is built into kernels 5.6 and later we can't build
wireguard-linux-compat on them, so we need to depend on
!BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_6.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit da5afc10a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Latest version of Apache introduce a new apxs with a slightly modified
path handling logic. In order to simplify the crosscompilation, the
software removes the common prefix from bin install dir and build
install dir, but for this to work they both should have a common prefix.
So we introduce a new regexp to fix /usr/bin to staging dir, the regexps
are also fixed to replace only the exact path between double quotes, to
avoid replacing the she-bang line.
Fixes:
http://autobuild.buildroot.net/results/c41f31566974209897a3a1ec35afe2536fb248cchttp://autobuild.buildroot.net/results/b93f19976ce96e79ea159c25ed74a7377c78f334
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- add the last few words about the she-bang blurb
- do not use quotes in the existing /sur/bin regexp
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit aa04edab77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-jedi bundles its own copy of typeshed since version 0.14.0 and
7d2b7bb3c1
So add it to the license files (and update indentation of hash file to
two spaces while at it)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ab98c1ffb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Notice: 5.5.x is now EOL, so should be dropped at the next version bump.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: drop 5.5.x / 5.6.x bump]
(cherry picked from commit 72a6e50da9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Several directories and files are currently not installed during the
target installation, these include:
- conf
Several configuration files, including security configuration files which
may be necessary for running various java applications.
- legal
This directory contains legal notices that some java applications may
require, as they may print legal information and will throw exceptions at
runtime if the legal files are not present on the system.
- release
This file contains a list of modules included in the image.
Because these directories take up less than of megabyte extra, it is not an
issue to install all of them.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Tested-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 63b576095b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, Buildroot installs the jre libraries using
cp -dprf /build/linux-*-release/images/jre/lib/* $(TARGET_DIR)/usr/lib/
However, if a system has a merged /usr directory, and there is a built kernel
before installing OpenJDK, the installation fails because jre/lib has binary
modules file, which causes the following error: cp: cannot overwrite directory
'/usr/lib/modules with non-directory
The obvious fix is to install the modules to /usr/lib/jvm/ and set the
appropriate rpaths via the --with-extra-ldflags conf option. However, this fix
does not work because the built binaries themselves do not link against
libjava.so
Indeed, running readelf on the built java binary reports the following:
"(RUNPATH) Library runpath: [/usr/lib/jvm]" and /usr/lib/jvm/libjava.so exists.
However, when running the Java binary on the target, the following error
occurs: "Error: could not find libjava.so."
The following is the result of "strace java" ran on the target:
faccessat(AT_FDCWD, "/usr/lib/libjava.so", F_OK) = -1 ENOENT
faccessat(AT_FDCWD, "/usr/jre/lib/libjava.so", F_OK) = -1 ENOENT
newfstatat(AT_FDCWD, "/usr/lib/libjava.so", 0x7ffe7b4af8, 0) = -1 ENOENT
newfstatat(AT_FDCWD, "/usr/lib/jvm/libjli.so", [sic] AT_SYMLINK_NOFOLLOW) = 0
As seen above, the java binary searches for libjli.so in /usr/lib/jvm,
which demonstrates that the java binary searches for some of the
DT_NEEDED libraries using the correct rpath. But libjava.so is not
searched from the rpath; it is instead dl-opened manually, looked for in
the search paths hardcoded to the following directories:
- /usr/lib/
- /usr/jre/lib/
- $(dirname $0)/../lib/
The reason behind the hardcoded paths given by the maintainers is due to
historical purposes for the need to support several java versions at the
same time on a single system, and that changing the above behavior is not
likely to ever happen.
As such, most distributions such as Redhat do the following:
- Create the directory /usr/lib/jvm/java-$(JAVA_VERSION)/
- Install all directories and files found in images/jre to that directory.
- Symlink the binaries to in /usr/lib/jvm/java-$(JAVA_VERSION)/bin to
/usr/bin.
However, because Buildroot does not need to support multiple versions of java
concurrently, there is no need for the additional java-$(JAVA_VERSION)
directory.
To fix the above issue, the following changes are performed:
- Introduce the variable "OPENJDK_INSTALL_BASE" which points to /usr/lib/jvm
- Set the --with-extra-ldflags conf_opt to
"-Wl,-rpath,$(OPENJDK_INSTALL_BASE)/lib,-rpath,
$(OPENJDK_INSTALL_BASE)/lib/$(OPENJDK_JVM_VARIANT)"
- Run "mkdir -p $(TARGET_DIR)/usr/lib/jvm/" in the INSTALL_TARGET_CMDS step.
- Copy both the lib and bin directories to /usr/lib/jvm/
- Symlink the binaries in /usr/lib/jvm/bin/ to /usr/bin.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12751
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Tested-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr: fix two remaining mis-placed '/']
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3edb915709)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prior to commit 4102db0f7a ("package/libglib2: bump to version 2.60.3")
which converted libglib2 to meson, Buildroot used to set a range of
autoconf options to bypass tests that require running binaries.
The meson version of libglib2's build system has many fewer of these
checks, but there are still some and these can be fed the "correct"
answer by adding properties to cross-compilation.conf.
Add the necessary properties to indicate that we have C99 compliant
print functions to avoid pulling in the gnulib fallback.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4f91198f0d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes CVE-2020-1967:
Server or client applications that call the SSL_check_chain() function during
or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
result of incorrect handling of the "signature_algorithms_cert" TLS extension.
