| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Backport patch to fix CVE-2025-24976.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Use dup3 instead for riscv64 as there is no dup2 on riscv64 linux
to fix the below build failure:
vendor/github.com/bugsnag/panicwrap/dup2.go:10:9: undefined: syscall.Dup2
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Revert [1] to enable support for riscv64.
[1] https://git.yoctoproject.org/meta-virtualization/commit/?id=3626f2c9ccd56c6a3ee51304a7da7aafb395a588
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping distribution to version v2.8.3-2-gd607c6cc, which comprises the following commits:
6b9f48f3 docs: remove blank line
a4fa6992 Add v2.8.3 release notes
5e6b1b5c Do not close HTTP request body in HTTP handler
29b00e8b digestset: deprecate package in favor of go-digest/digestset
d1ab2430 [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0
3dda0677 deprecate reference package, migrate to github.com/distribution/reference
3c6f7788 update to go1.20.8
31f5cd48 Handle rand deprecations in go 1.20
29b8ba0b Update to go 1.20
3316b198 Update to golang 1.19.10
444d053e update golangci-lint to v1.52
b800af44 ignore SA1019: ac.(*accessController).rootCerts.Subjects has been deprecated
0a98a00d Ignore SA1019: SplitHostname is deprecated.
2ec0471b Dont parse errors as JSON unless Content-Type is set to JSON
cb121c3f Set Content-Type header in registry client ReadFrom
b57133cc referene: fix formatting of "deprecated" comment.
2c4bf1a6 replace deprecated function
110cb753 Enable build tags in 2.8
2d62a402 s3: add interface assertion
2548973b Enable Go build tags
ab7178cc Pass BUILDTAGS argument to go build
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
bitbake has been enhanced such that SRCPV is no longer needed in
PV to handle updating git hashes and task signatures.
We can simplify our PV by dropping SRCPV
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping docker-distribution to version v2.8.2-2-g8728c52e, which comprises the following commits:
ab7178cc Pass BUILDTAGS argument to go build
a173a9c6 Add v2.8.2 release notes
483ad69d registry/errors: Parse http forbidden as denied
2b0f84df Revert "registry/client: set Accept: identity header when getting layers"
5f3ca1b2 Add release notes for 2.8.2-beta.2 release
e884644f Dockerfile: fix filenames of artifacts
ac6c72b2 Add 2.8.2-beta.1 release notes
ae58bde9 Fix gofmt warnings
3f2a4e24 update to go1.19.9
9c04409f [release/2.8] ignore deprecation of io/ioutil
3d8f3cc4 Dockerfile: update xx to v1.2.1
70db3a46 bump up golang version
db1389e0 dockerfiles: formatting
018472de dockerfiles: set ALPINE_VERSION
19b3feb5 Update to xx 1.1.1
14bd72bc Dockerfile: switch to xx
2392893b bump up golang v1.17
092a2197 [release/2.8] fix package name in Dockerfile
22a80503 fix(ci): use go install instead of go get
1d52366d Merge pull request #2815 from bainsy88/issue_2814
521ea3d9 Fix runaway allocation on /v2/_catalog
ad5991de Fix panic in inmemory driver
38018aeb Fix CVE-2022-28391 by bumping alpine from 3.15 to 3.16
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the insane.bbclass upstream-status check hasn't been made
default, users of meta-virtualization may have it enabled in their
distros .. so the effect is the same. We must have this tracking
tag in out patches.
This is a bulk update to add the tag and silence the QA message.
As packages get updated, the normal/routine process of checking
the patches will continue, and the status fields may (or may not)
get more useful.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently docker-distribution has a do_compile error for riscv64.
The problem could be reproduced by:
MACHINE=qemuriscv64 bitbake docker-distribution
So explicitly set COMPATIBLE_HOST here to avoid it building for
riscv64. When someone interested in using this recipe for riscv64
fixes the compile issue, this setting could be removed.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bumping docker-distribution to version v2.8.1-2-gdc5b207f, which comprises the following commits:
38018aeb Fix CVE-2022-28391 by bumping alpine from 3.15 to 3.16
96cc1fdb FIx typo
e744906f Update 2.8.1. release notes
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
v2.8.1 is the latest stable version.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix settings for GOROOT, CGO_CFLAGS and CGO_LDFLAGS.
The previous setting for GOROOT is no longer valid as the directory
does not exist for now. So adjust the GOROOT setting.
