Port the recipe from the dunfell poky branch. This version contains the latest
vulnerability fixes, including CVE-2022-0778.
https://onedigi.atlassian.net/browse/DEL-7868
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit be046db4faae911b2a858d748551c6c91fc54043)
Signed image support in U-Boot has been split into two separate configurations:
one that adds artifact authentication support and another that signs the U-Boot
binary at the end of the build. Reflect this change in meta-digi.
https://onedigi.atlassian.net/browse/DEL-7862
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In meta-openembedded commit 35d249bb9a575a5a48491052896e121266d515f0,
libconfig, one of swupdate's dependencies, was split into two packages: one for
the C library and another for the C++ one. swupdate depends only on the C
library, but the C++ library was implicitly pulling in other dependencies, such
as libgcc.
After the commit mentioned above, libgcc stopped being pulled into our recovery
image, causing the following error to appear when swupdate terminates:
libgcc_s.so.1 must be installed for pthread_cancel to work
Aborting
Even if the action carried out by swupdate is successful, our recovery script
detects this as an error and aborts the update operation. Avoid this by
explicitly adding libgcc as a runtime dependency for swupdate.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds power safe and reboot safe script for the MCA
and substitute default reboot and poweroff busybox commands.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://onedigi.atlassian.net/browse/DEL-7828
We originally included this recipe to fix some vulnerabilities in the dnsmasq
version used in zeus (v2.80), but the recipe has been updated since then. The
current version used by default in hardknott is v2.85.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Now that the "--platform" parameter is optional, we don't need to hardcode the
platform anymore, so remove the first patch.
In this version, the FDO platform has been renamed to WL, and since the default
PACKAGECONFIG is meant to work with older cog versions, we need to manually
append the "wl" PACKAGECONFIG to build the wayland platform.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is a partial revert of commit 3819ee6672.
NXP simplified the profile script when updating to hardknott-5.10.72-2.2.0, but
since the /run/user/0 directory isn't automatically created in sysvinit
environments, the weston desktop fails to start in these cases. The previous
version of the script automatically creates said directory if it's missing, so
use that version instead.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We already have a copy of NXP's weston.ini, so there's no need to manuallly
append to it in our do_install_append(). Simply add our changes for our custom
desktop background directly in the source file.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In older Yocto versions, weston was launched via a udev rule, but now it gets
launched as part of the "graphical" system target. Since this target isn't
reached automatically on boot, the weston desktop will only appear if you
manually launch said target (or the weston service itself).
To make the desktop launch automatically, change the target to "multi-user",
which is the default target laucnhed on boot.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This makes it possible to distinguish between two different packages:
* NXP's tensorflow-lite, which contains modifications for i.MX platforms
* Our tensorflow-lite, which is meant to be used with Google Coral
Since tensorflow-lite-coral provides a subset of the files provided by
tensorflow-lite (specifically, the python libraries), make the packages
conflict during runtime.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Update a patch so it applies cleanly and remove another one, since it has
already been applied upstream
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This package was originally being added via RDEPENDS, and its removal was
missing when porting the newer file from NXP's meta-imx. Re-incorporate the
removal to avoid including the package in our images, but do so by adding it
to our images' BAD_RECOMMENDATIONS.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Even though our busybox recipe (v1.34.1) is backported from poky's honister
branch, it has many elements in common with the recipe provided from poky's
hardknott branch (v1.33.1). To simplify our backport, re-use poky's busybox
files when possible, replacing them only when strictly necessary.
While at it, remove the busybox-inittab recipe, since there are barely any
differences between the honister and hardknott versions.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This PACKAGECONFIG existed in gatesgarth, but it's included by default in
hardknott and it pulls in libgbm as a dependency. This package isn't available
for i.MX6 platforms, causing the build to fail immediately. Remove this from
the ccimx6 PACKAGECONFIG and leave it how it was on gatesgarth.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
For packages such as weston or opencv, bitbake will sometimes choose the poky
recipes, causing build errors. Explicitly set the NXP version of these packages
as the preferred version by mimicking the layer.conf configuration in the
meta-bsp layer of meta-imx.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We now use the meta-freescale recipe as a base for our .bbappend, so remove
the filter.
This reverts commit 9e68d61f7c465800d62913c044e43c541f2eacd7.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Aside from the file paths changing, there are a few cosmetic differences
between v1.22.14 and v1.30.4 that prevented the patches from applying, so
re-work them.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The common license file GPL-2.0 is now called GPL-2.0-only in poky, so we need
to reflect this name change to avoid errors
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This is a generic package that is currently being used by NXP to load firmware
on the target, so include it in our images as well. Since it only works with
systemd, leave it out of builds that use sysvinit.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
poky now provides glibc v2.33 by default, and there aren't any alternative
versions available, so there's no need for this.
