From patchwork Wed Jun 17 12:43:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 90381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90F9ECD98F0 for ; Wed, 17 Jun 2026 12:43:43 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.14665.1781700221411505930 for ; Wed, 17 Jun 2026 05:43:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@arm.com header.s=foss header.b=pNoGrya7; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F23274794 for ; Wed, 17 Jun 2026 05:43:35 -0700 (PDT) Received: from cesw-amp-gbt-1s-m12830-04.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 478E43F905 for ; Wed, 17 Jun 2026 05:43:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1781700220; bh=JqedAcuI270Rh9wsVhso+HeasH1vRRJtyAHRGka1AVg=; h=From:To:Subject:Date:From; b=pNoGrya7hs86LbPcwB7eh4sA9zGZXkCIQGdzKkof5sTGd01eko069yJiMsx2q2OS4 E7M0OP09xQQ9hTwMitGUrfvR1NOdObptSQyYEfzrRa5H89PDQn0W3vcOyiGmdHxqtb bKSOUNymUACwOhj7jBYsWY09udfn5JcyEppcpGfk= From: Ross Burton To: meta-arm@lists.yoctoproject.org Subject: [PATCH 1/4] CI: remove cve.yml and NVDCVE_API_KEY Date: Wed, 17 Jun 2026 13:43:30 +0100 Message-ID: <20260617124333.437665-1-ross.burton@arm.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 12:43:43 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/7082 This yml fragment wasn't actually used by our CI, and the cve-check class no longer exists. Signed-off-by: Ross Burton --- .gitlab-ci.yml | 2 -- ci/cve.yml | 20 -------------------- 2 files changed, 22 deletions(-) delete mode 100644 ci/cve.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c5bb96c997..577935366e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,8 +15,6 @@ variables: MIRROR_GHCR: ghcr.io # The list of extra Kas fragments to be used when building EXTRA_KAS_FILES: "" - # The NVD API key to use when fetching CVEs - NVDCVE_API_KEY: "" stages: - prep diff --git a/ci/cve.yml b/ci/cve.yml deleted file mode 100644 index 5ac2e41241..0000000000 --- a/ci/cve.yml +++ /dev/null @@ -1,20 +0,0 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json - -header: - version: 14 - -local_conf_header: - cve: | - INHERIT += "cve-check" - - # Allow the runner environment to provide an API key - NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}" - - # Just show the warnings for our layers - CVE_CHECK_SHOW_WARNINGS = "0" - CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1" - CVE_CHECK_SHOW_WARNINGS:layer-meta-arm = "1" - CVE_CHECK_SHOW_WARNINGS:layer-meta-arm-bsp = "1" - - # Ignore the kernel, we sometime carry kernels in meta-arm - CVE_CHECK_SHOW_WARNINGS:pn-linux-yocto = "0" From patchwork Wed Jun 17 12:43:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 90382 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C97E0CD98F1 for ; Wed, 17 Jun 2026 12:43:43 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.14666.1781700221792612302 for ; Wed, 17 Jun 2026 05:43:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@arm.com header.s=foss header.b=El1cepDc; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AFF1B4800 for ; Wed, 17 Jun 2026 05:43:36 -0700 (PDT) Received: from cesw-amp-gbt-1s-m12830-04.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id EF6143F905 for ; Wed, 17 Jun 2026 05:43:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1781700221; bh=NGrY4FoWBisjKaIfUg4bRTnT0fnBikn5GH9ruEQjU0o=; h=From:To:Subject:Date:In-Reply-To:References:From; b=El1cepDcg1BkkyKrLockjS8YJLLAuwL0A9CyXKG6fcUU1575/hblepABLYUIOxsKw kW3H277RzTzom2Lc/TQYCjSQig+Q7h0IT41HUlLtggLYDYpn6r8Rn9MGI+wKIGPGAf sjZdMqys21uL0b8Vq9Ya/kviop1Yf0VQ+67AFlf8= From: Ross Burton To: meta-arm@lists.yoctoproject.org Subject: [PATCH 2/4] CI: default CACHE_DIR to CI_PROJECT_DIR Date: Wed, 17 Jun 2026 13:43:31 +0100 Message-ID: <20260617124333.437665-2-ross.burton@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617124333.437665-1-ross.burton@arm.com> References: <20260617124333.437665-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 12:43:43 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/7081 Set the default cache directory to be the build tree so we don't assume anything about the runner environment by default. After this change, runners that don't set CACHE_DIR will need to set it explicltly in their variables. Signed-off-by: Ross Burton --- .gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 577935366e..5861dcf408 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,8 +9,10 @@ variables: CPU_REQUEST: "" # The default machine tag for the build jobs DEFAULT_TAG: "" - # The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc) - CACHE_DIR: $CI_BUILDS_DIR/persist + # The directory to use as the persistent cache (the root for DL_DIR, + # SSTATE_DIR, etc). The default is the build tree which will not be + # persistent, so this should be set in the runner. + CACHE_DIR: $CI_PROJECT_DIR # The container mirror to use MIRROR_GHCR: ghcr.io # The list of extra Kas fragments to be used when building From patchwork Wed Jun 17 12:43:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 90380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DD5DCD98E4 for ; Wed, 17 Jun 2026 12:43:43 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14466.1781700222515999647 for ; Wed, 17 Jun 2026 05:43:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@arm.com header.s=foss header.b=Tu4fdOKm; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 665704794 for ; Wed, 17 Jun 2026 05:43:37 -0700 (PDT) Received: from cesw-amp-gbt-1s-m12830-04.