Currently CGO_CFLAGS is set to use BUILDSDK_CFLAGS, and this is
incorrect. We need target flags instead of SDK related flags. Such
setting happens to work for some hosts. However, when building on
newer hosts, we get QA error like below:
ERROR: docker-distribution-v2.7.1-r0 do_package_qa:
QA Issue: /usr/sbin/registry contained in package docker-registry requires
libc.so.6(GLIBC_2.34)(64bit), but no providers found in RDEPENDS_docker-registry? [file-rdeps]
The above error was found on hardknott on host Fedora 35.
Tracking down the error and I found it's using host stuff which is likely
to be caused by using incorrect CGO_CFLAGS. As the master branch is
using the same settings, it has the same issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order for systemd variables such as SYSTEMD_AUTO_ENABLE to have
effect, we need to inherit the systemd class. We also need to specify
the package which contains the service.
As go.bbclass already inherits goarch.bbclass, we only need to inehrit
go.bbclass.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bumping docker-distribution to version v2.7.1-42-g3b7b5345, which comprises the following commits:
97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
10ade61d manifest: validate document type before unmarshal
c5679da3 [release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bumping docker-distribution to version v2.7.1-38-gf7365390, which comprises the following commits:
97f6dace [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
9a3ff113 fix go check issues
19b573a6 Change should to must in v2 spec
d836b23f [release/2.7] update to go1.16
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Not much of an update, but we pickup the latest compatibility
restrictions:
Bumping docker-distribution to version v2.7.1-32-g61e7e208, which comprises the following commits:
d836b23f [release/2.7] update to go1.16
cc341b01 Added flag for user configurable cipher suites
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the latest go version bump in oe-core export GO111MODULE is
on by default. Our build is not setup to use go modules, so we
disable it and avoid configuration errors:
no required module provides package ... : working directory is not part of a module
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrating the following 2.7 release commits:
cf8615de Remove empty Content-Type header
48eeac88 docs: add redirect for old URL
e2f006ac S3 Driver: added comment for missing KeyCount workaround
0a1e4a57 Fix s3 driver for supporting ceph radosgw
afa91463 Bugfix: Make ipfilteredby not required
fad36ed1 Add reference.ParseDockerRef utility function
f999f540 Fixing broken table
c636ed78 Fix cloudfront documentation formatting
5883e2d9 Fix vndr and check
a3c027e6 Adding deprecated schema instructions
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With oe-core commit c23f9e80492e4b [tcmode-default: use
go-binary-native by default], we must explictly call the proper
cross go binary, versus just the go-native variant.
These builds were working by luck, since the go compiler was capable
of building the target binaries previously (in its build-from-source
creation). We fixup the calls and we no longer see fpu build issues:
fatal error: gnu/stubs-soft.h: No such file or directory
7 | # include <gnu/stubs-soft.h>
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
after commit https://git.openembedded.org/openembedded-core/
commit/meta/classes/ptest.bbclass?id=b47194b57d94260b4e6438c5bf74914027f0b520
package ${PN}-ptest will depend on ${PN} by default,
but for docker-distribution, ${PN} is empty package, remove it from dependency
to avoid image do rootfs failure since nothing provides error.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: ELF binary
'work/aarch64-poky-linux/docker-distribution/v2.6.2-r0/packages-split/
docker-registry/usr/sbin/registry' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker-distribution = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker-distribution = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when bitbake lib32-docker-distribution, we might met below
warning:
lib32-docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: No GNU_HASH
in the elf binary: 'work/core2-32-wrsmllib32-linux/lib32-docker-distribution
/v2.6.2-r0/packages-split/lib32-docker-registry/usr/sbin/registry' [ldflags]
which caused by "INSANE_SKIP_docker-registry += "ldflags already-stripped"
don't cover case for multilib, so add multilib prefix MLPREFIX
to fix it.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
We want to build in ${S}, so we now require an explicit cd ${S}
to avoid landing in the build directory.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-11468 is fixed in this release.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-11468
Release note:
https://github.com/docker/distribution/releases/tag/v2.6.2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Continue work to use go infra in oe-core instead of the support for go
previously found in meta-virt. This is a 1:1 drop in replacement and
removes one more go piece from meta-virt in favor of the common
support found in oe-core.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Rather than expliciting depending on go-cross-${TARGET_ARCH}, we
can now simply inherit the oe-core go bbclass. This gets us the
correct go dependencies and other variables properly set.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
Follow the bouncing docker-registry package. Rather than use the docker hub
registry container, we can have finer grained control if we clone and build
the docker-distribution repository directly.
Since this is distinct from the main docker package/codebase, we break the
registry back out into its own package.
We also create a baseline configuration and .service file that can be the
basis for more complex implementations.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