This reverts commit e7921dfd93.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Remove the v3.0.8 version of the recipe to use the v3.0.9 recipe in poky. Also,
adapt our .bbappend since some of its changes are outdated.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Most of the changes are cosmetic (copyright years and whitespace). Update
gstreamer1.0-plugins-good-qt to v1.18.5, remove outdated patch for said package
and sync qtwayland recipe.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We initially backported v4.5.2.imx into gatesgarth, but since that version is
already available in meta-freescale, remove the base recipe and keep only the
.bbappend.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Add custom NXP daemon.conf, new NXP patch and adapt ccimx6ulsbc patch to apply
cleanly over v14.2
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Sync the .bbappend while keeping our ccimx6 patch and remove the 9.0.0.imx
recipe, since it's already available in meta-freescale.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Remove recipes that are available in the community layers, include a new
.bbappend for python3-matplotlib and update the .bbappend for python3-wheel
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This patch was initially needed for a specific version combination of
NetworkManager (>= v1.22) and glib-2.0 (v2.63.3 - v2.64.X), but since the
hardknott branch of poky now provides glib-2.0 v2.66.7, the patch isn't
needed anymore.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We initially added newer versions of the recipes related to WPE Webkit in order
to incorporate performance improvements, but the hardknott branch of
meta-webkit includes even newer versions, so we can remove our recipes.
Reflect this change in our distro config file.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The weston recipe we ported from NXP's meta-imx layer has the same name,
causing warnings to appear when applying our patches. To avoid confusion,
ignore the meta-freescale version of the recipe so that ours is the only
option.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit 9e68d61f7c465800d62913c044e43c541f2eacd7)
Otherwise, the .bbappend applies to all existing weston recipes, and since our
patch is only available in our layer, bitbake will print warnings about the
patch not being found for those other recipes. This is harmless, since DEY
always uses NXP's version of weston, but it can be confusing, so avoid the
warnings altogether.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
(cherry picked from commit d4464a8211bff6b315a8ed5d094b8c25099f4130)
Digi Embedded Yocto 3.2-r2.2
Manually changed recipes to use the master branches instead of the fixed SHA1
from the last release.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
SQUASHFS read-only rootfs cannot be unencrypted on-the-fly
so skip encryption if read-only-rootfs is active.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When TrustFence and a read-only rootfs are enabled, U-Boot must
authenticate the SQUASHFS root file system. Add config switch to force
U-Boot to authenticate this image.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This mode is necessary in the recovery initramfs to be able to properly detect
any external storage device that might contain an update package. The
configuration option associated with this mode became explicit after upgrading
busybox to v1.34.1, so enable it in our defconfig.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The nand devices doesn't need to call the mount_cryptrootfs
script.
Reported-by: Francisco Gil <francisco.gilmartinez@digi.com>
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Some recipes were forcibly removing conflicting packages.
This does not allow to add those packages back for users that
want to use meta-digi layer, but a different distro than 'dey'.
With the 'dey' distro override, such removals are only done
if using this distro.
Reported-by: Michael Burr <michael.burr@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-7712
In the cc6ul we are not powering-off the supply of the XBee.
This is making that after a suspend/resume action the XBee
hangs due to ModemManager hasn't been stopped before the suspend.
Stopping ModemManager before going to suspend solves the issue.
https://onedigi.atlassian.net/browse/DEL-7701
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
Since commit 11558352 ("swu-images: add "installed-directly" flag to
sw-description") the swu package images are streamed into the target without
any temporary copy to support devices with low memory available, that forces a
different order according with the swupdate documentation because scripts
should packed before the rest. This means that all the pre, post and shell
scripts will be executed after the images will be installed. This behavior
breaks the current support to mount the cryptorootfs node before install an
encrypted rootfs.
This commit moves the shell script to mount the cryptorootfs node to the
recovery initramfs and modifies the swupdate command line to call the shell
script before the images installation.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Since we added support for compressing rootfs images, we need to manage SWU
packages with a regular rootfs image and with compressed images. That support
was missing in the identification process when the SWU packet was verified.
This commit fixes the identification of compressed rootfs images.
https://onedigi.atlassian.net/browse/CC8X-320
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Mike Engel
Gabriel Valcazar
Isaac Hermida
Arturo Buzarra
Hector Palacios
Francisco Gil