Adds documentation about adding a patch that address a vulnerability.
The patch-policy file now explain mention that patches that address a
vulnerability needs to include a `CVE:` trailer with the reference of
that vulnerability.
Until now only adding the reference to the `_IGNORE_CVES` variable was
necessary, so the documentation of this entry is modified as well to
point to the patch policy.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1167d0ff3d225ca9ce2b6299da28a9307d370142)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This patch adds information on how to generate a CycloneDX SBOM in
Buildroot. It also mentions how to track CVEs with that given SBOM.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Peter: reword slightly]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e09bf9e951)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Some links are still pointing to git.buildroot.org, which is the old URL
for the official Buildroot git repository. The repository is now hosted
at gitlab.com. Update those old links accordingly.
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3ae80441ed)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
When searching for the official git repository in the documentation,
readers are forwarded to the buildroot website Download page with a link
pointing to buildroot.org/download, which returns a 404.
Fix the dead link by adding the missing .html suffix.
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 8845586fc6)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Currently, the manual doesn't mention the checkpackageignore file at
all, leaving the user under the assumption that running "make
check-package" and running utils/check-package directly on the package
they have touched would be equivalent, when the former evaluates the
checkpackageignore file while the latter does not. This could cause them
to forget to remove stale entries from that file.
Point out this difference in behavior.
Signed-off-by: Florian Larysch <fl@n621.de>
[Arnout: add that stale lines should be removed from
.checkpackageignore]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 47181a164c)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
The company name was changed from "benetti-engineering-sas" to "benetti-engineering"
to be agnostic to the company legal form. Update all GitHub and LinkedIn links
accordingly.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c38ea1d496)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
It allows to download files from smb share in buildroot packages.
Usage is specified in manual.
Signed-off-by: Guillaume Chaye <guillaume.chaye@zeetim.com>
[Peter: reword documentation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e240b889f1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Buildroot packaging pretty much assumes that the sources it downloads
are publicly available. In general, however, Buildroot is also used to
download sources from private repositories. Nowadays, that mostly means
from a github or gitlab instance.
Although git-over-ssh can be used for that, this poses a problem for CI,
because the CI runners integrated with github and gitlab only have
access to the repository itself, not to other private repositories. And
creating ssh key pairs for CI runners is tricky.
Therefore, document how standard tools can be used to make private
repositories available both to developers and to CI. There are quite a
few alternative approaches possible, but they're more complicated or
less generically applicable.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
[Peter: Fix insteadOf example, capitalize SSH/HTTPS]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1026abbcf9)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
PYTHON_FOO_BUILD_OPTS are passed to the build module call of the package
build, this allows passing options to the python build *backend* by
using the --config-setting= option. setup.py is no longer involved since
even the setuptools backend now used the pep517 build method.
The note about the options being passed to
support/scripts/pyinstaller.py seems to be no longer accurate.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Arnout: also mention -C (suggested by James)]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit b15cd1d8fe)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
A basic Fedora 42 container does not have 'awk' installed, but it is
needed by Buildroot. First by check-host-python3.sh:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
but then even building host-expat assumes awk is available:
config.status: creating Makefile
./config.status: line 1404: awk: command not found
config.status: creating expat.pc
./config.status: line 1404: awk: command not found
Since it's a pretty basic tool, make it part of the tools checked by
dependencies.sh. One minor annoyance is that check-host-python3.sh is
executed *before* dependencies.sh does its thing, so when 'awk' is not
available, we end up seeing:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
which: no awk in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
You must install 'awk' on your build machine
make: *** [support/dependencies/dependencies.mk:27: dependencies] Error 1
It would be nice to have the awk check *before* it gets used in
check-host-python3.sh, but that's a topic for another patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 448ceefa78)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The manual states that FOO_DL_OPTS are valid for all the different
download backends, but that is not the case: at least the git backend
does not use them (it does not fail, it just ignores them).
Accept FOO_DL_OPTS in the git backend, and pass them to 'git fetch'.
There is no way that we can pass such options to submodules or lfs,
though.
Update the manual accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1012b363a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Add the LTS sponsors who engaged already for 2025: EVS, Open Home
Foundation, and Sense Labs. There is one more sponsor but they prefer to
remain anonymous.
For Open Home Foundation, we can reuse the existing logo. For the other
two, add their logo.
Add a new class panel-lts-sponsor for sizing the panels. It is different
from panel-sponsor because there doesn't need to be space for an
explanation of what type of sponsorship is done, we just need to have
space for the company name. So the minimum height is 200px instead of
350px.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit b111e07fd5)
The Open Home Foundation logo is in a white area that is too large for
how we display it on the sponsors page. As a result, it ends up at the
bottom of the logo area and it looks very unbalanced.