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id A95643F905 for ; Wed, 17 Jun 2026 05:43:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1781700222; bh=nBhjUZc0Uy2YbmzwMffGQndp9dnnjQpThLgAeR/Rmys=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Tu4fdOKmUPihk1ozGLF5N4A6zQ1Gv7c7pCwfwdJXY8lK3sIo6NGOEiVzLbNukeHdn /DLmRObJjfEO2PZQXy6dYJoPjNs9Je4/IA4JGHxmzgU6nkrPAdcJf91cO5RfbLWqRs ystuHKijF6xza3JcduH8ImAM84Oqa9z7C5NKsDK4= From: Ross Burton To: meta-arm@lists.yoctoproject.org Subject: [PATCH 3/4] CI: use a single multiline script statement in .build Date: Wed, 17 Jun 2026 13:43:32 +0100 Message-ID: <20260617124333.437665-3-ross.burton@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617124333.437665-1-ross.burton@arm.com> References: <20260617124333.437665-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 12:43:43 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/7083 No change to the script, just formatting. Signed-off-by: Ross Burton --- .gitlab-ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5861dcf408..b285698f47 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -61,13 +61,13 @@ stages: # Catch all for everything else - if: '$KERNEL != "linux-yocto-dev"' script: - - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml - - echo KASFILES=$KASFILES - - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES - - kas build $KASFILES - - ./ci/check-warnings $KAS_BUILD_DIR/warnings.log - - kas shell ci/base.yml:lockfile.yml --command "$CI_PROJECT_DIR/ci/junit.sh $KAS_WORK_DIR/build" - + - | + KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml + echo KASFILES=$KASFILES + kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES + kas build $KASFILES + ./ci/check-warnings $KAS_BUILD_DIR/warnings.log + kas shell ci/base.yml:lockfile.yml --command "$CI_PROJECT_DIR/ci/junit.sh $KAS_WORK_DIR/build" artifacts: name: "logs" when: on_failure From patchwork Wed Jun 17 12:43:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 90383 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DD7DCD98F5 for ; Wed, 17 Jun 2026 12:43:44 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14467.1781700223362152193 for ; Wed, 17 Jun 2026 05:43:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@arm.com header.s=foss header.b=VX8hRehI; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 259CD4794 for ; Wed, 17 Jun 2026 05:43:38 -0700 (PDT) Received: from cesw-amp-gbt-1s-m12830-04.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 65BFE3F905 for ; Wed, 17 Jun 2026 05:43:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1781700222; bh=d21WMFqKwZsoxo5fIIwe+wA3pvTEwGGOLFy4BKcboLU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=VX8hRehIF1jCAnCHyXLL06fan432F7Bt2aFoMiQ62lhrkKNvOzIhQ4zF6vYCk9Z8r Tq4rJ9qVlbXa+TTx3L9HXKnS0QbftkiRCx2XyjkcJhKEimSqaYRgLQae8ORdEjjXuc mIENu9Ae21vVtJWQPFFyDb6B7eJyNcGINUppqxWE= From: Ross Burton To: meta-arm@lists.yoctoproject.org Subject: [PATCH 4/4] CI: add option to control whether warnings should be fatal or not Date: Wed, 17 Jun 2026 13:43:33 +0100 Message-ID: <20260617124333.437665-4-ross.burton@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617124333.437665-1-ross.burton@arm.com> References: <20260617124333.437665-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 12:43:44 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/7084 Warnings being always fatal is quite anti-social because sometimes there are temporary warnings that we don't want to break the CI. Signed-off-by: Ross Burton --- .gitlab-ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b285698f47..5059699ee5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,6 +17,8 @@ variables: MIRROR_GHCR: ghcr.io # The list of extra Kas fragments to be used when building EXTRA_KAS_FILES: "" + # Whether warnings should be fatal (0/1) + FATAL_WARNINGS: 0 stages: - prep @@ -66,7 +68,9 @@ stages: echo KASFILES=$KASFILES kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES kas build $KASFILES - ./ci/check-warnings $KAS_BUILD_DIR/warnings.log + if [ $FATAL_WARNINGS -ne 0 ]; then + ./ci/check-warnings $KAS_BUILD_DIR/warnings.log + fi kas shell ci/base.yml:lockfile.yml --command "$CI_PROJECT_DIR/ci/junit.sh $KAS_WORK_DIR/build" artifacts: name: "logs"