The crash occurs if an invalid or unrecognised signature algorithm is received
from the peer. This could be exploited by a malicious peer in a Denial of
Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this
issue. This issue did not affect OpenSSL versions prior to 1.1.1d.
See https://www.openssl.org/news/secadv/20200421.txt
Also update the hash file to the new two spaces convention
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 849aee4f88)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_SOFT_FLOAT option is lost while loading the defconfig with:
make qemu_ppc_virtex_ml507_defconfig
On powerpc, BR2_POWERPC_SOFT_FLOAT must be used to enable soft
floating point support.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b6245ed49b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_PACKAGE_GLMARK2 is lost while loading the defconfig with:
make engicam_imx6qdl_icore_qt5_defconfig
In order to select gmark2 package, BR2_PACKAGE_GLMARK2_FLAVOR_ANY option
must be set.
Based on the defconfig without X11 and wayland package, the only missing
option to select BR2_PACKAGE_GLMARK2_FLAVOR_ANY is BR2_PACKAGE_HAS_UDEV.
The only possible option is to enable one of the udev provider
(eudev or systemd). Select eudev package for /dev management.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6dd11cefb8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
board/amarula/a64-relic/readme.txt makes use the host fastboot utility
to flash the board. However, BR2_PACKAGE_HOST_ANDROID_TOOLS_FASTBOOT
(which is enabled in the defconfig) has a dependency on
BR2_PACKAGE_HOST_ANDROID_TOOLS, which is not enabled in the
defconfig. Due to this, BR2_PACKAGE_HOST_ANDROID_TOOLS_FASTBOOT=y is
lost when loading the defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Jagan Teki <jagan@amarulasolutions.com>
[Thomas: change to add BR2_PACKAGE_HOST_ANDROID_TOOLS=y]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 016a1d80ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Parallel make used to be broken in exim, as reported in its docs. Now that
line has disappeared from the docs, and parallel make is actually working.
Tested with 'make exim-dirclean ; time make BR2_JLEVEL=999 exim': builds
still succeed and the build time decreases from 34 to 11 seconds on my
host.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 153b78ee26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rhys has asked through private e-mail to be removed:
==
Please can I be removed as the developer, as I’m not longer involved.
Cheers Rhys
==
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 45e8a699a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-std=c++11 is needed to avoid the following build failure with poppler
and gcc 5:
/home/naourr/work/instance-0/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/poppler/cpp/poppler-page.h:40:37: note: C++11 'noexcept' only available with -std=c++11 or -std=gnu++11
/home/naourr/work/instance-0/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/poppler/cpp/poppler-page.h:70:10: error: 'unique_ptr' in namespace 'std' does not name a template type
std::unique_ptr<text_box_data> m_data;
^
Fixes:
- http://autobuild.buildroot.org/results/3428b9017168db9239756dc06cdaa5ae004cab97
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d9a4208f62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to migration to pkg-config in php 7.4, the detection of
library dependencies has been changed.
source from php.net:
--with-gd becomes --enable-gd
--with-png-dir has been removed. libpng is required.
--with-zlib-dir has been removed. zlib is required.
--with-freetype-dir becomes --with-freetype
--with-jpeg-dir becomes --with-jpeg
Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 31c5fd8f4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If tty_handler() resets terminal while pkttyagent is run in background job,
the process gets stopped by SIGTTOU. This impacts systemctl, hence it must
be blocked for a while and then the process gets killed anyway.
Upstream commit: 28e3a6653d8c3777b07e0128a0d97d46e586e311
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0d749be3e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes two small memory leaks.
Upstream commit: 28e3a6653d8c3777b07e0128a0d97d46e586e311
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ba70e29fea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default installed service file is missing a target, which causes preset-all
to not enable the service.
Add the service file to package/polkit with the addition of:
[Install]
WantedBy=multi-user.target
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3f885d9dfe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0001-make-netgroup-support-optional.patch patches configure.ac, but we
don't autoreconf the package, which is not good.
However, simply adding AUTORECONF = YES is not sufficient: polkit
Makefile.am use the automake conditional HAVE_INTROSPECTION, which is
"available" only when the gobject-introspection m4 file is installed.
Since we don't want to make gobject-introspection a mandatory
dependency of polkit, we take a simpler route: add a copy of
introspection.m4 into the polkit source tree. This is only a 142 lines
file, and it can be dropped when
0001-make-netgroup-support-optional.patch is merged upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8edcb84730)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The help text was wrong, as it didn't match the actual default values
we were specifying. Indeed, when we specify:
default 31 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13
default 30 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_3
It means that the policy version 30 is supported starting from Linux
4.3 included, and that 31 is supported from Linux 4.13 included.
So we shouldn't have:
> 4.3 <= 4.13 30
> 4.13 31
but:
>= 4.3 < 4.13 30
>= 4.13 31
This patch fixes that for all versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67d7705a9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
EXT_SUFFIX in Python versions > 3.5 contains a platform tag which only applies
to cpython extensions. Given that ctypes.util.find_library does not work on the
target due to the absence of the underlying tools '.so' needs to be added as a
possible suffix for libraries to enable python-iptables to find the iptables
shared libraries.
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 52276cdda3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