Crop the logo to a tigher area. Since it is going to end up being
scaled, it's difficult to predict what the best size it is, but cropping
at a height of 300 pixels gives a visually pleasing layout at at least
some resolutions.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e287bc7f44)
We moved the issue tracking to gitlab some time ago. Adjust the bug tracker
references in news.html to point to there instead of bugzilla for clarity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, only the -static extldflags may be set in the
golang-package infra. However, in some cases, it might be necessary to
pass other flags, either because they are needed on a specific
architecture, or a specific C library; packages may also have a need
to pass arbitrary linker flags when they use CGO linking.
For example, on AArch64, go forcibly uses ld.gold, but it is not
available in all toolchains, and ld.bfd works nowadays (following
patch); another case is musl, where PIE is not supported with go.
Introduce FOO_EXTLDFLAGS, which we use to set those flags, and that
packages can set to pass such flags.
Migrate the current setting of -static to use that new variable.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Tested-by: Nathaniel Roach <nroach44@nroach44.id.au>
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Reviewed-by: Yann E. MORIN <yann.morin@orange.com>
Reviewed-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Updating directly to 4.x is too difficult and complex, as mender 4.x is
a complete rewrite in C++, with several new dependencies and changes.
As such, update to the last version that was written in Go, which is
3.5.3. The following changes are necessary:
The artifact_info file is no longer supported. Instead, mender now expects a
bootstrap.mender artifact created by mender-artifact /var/lib/mender.
See the following for more information:
https://northerntech.atlassian.net/browse/MEN-2585https://northerntech.atlassian.net/browse/MEN-2583https://docs.mender.io/release-information/release-notes-changelog/mender-client#mender-3-5-0-1https://github.com/mendersoftware/mender/blob/3.5.3/Documentation/automatic-bootstrap-artifact.md
- Remove all instances of creating or copying an artifact_info file
from board examples and package/mender.
- Add a generate_mender_bootstrap_artifact method to
board/mender/x86_64/post-image-efi.sh which creates a proper
bootstrap.mender file and places it in the data partition.
- Add a post-build.sh script to support/testing/tests/package/test_mender
with the same generate_mender_bootstrap_artifact method with one change:
As the rootfs.ext4 file is not yet created; we omit the optional
--provides "rootfs-image.checksum:${img_checksum}" argument when
generating the bootstrap.mender file.
Mender expects the device_type file to exist in /var/lib/mender/device_type.
This is further supported by the following line in tests/Dockerfile.daemon:
`echo device_type=docker-client > /var/lib/mender/device_type`
Add a migration section in docs/manual/migrating.adoc
Update the package/mender/readme.txt to include a quick mention of the
bootstrap.mender artifact change.
License changes:
New:
vendor/github.com/klauspost/compress/internal/snapref/LICENSE (BSD-3-Clause)
vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt (MIT)
Removed:
vendor/github.com/klauspost/compress/internal/snapref/LICENSE
vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt
Modified:
LICENSE: Update year from 2022 to 2024
LIC_FILES_CHKSUM.sha256: Sum of all Licenses changed
vendor/github.com/mendersoftware/mender-artifact/LICENSE
- Update year from 2022 to 2023
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[Arnout:
- fix LIC_FILES_CHKSUM.sha256 hash
- Better URL for bootstrap artifact doc
- Migrate to 2025.02 instead of 2024.11
- Improve migrating text (editorial changes)
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The Open Home Foundation generously sponsored the Buildroot project
end of 2024, credit them.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As we have many python packages using the poetry(poetry-core) build
system we should add a setup type for it so that we don't have to
manually specify the host-python-poetry-core dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Call out the requirements to run check-package and mention that Docker
can be used to run check-package without installing dependencies.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Move Logilin to past sponsors, update details about Smile sponsoring
and Armadeus sponsoring, and likewise for a number of past sponsors.
The text about Smile as a past sponsor is reworded/reduced so that it
stills fits in the size of the block in a reasonable way.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As we have many python packages using the hatch(hatchling) build
system we should add a setup type for it so that we don't have to
manually specify the host-python-hatchling dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Doctoring a defconfig is tedious, and it is not easy to update a
defconfig, as it requires manual copy-pasting, adding comments and so
on...
Instead, just require defconfigs to be generated with 'savedefconfig'.
Any details can/must be provided in the commit log.
Reported-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
